Everybody knows what a personal firewall does. It controls inbound/outbound access to the internet/network. Well, though many prefer third part software like ZoneAlarm Pro and so on, many still stick to Windows Firewall. Not configuring windows firewall properly is one of the simple ways to crash windows quickly.
Basically, firewall
- asks user permission whether or not to allow a program to communicate remotely
- asks user permission whether or not to allow ports opening for remote communication
The secret to break windows firewall is by using 'netsh' command. You can use netsh to open a port as well as add or delete a firewall rule for a program. If I place a trojan in your computer and execute it, the trojan would be programmed to open its default port as well as add itself to the firewall rule to allow it to communicate to the internet. The user would be completely unaware of this fact. And also, the trojan can be executed covertly by advanced startup methods as discussed in my previous article. You can also view the detail syntax of 'netsh' command by typing "netsh firewall /?" in the command prompt.
All in all, your computer can be controlled remotely via internet without you knowing anything. And any trojans today can be passed easily to your computer via emails. They can be made so small that they can be passed via so many ways.
So, while selecting firewalls, do not select those that can be controlled via command shells. Always use those that needs human clicks. Very important!
Example of 'netsh' command (Full syntax):
To change the firewall rule to accept a program 'file.exe', we can write something like
- netsh firewall add allowedprogram C:\file.exe testfile ENABLE
- netsh firewall add portopening TCP 4444 testport
