After a slow day, I decided to see what old news was on CNet, and I came across this...
PC protection software such as Zone Labs' ZoneAlarm and Symantec's Norton Internet Security fare well against outside attacks, but Trojan horses and worms that infect the machine can easily dodge the firewall's blocks and access the Net, said Robin Keir, chief software engineer for security services company Foundstone.
"Personal firewalls were not traditionally for stopping malicious programs from running on your computer," he said. Keir published a report and tool illustrating one set of flaws that allows a program to sneak out private data using Microsoft's Internet Explorer and AOL Time Warner's Netscape browsers.
The program takes advantage of aspects of Microsoft's Windows operating system architecture that lets one program control another, a feature that could be used to let an employee training application take control of a program as part of a demonstration or to record keystrokes and track the mouse.
"I wondered if Microsoft had forgotten about this seldom-used program," Keir said. "Makes me wonder if they brushed it underneath the carpet and forgot about it."
Keir's program, called Firehole, employs a reusable piece of program known as a DLL (dynamic linked library) to trick the Internet browser into allowing the program to send data.
Personal firewall makers acknowledged the problem but stressed that the security flaw isn't theirs.
News source: CNet News
View and download: Robin Keir's FireHole: How to bypass your personal firewall outbound detection!
