software firewalls and malware spread prevention

Discussion in 'malware problems & news' started by rager, Sep 15, 2010.

Thread Status:
Not open for further replies.
  1. rager

    rager Registered Member

    Joined:
    Sep 15, 2010
    Posts:
    5
    Im new to security so bare with me, I just want to clear some confusions I have up about it.

    Im using Comodo firewall and Ive configured it fairly strictly, I have blocked all outgoing from the 'System', svchost is only allowed to connect to my ISP's dns servers. Beyond that, there are only trusted programs I have given access to.

    So, for malware to operate, generally, wouldnt that require that it creates a weird unknown process and then use that to connect to the internet with?

    Alternatively, if it co-opted a trusted process, wouldnt it be clear on my network monitor it was connecting to an array of strange sites?

    So, generally speaking, if I configured my firewall right in theory, even if I had malware, I could successfully block it from achieving internet/network access?
     
  2. FrnHeight451

    FrnHeight451 Registered Member

    Joined:
    Aug 3, 2010
    Posts:
    11
    Yep, you got it bro. That's the idea anyway, so long as you don't pickup a rootkit that starts messing with your registry!

    What you're asking is the notion behind GRC's Leaktest, if you want to test your FW config. See here: http://www.grc.com/lt/leaktest.htm
     
  3. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    How would you know if malware installed it's own comm driver and bypassed everything you have?
     
  4. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Do firewalls protect against backdoors on port 0 (zero)?
    How would you catch if it's not connecting out at all times, what about inbound connections, port knocking?
     
    Last edited: Sep 28, 2010
  5. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    Hi, Searching_ _ _,

    Can you point me to some current exploits in the wild that do the above? I would like to have a look.

    Thanks,

    rich
     
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Me too, is why I formed it as a question?
    Are these far fetched ideas?

    Is there malware that doesn't connect out but waits for a knock at the port to connect to an already trusted process?

    No problem,

    Searching_ _ _
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I'm not qualified to speculate on that.

    I look at exploits, evaluate the risk, then see if my security is adequate. If not, I make changes!

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.