Warning: Most Personal Firewall programs easy to fool!
This question was answered on December 16, 2000. Much of the information contained herein may have changed since posting.
PERSONAL FIREWALLS, such as ZoneLabs ZoneAlarm, Black Ice Defender, Norton's Peronal Firewall, Sygate Technologies Personal Firewall are designed to block suspicious incoming and outgoing traffic on an Internet connected computer or even block a program from using the Internet altogether These programs play an important role in protection since broadband connections by virtue of their "always on" status can be easy prey for hacker programs that can sniff out their IP addresses.
But many of these personal firewalls have a design that may be easy to compromise with just a few lines of code that it will open a back door in several personal firewalls.
Basically, the hack involves known behaviors of these products Since the personal firewalls watch traffic based on port number and program name, all a hacker has to do is rename a virus or Trojan horse to a name that end users have likely permitted to have access to the Internet
For example, a hacker could rename a trojan horse file to iexplore.exe (the executable for Microsoft's Internet Explorer), a file name that is not likely to be barred from using the Web If this file is permitted to access the Internet, it can provide the valuable information that is needed for a hacker to compromise your system.
The very thing that these programs were supposed to prevent could possibly fail, if this exploit is used.
As of now, we are not aware of any virus/worm/trojan horse files that are taking advantage of this exploit, but it is just a matter of time now that the information is circulating around the Internet.
WHAT CAN I DO?
Fortunantly, there is now an easy way to test your Personal Firewall for "leaks" thanks to Steve Gibson at Gibson Researce He has posted a free program that will test your personal firewall and let you know if you are vulnerable to this exploit.
The FREE personal firewall that we have been recommending, ZoneAlarm <a href="http://www.zonelabs.com"><font color="#003399">(www.zonelabs.com)</font></a> passes the leak test, but many others do not...
To test your personal firewall, go to:
<a href="http://grc.com/lt/leaktest.htm"><font color="#003399">>http://grc.com/lt/leaktest.htm</b></font></a>
About the author
Posted by Ken Colburn of Data Doctors on December 16, 2000