Here's the response I got from Sygate support about the loopback.

Discussion in 'other firewalls' started by notageek, Oct 30, 2003.

Thread Status:
Not open for further replies.
  1. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I thought this needed it's own post rather than using another post that's already been opened aboput sygate. I sent an email about the loopback problem to Sygate support and ask if they was going to fix the problem. Here's the response they gave me. Take it for what it's worth. ;)

    Dear Customer,

    This issue has been filled and is currently being reviewed. They are
    addressing this issue but there is not a definite date for a release
    that this issue will be fixed. However I can assure that it is being
    reviewed and not ignored. Thank you.


    Edit: took off the must read. :)
     
  2. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Re:Here's the response I got from Sygate support about the loopback. Must read.

    What's so interesting that makes this a "must read" ? Anyone could have predicted this response, no offence intended.
     
  3. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Re:Here's the response I got from Sygate support about the loopback. Must read.

    Sorry let me put it another way. Must read if you care about this problem. You said "Anyone could have predicted this response" but as I seen it this question has been askked all over and no one I mean no one predicted anything. This question was asked at the Sygate forum and there was no predicted answer. If anyone could of predicted this answer than why didn't some just predict it and save me a lot of time emailing sygate and asking them . Maybe I should of called Miss Cleo. ;) LOL Not offended just stating something.
     
  4. manythanks

    manythanks Guest

    But this is a serious security problem, the response should be "YES THE PROBLEM WILL BE FIXED IN THE NEXT RELEASE" not "well the problem is noted but not sure which year the fix will be", no more I for one have had enough - fix it now or if they WONT then Ill use another company.

    Thanks
     
  5. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I was hoping they wopuld of fixed it when they put out the last release but nope.
     
  6. spm

    spm Registered Member

    Joined:
    Dec 9, 2002
    Posts:
    437
    Location:
    U.K.
    I'm afraid this response was not only predictable, but also a load of baloney. I received a e-mail from Sygate about a year ago now in response to the same question, when SPF Pro was at version 5.0. Then, they said that to fix the local proxy issue woud require a redesign of SPF and it would "therefore have to wait until version 5.1".

    Well, 5.1 came and went. Now the same with 5.5. Draw your own conclusions. I stopped using SPF ages ago.
     
  7. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I think maybe it was an automatic email they sent me. cuz friend of mine emailed and got the same response.
     
  8. ssjx

    ssjx Registered Member

    Joined:
    Oct 30, 2003
    Posts:
    4
    How long have they known about this problem?

    It's shame they don't fix it because it's the only problem I know of in an otherwise good firewall. (Apart from a few small GUI glitches in 5.5)
     
  9. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    Well I sent an amail about it about 6 months ago but I don't know how long they knew about it.
     
  10. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Re:Here's the response I got from Sygate support about the loopback. Must read.

    LOL, an automated email that vaguely says we'll sit on it until we are ready, yes, a "must-read" as your subject says .. yes Totally unpredictable, what a shock..

    Yes given that you already knew about the earlier email, you clearly could have saved yourself a lot of time. Not that it was a lot of time wasted.

    I'm just objecting to the "must read" part. This thread is totally without information value what-so ever (unless you don't know abt the problem maybe).

    Edit: fixed quote tags. CrazyM
     
  11. TAG97

    TAG97 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    616
    Location:
    Connecticut USA
    Well, here's what I beleave. Sygate is pretty close to a final release. I think there will be one more beta and it will deal with the loopback issue. They must beleave that the loopback would never be exploited and it looks like to me they were right. I never seen a post in any forum I've been in where a sygate user was exploited by the loopback issue. So if someone could direct me to some posts in any forum about a sygate user being exploited by this so called "Fatal Flaw" I would greatlly appreate it :rolleyes:
    Best Regards
    Tim
     
  12. manythanks

    manythanks Guest

    Come to think of it, this exploit is only theory and seeing as the vast majority of people who use SPF and Proxy's know what they are doing anyway.

    Thanks
     
  13. JayK

    JayK Poster

    Joined:
    Dec 27, 2002
    Posts:
    619
    Theory? Given the fact that lots of people are *SO* concerned (overly IMVHO) about leaktests , this exploit will shake their world. If you don't care about outwards filtering, it's no big deal of course.
     
  14. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I have to agree with JayK on this one.

    I would like to add that a comment to what Tag said. Tag said "They must beleave that the loopback would never be exploited and it looks like to me they were right" You know that there are porgrams that can be downloaded and sometimes go out on the net and call home. If saygate gon't pick that up while someone is using a proxy than that program is calling home and exploiting the loopback hole in sygate. I for one never seen this happen on my computer but I'm sure it could and might of been done. No one is going to know if one of their programs that's running in the background is calling home if it goes through the lookback hole a proxy and sygate creates. Just a little thing to think about. :)
     
  15. TAG97

    TAG97 Registered Member

    Joined:
    Feb 10, 2002
    Posts:
    616
    Location:
    Connecticut USA
    I took this response from a moderator at Sygate,whom by the way I have a lot of respect for.

    "Without a scientific analysis, I'd guess that the majority of trojans and worms that attempt outbound connections do so directly - that is, they wouldn't bother checking for a local proxy.
    - Trojans that do hook into a legit app that is configured for proxy use (eg IE) will get caught by SPF's DLL Authentication feature
    - Trojans that directly inject (so as to avoid the need for loading a DLL) a "trusted" app such as IE, will generally do so in a manner that causes IE to attempt a direct connection (ie not use the proxy), at which point SPF will alert you that IE is attempting to access the internet. (Which, if you are setup to use a local proxy, should ring large alarm bells.)"

