12 July 2006

Repairing XP's Firewall

This is another example of what happens when you break the "Safe should be boilerplate" rule (see the previous two posts).

Windows XP has a built-in firewall that is quite effective at keeping intruders out, but does little to prevent malware already in the system from calling home. This is in keeping with a current weakness in Microsoft's approach to Windows and malware - an almost total disregard for the need to reclaim PCs from the clutches of malware infection.

Once malware is active, it can take action against your defenses and tools, including XP's built-in firewall. This is as easy as attacking Safe Mode, and for the same reason; the firewall depends on registry settings that are easy to attack once you have admin-level access to the registry.

There's a good article on this situation here:

http://windowsxp.mvps.org/sharedaccess.htm

The previous post in this blog describes how to fix damaged Safeboot registry information; you can use similar tactics to fix the SharedAccess information that defines the firewall state, or you can use the sharedaccess.reg as linked from Ramesh's article mentioned above.

1 comment:

Chris Quirke said...

Is that the same site that you can download Raytown's keylogger, too?