cancel
Showing results for 
Search instead for 
Did you mean: 

Millions Of Bagles Knock Out Windows Firewall

N/A

Millions Of Bagles Knock Out Windows Firewall

Quote

Munir Kotadia
ZDNet
November 01, 2004, 11:44 GMT

Three new variants of the Bagle worm, which can disable the latest firewall protection in Windows, were discovered on Friday and antivirus companies are bracing for a surge of infections during the day

Earlier this year Microsoft released a major security update for Windows XP, which was designed to strengthen the operating system’s defences against attack from viruses and hackers. One major part of the update was an improved version of its firewall software.

Graham Cluley, senior technology consultant at antivirus firm Sophos, said the latest Bagle variants are designed to attack and disable Microsoft’s new firewall application.

"Just because you are running the latest version of Windows XP you shouldn't think you are necessarily protected from this worm. If it infects a PC running Windows XP SP2 the worm can turn off its firewall and open the door to hackers and other Internet attacks," said Cluley.

Neil Campbell, the national security manager at Internet security specialists Dimension Data, said it is common for viruses and worms to try and disable any firewall and antivirus programs on the system.

Campbell said the latest version of Microsoft’s Windows firewall is a "huge leap forward" when compared to the previous version but he recommends that users should install a third party firewall for better protection.

"There is a window of opportunity when the system boots and loads the network and before the third party firewall becomes active. Windows firewall gives you good coverage during that time," said Campbell.

Email security firm MessageLabs said it has intercepted around 900,000 copies of the new Bagle variants this weekend and expects that figure to peak later today as people in Europe and the US switch on their computers.

David Banes, technical director of MessageLabs in Asia Pacific, told ZDNet UK sister site ZDNet Australia that the company sees around one percent of all Internet traffic, so picking up almost one million copies over a weekend is very significant. But he expects the worm to start fading as users update their security software over the next few days.

"I imagine that when we look back at the end of this week we will see a dip in interceptions on Sunday – when the whole world is offline – and then they will peak on Monday and tail off again by the end of the week," said Banes
11 REPLIES
N/A

Millions Of Bagles Knock Out Windows Firewall

Window's firewall is more trouble than it's worth and as already mentioned lots of time doesn't block outgoing traffic.

I did however read a more disturbing article in IT week, where they found a way to get around most PC firewalls :shock: . I think I'm just going to have to build that Linux machine quick, smart and get smoothwall up and running.
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Millions Of Bagles Knock Out Windows Firewall

Quote
I think I'm just going to have to build that Linux machine quick, smart and get smoothwall up and running.


I hope you don't use any UPNP apps like MSN messanger as that is broken in smoothwall.
N/A

Millions Of Bagles Knock Out Windows Firewall

Peter, sadly I do, although I'm sure I can add the rules manually. It's only really MSN that needs this.

Can I not simply add the UPnP ports, directions, etc. to smoothwall?


Aaron
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Millions Of Bagles Knock Out Windows Firewall

No, the undelying Upnp libraries are broken on the smoothwall kernel/version. There are a number of threads on the smoothwall website forums which explain how to solve the problem by replaceing and manually editing some files but I could never get it to work so gave up and removed the smoothwall product because I needed to use MSN.
N/A

Millions Of Bagles Knock Out Windows Firewall

my router doesnt use UPNP and i can still use msn ? so whats with the need for it? also i got this cool little app that tests your firewall and such by a mate that wrote it, am i allowd to post such a tool? (its non obtrusive, however one small app within it is seen as a "hack tool" by NAV as well it does do simple test things... *shrug* (the fie is "copycat.exe btw : http://www.pestpatrol.com/pestinfo/c/copycat.asp )

Buz
N/A

Millions Of Bagles Knock Out Windows Firewall

Buz,

Some aspects of MSN don't require UPnP, in fact normally MSN IM works quite happyly with any outgoing connection.

Peter,

So what have you used in replacement to smoothwall?

Aaron
Community Veteran
Posts: 14,469
Registered: 30-07-2007

Millions Of Bagles Knock Out Windows Firewall

Too long ago, forgotten now. Try searching the smoothwall website forums
N/A

Millions Of Bagles Knock Out Windows Firewall

then surly you dont need UPNP and thus smoothwall will work fine, and hey if not, use openbsd ^_^
N/A

Millions Of Bagles Knock Out Windows Firewall

Andy,

It would be good to have the option though, since I do have a few programs that use UPnP, not just MSN. In the most part, yes, I don't need it but I might :-P

Aaron
N/A

Millions Of Bagles Knock Out Windows Firewall

well if you dont need it, dont make ur setup less secure in the thought that you "may" need it at some point, cos untill you do it will jsut be another open port for attackers to come in on :p

Buz
N/A

Millions Of Bagles Knock Out Windows Firewall

Well at the moment it's enabed on my router, but no traffic can pass from outside my network, as it's blocked by my router.

I've got quite a number of ports forwarded, in effect open, for various bits of software I run, there is little that I can do, other than let Kerio stop any dodgy packets, but I'm not sure smoothwall would make that much difference.

I wish UPnP was more secure and more widly used, since the only the ports that need to be open would, and I wouldn't need the port forward rules to be in place.