Windows Firewall Has A Backdoor
Posted at 2005-02-19 20:00:00 GMT
http://habaneronetworks.com/viewArticle.php?ID4
I was just poking around with the Windows Firewall on my system. When
I went to look at the exceptions, I was confronted with an entry that
I couldn't recognize, rk.exe. Rk.exe was allowed full access to and
from my computer. I did a quick search for rk.exe on the internet and
came across ProcessLibrary's website which stated the following about
rk.exe:
rk.exe is a process that belongs to a software from RelevantKnowledge.
The software monitors how you use the Internet as well as displays
various surveys in popup windows. This process should be removed to
protect your personal privacy. For more information visit their
privacy policy agreement at
http://www.relevantknowledge.com/Agreement.htm
Let's see, RelevantKnowledge, um, never heard of them, I know what
software I have installed, and none is from this company. Anyway, what
else does it say? Um, 'The software monitors how you use the
Internet', well, this can't be too good, ok then, how about 'displays
various surveys in popup windows'. so let's add it up:
Never heard of the company Bad
Monitors My Internet Activity Bad
Displays Popups Bad
Well, to me, this does look like spyware and adware. It is spyware
because it is monitoring and probably recording information about
where I am going and what I am doing on the Internet. It is also
adware because of the nice popups it will provide me.
Well, I actually have never seen any activity from rk.exe on my
system, and infact, the file doesn't even exist. I must have cleaned
it out with a spyware remover like, AdAware or Webroot's Spysweeper.
The point of the matter is that this entry has found it's way into my
Windows Internet Connection Firewall Exceptions list without my
knowledge. And as it turns out, isn't that hard to do.
As long as the person currently logged into the computer has
Administrative privileges, an application can easily add an entry into
the
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/
key that will allow any application full rights to and from the
computer without the user's interaction or knowledge.
Just because you think that Microsoft and their supposedly secure
Windows Firewall is running doesn't mean that you're safe. You must
check the settings of the firewall regularily. Always scan your system
at the minimum once a week with the anti-spyware tools and ensure that
you run SpywareBlaster everytime you use your computer.
For more information about SpywareBlaster please visit here, for more
information about anti-spyware and anti-adware products, please read a
full review of the top 5 ad / spyware fighters at:
http://habaneronetworks.com/viewArticle.php?ID.
If you are currently using Window's own firewall to protect you,
either ensure that there are no unknown exceptions or find a better
firewall.
PS. If you are ever unsure about a process, head on over to Process
Library and search for the running processes name.
I have added another article that explains that Microsoft's
AntiSpyware Beta also ignores any changes to the registry for this
key.
You can read the article here
http://habaneronetworks.com/viewArticle.php?ID6
Leer las respuestas