    Cam

    What do you think of that Theory? Please respond to his answer only.
    Agree? Disagree?
    Regards
    Tim
     
  16. manythanks

    manythanks Guest

    Maybe this whole issue has been over hyped without any real solid proof that the firewall could be breached in this manner, maybe when Mr Gibson started to develope the Leak Teaster he - Ste Gibson opened a whole can of worms without investigating the whole picture/truth, maybe Sygate know this and this is the reason for the lack of action regurding the loop-back issue, but as a extra precaution they built Anti Application Hijacing into the firewall. The other question I will ask is the anti application hyjacking more secure than the loop-back issue being fixed.

    Thanks
     
  17. notageek

    notageek Registered Member

    Joined:
    Jun 3, 2002
    Posts:
    1,601
    Location:
    Ohio
    I agree with that totally but I'm sure there is people that can make trojans that can exploit the lookback problem. The only problem with the DLL Authentication feature is that it flags lot of other programs as possible dll injections.

    Just to put this out there so someone don't think I'm slamming Sygate. I think Sygate is a good firewall. I would and do tell people that don't use proxies to use it over ZA (most of the time). I just find that this loopback can be exploited and feel it' s a threat but as Isaid before you can use syagate and SSM together to make a lesser chance of anyone porgram exploiting the loopback problem. A lot of people (mainly people running 98 with low mem) don't want lot of programs running in the back ground. I for one have XP and have lot of mem and don't want lot of stuff taking over my system tray. But I do usE SSM and a firewall.
     
  18. manythanks

    manythanks Guest

    I agree Sygate Personal Firewall is exellent for the job it is intended to do, but if SPF flags programs as possible DLL exploits it only adds to the security.

    Thanks
     
  19. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    Hmn....well one of the deals about securing a system (and allowing user control of what goes out) includes redundancy. And closing the known potential loopback "leak" would seem to be a good idea. For those who want program control, not just against potential Trojans.

    Not knocking Sygate since there are many "advanced" users who use it, like it, but still would like this issue addressed. (Even if they don't consider it deal breaker kind of problem.) And this issue has been around for years. ZA +/Pro provide both program component control and don't have the loopback issue. ZA (free) doesn't have the loopback issue either. I don't know what's involved in "fixing" the issue for Sygate, but the issue's been on the table for some time and (if my recollection is correct) Sygate's been saying it would address it for a long time and still hasn't. It seems something fairly basic that should be addressed for those who prefer to control such things.

    Anyway, I appreciate the thread simply because I've only been on the periphery and not closely following Sygate development and appreciate seeing Sygate's recent response, although it's not radically different from what they've said before. When a new version comes out, someone always asks about this.

    I use a local proxy and I know how many legit programs I have use IE to connect to the net. I want the firewall to tell me when they're trying to do that through the local proxy and let me decide if I want them to or not. That's just my preference.
     
  20. manythanks

    manythanks Guest

    I like that statement, Iwas about to go soft on Sygate and say "it's not that bad" but OH yes it is , this needs to be fixed if you use a proxy with Sygate, but I ask the question again, are Sygate trying to address the issue of the loop-back problem by inserting Anti Application Hijacking.

    Thanks
     
  21. SpaceCowboy

    SpaceCowboy Registered Member

    Joined:
    Oct 20, 2002
    Posts:
    40
    not sure if i understand your question but NO, Anti Application Hijacking will not do anything to stop applications from getting out using the local proxy.
     
  22. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    I don’t use Sygate, and I don’t visit the official forum and I haven’t read any topics about Sygate Loopback issues until this topic, so forgive me for my ignorance. Correct me if I’m wrong but how this Loopback issue works is when running proxy server using IE Environments a lot of regular Software such as Updater Systems doesn’t get seen as making connection to the outside, instead the proxy server application acting as middle-man is what gets seen by Sygate making the connections attempts to the outside?
     
  23. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi Phant0m``

    Yes, anything configured to access the Internet via a proxy program through localhost (such as IE through Proxomitron), would not be seen by Sygate. In the IE example, you would have to have allow rules for Proxo, but not for IE.

    So anyone who is concerned about application control and uses a proxy program with Sygate, should be aware that localhost traffic is not filtered.

    Regards,

    CrazyM
     
  24. Phant0m

    Phant0m Registered Member

    Joined:
    Jun 7, 2003
    Posts:
    3,684
    Location:
    Canada
    Hey CrazyM

    That’s what I thought, thanks!

    I obviously see a problem then, correct me if I’m wrong but anyone using something like Proxomitron most likely has it authorized in the their Firewalls Application Filtering List for initiating Connections to remote machines with destination port 80tcp to any IP Destination. And so using SpywareGuard LiveUpdate for an example which relies on IE Environments could easily be commandeered to access outside resources without being stopped by users Sygate Firewall.
     
  25. manythanks

    manythanks Guest

    "not sure if i understand your question but NO, Anti Application Hijacking will not do anything to stop applications from getting out using the local proxy".

    If a program like Proxomitron is given access to the internet using SPF and a bad program tries to access the internet it get access through the loop-back exploit, if using ZA the program is stopped and the user is asked for access permission but not with Sygate, if Sygate has anti application hijacking it will notify the user of any changes to programs.

    Thanks
     
Loading...
Thread Status:
Not open for further replies.