PDA

View Full Version : Symantec Hacks Symantec? Int Firewall 200*



Unregistered
06-30-2003, 02:57 PM
Folks,

You might be interested to know that the ppl at Symantec aint giving you any permanent or password protection against mIRC.

How do I know? I've been programming from mainframes to PC's and done plenty of low-level TCP/IP stuff too, over 20 years. So, I know that Symantec's Internet Firewall Professional Edition 200* ain't setup in any way, shape or form, when you use out of the box. (It takes me well over a day to setup the MINIMAL rules and settings on a small system, EVEN WITH the new feature that (for the first time), now copies (only part of) the pre-existing existing firewall rules and settings that you setup on an earlier edition.

That aside, I knew in advance, problems that Chat S/W (or NE other installed S/W) can cause.. Given that, I setup some rather customized "Program Rules" for mIRC and "locked down" my Services to run "bare bones". That is, just enough Services to connect to my ISP and not do much else. (I'm referring to the "Progarm Control" Rukes within the Personal Firewall settings for the mIRC program after you install it. Additionally, I "Password Protected" changing existing customized settings in Symantec, too: a new feature, I've seen for the first time, this year.

What do you suppose happened, after I setup customized settings for mIRC???

Erased!!! YUP! All Gone! Every singe rule I created for mIRC's executable. NOT just once! THREE times it was reset by me, and THREE times my rules were erased.

JUST to be sure, after the *st occurance. I began TRIPLE checking
that my rules had "stuck", after I set them up, while I was
OFF-line.

Here's the kicker: I discovered WHILE TRIPLE CHECKING my customized rules that I setup again, for the *rd time, that this COULD happen SUBSEQUENT to my clicking OK, to "save" the Rules. I created it, checked. Everything was fine. Checked again. Everything was fine. Checked a third time. NOPE!!! Gone! mIRC was reset back to accept ALL TCP on ANY Port *-655*5.

Believe me, when I say that I had checked for running and loaded DLL's, and EXE's. And I WASN'T even connected to the NET, when my rules were erased! Furthermore... the erasure occcured without my performing ANY other operation, than triple checking, that my rules were still there.

Now, I normally don't triple check! And I ain't gotta shaky hand, or mouse, that accidently clicked on Automatic (which for all I know might even be set to give mIRC the "run of the house".)

Moral of the story? If your running Symantec Internet Firewall Professional Edition 200* (on Windows 2000), with ALL the latest patches to Symantec, Windows, IE 6.*. (Yes, I.E 6.*)... your totally at the mercy of whomever connects to mIRC!!!

And I would like to mention that one of my "Hidden" Device drivers for the CD-ROM drive was wiped out. It read 7000 some odd bytes. But inside the file. It was totally empty. Thankfully, I don't use that driver, even though the Windows System was still loading it, and thinks it needs it. I leave it to you to decide, when during the 7 days that the system was initially setup and running, that the driver suddenly was erased (subsequent to my using mIRC, and pissing off a few mIRC Admins!)

As for Chat...or ANY other program, DLL, OCX, or whatever
you install or permit to be installed, one thing is certain.
You can put on all the protection you want, including customizing individual Directory, File, User Account permissions, and anything else. It's meaningless. Anything coded by someone else, can do whatever it wants to do. Meaning, forget privacy. Believing it's achievable is a dream!!! My advice is to avoid doing dependency on the NET. Use the phone to place an order, instead of your PC.

Does Symantec know about this? I aint told em. Maybe someone that's gonna use stuff like AOL, MSN, or mIRC cares enough to. I consider them ALL way too unsafe for installation, and have scrubbed down my registration database and directories to ensure that every bit of them is gone.