On Sat, 19 Feb 2005, Jay Calvert wrote: > > > By adding a new key to the registry in > HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List > you can circumvent the whole purpose of the firewall with out the users > interaction or knowledge. Spyware / Adware manufacturer's are already > do this. This is not a backdoor or vulnerability. The default permissions on this key are Full Control for SYSTEM and Administrators and Read for Users. The Administrator should be able to configure the firewall to allow programs to connect outbound. The security problem that has created the spyware malaise on Windows is the default Windows installation for home users, which creates the user's named account in the Administrators group. When this account is used to browse the internet there is no protection to prevent spyware/malware from bypassing security mechanisms, such as the XP SP2 firewall, by exploiting vulnerabilities or tricking the user. The advent of spyware/malware using NT rootkit technology to hide from AV and Anti-spyware programs will force Microsoft to change to an installation where there are 2 accounts, one for administration and a low permission one for browsing the internet. This has been the standard for Linux and OS X for years. -Chris
