software firewalls and malware spread prevention

Discussion in 'malware problems & news' started by rager, Sep 15, 2010.

Thread Status:
Not open for further replies.
  1. rager

    rager Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    5
    Im new to security so bare with me, I just want to clear some confusions I have up about it.

    Im using Comodo firewall and Ive configured it fairly strictly, I have blocked all outgoing from the 'System', svchost is only allowed to connect to my ISP's dns servers. Beyond that, there are only trusted programs I have given access to.

    So, for malware to operate, generally, wouldnt that require that it creates a weird unknown process and then use that to connect to the internet with?

    Alternatively, if it co-opted a trusted process, wouldnt it be clear on my network monitor it was connecting to an array of strange sites?

    So, generally speaking, if I configured my firewall right in theory, even if I had malware, I could successfully block it from achieving internet/network access?
     
  2. FrnHeight451

    FrnHeight451 Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    11
    Yep, you got it bro. That's the idea anyway, so long as you don't pickup a rootkit that starts messing with your registry!

    What you're asking is the notion behind GRC's Leaktest, if you want to test your FW config. See here: http://www.grc.com/lt/leaktest.htm
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,921
    How would you know if malware installed it's own comm driver and bypassed everything you have?
     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Do firewalls protect against backdoors on port 0 (zero)?
    How would you catch if it's not connecting out at all times, what about inbound connections, port knocking?
     
    Last edited: Sep 28, 2010
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    Hi, Searching_ _ _,

    Can you point me to some current exploits in the wild that do the above? I would like to have a look.

    Thanks,

    rich
     
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Me too, is why I formed it as a question?
    Are these far fetched ideas?

    Is there malware that doesn't connect out but waits for a knock at the port to connect to an already trusted process?

    No problem,

    Searching_ _ _
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,982
    Location:
    California
    I'm not qualified to speculate on that.

    I look at exploits, evaluate the risk, then see if my security is adequate. If not, I make changes!

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.