Discussion in 'other firewalls' started by RL, Mar 6, 2003.
Ample discussion in Look & Stop forums already.
With patch already issued LNS stops this .
Kerio did not recognize it, and the same for ourpost
ZAF 3.7.098 reconized it but faild to stop it from sending info to the site
SSM prevent it to run with or without FW
What is SSM ?
I understand that Jack, but since the number of SSM users is rather low compared to firewall users, all these leaktests and proof of content are forcing firewall vendors to produce better products.
After all firewalls are considered the first line of defense by most and any improvements made to them can only help the net community at large.
I find it rather strange that when an item such as this is posted ppl rush out to try it - You download something that someone has pointed you towards & wonder why your PC / firewall is "compromised" OK in this case it is genuine but others may not be so honest.
Still I suppose that is what a lot of folks do all the time, hence the rapid spread of Worms, Viri & Trojans & other malware.
I'm ducking! ...
You are right and Frederic is really quick on the ball
I of course run also a FW, SSM is another layer of defence and prevent such tests or possible malwares not yet in AV, AT or Anti-spy databases to cheat before adequate mesure has been token by FW developpers.
As Paul uses to say "don't put all your eggs in one basket "
Sure but see MtM post, I second that and not only for FW developpers but for all security products'.
There are not normal conditions of computer use of course
I am not aware of any malware till now using the technics of such leaktests but could happen soon or later.
Better defence is prevention.
I also attach my belt in my car : one never knows what may occur even if a never had an accident
1. I would think that those that keep coming to BB's like this one are already tuned in to potential threaths. Is is not the reason why most come here in the first place ?
2. These proof of concepts are just that. To prove that a real nasty could produce damage in same situation. They in turn allow software vendors to produce patches to ensure that the "real deal" is neutured before someone actuallly produces it.
It's a never ending game..............................
Call me old fashion but I prefer “Application Filtering” Feature that has capabilities of detecting large % of the time, Applications accessing Client Environments. Using System Safety Monitor would be quite stressful Utility for people who all the time Downloads, Installs, and Updates. I’m all the time Downloading, Installing, Updating programs whether it’s for Exploring purposes or it’s just to assist one with problems. As it is I’m all the time responding to Application Filtering Alerts, I don’t believe I can stand using something like Application Control like that what SSM offers. How I see it I would prefer responding to Alerts of Applications accessing Client Environments then to be responding to Alerts upon file executions. But because System Safety Monitor wouldn’t be beneficial to me doesn’t mean it’s not to another, this product provide an Additional Layer to Software Firewalls and that’s all good…
Most don’t know this yet but there is only so many ways of accessing Internet Resources and so far Software Firewalls with Application Filtering Feature like Look ‘n’ Stop pretty much has most of the methods used for accessing Internet Resources covered. And I personally feel it’s going to come the time where programs going to become more malicious and attempt to Terminate Software Firewalls functionality whether it’s by terminating its Processes or….
ZA+ with current updates warns and stops the piggyback.
Well, I'm running Norton Personal Firewall 2003 (NIS), and it didn't detect it...
The site says, "patch available". Does anyone know how I can get that patch?
Thank You Pieter_Arntz for the link.
,I knew about System Safety Monitor but didn't put the connection with the abbreviation.
I run RegRun and was thinking SSM is very similar?
I also have a couple other programs that monitor vital REG keys and program-Application file changes.
Did your message show up on the site? Not currently running 2003, but I seem to remember it not alerting, but the message would not go through.
Thanks for your reply!
It did not kick the firewall to warn me and it did post the message on the site... Here is a screenshot...
Hi Straight Shooter
Thanks for the clarification .
Hello all. New to this forum, but not to computing. That said, I would like some input to a couple of my concerns. I upgraded my XBlock software, ran a spyware scan and, lo and behold, was informed that WinWhatWhere resided in my registry and dwshk36.ocx was in my system folder. HHmmmmm I then checked the other 5 computers on my home net and found the same entries on 3 of them. Any ideas? Is it for real, or just a residual of some other program?
My other query concerns the security provided by the firewall contained in my Netgear FVS318 with Prosafe VPN Firewall. Is it enough to rely on this for security? Thanks for your input! Great forum here!!
Hmm. Sounds like it might be for real. The presence of dwshk36.ocx by itself isn't totally incriminating, however...
Here's a link to some information on this keylogger and others:
This might help! Good luck!
Nice link JimIT
Lots of good keylogging info
I am still using Anti-Kelogger and it seems to work very well.
Any program with good heuristics will give some false alarms.
It appears monitor spy from code-it's page will scan an NT system but you still need ADMIN rights to make any reg changes. It is still always nice to at least know the files are there even if we can
t delete them. These keyloggers are used more and more by the corporate world. I am seeing more and more state government agencies loading these keylogges on their systems all the time.
And once again I must remind you, many of these systems are still windows 95
This topic will probably be moved to the appropriate forum discussion, but if you are the original owner of your PC, you or somebody else has been "spied" upon !
Welcome to the forum.
Just a word on your post here... Generally, posts that are about new subjects should be posted in a "new topic" and not as a "reply" to a thread that is about a different subject. This thread was about a specific firewall leaktest.
Unfortunately, we can not detach the individual posts (yours and the 3 replies to it) and move them to another forum as eyespy notes. You appear to have the answer to your first question, it really looks like you have a real keylogger on your system. I suggest you use your spyware scanner to remove it from all systems.
If you have any follow-up questions on the spyware / keylogger, please start a new thread in the "privacy problems" forum. As for your router / firewall question, a new topic here in the "other firewalls" forum would be best for that.
Again, welcome to Wilders Security Forum!
Kerio 2.1.4 passed, its all in your rules.
Using Internet Filtering Layer you can Control Anything, purpose of these Leaktests are to test the Application Layer whether or not it’s capable of detecting these types of methods to gain Internet Access.
Separate names with a comma.