|Home » Resources » Rants
Tired of Waiting
Week of December 5, 2001
'Cos I'm so tired, tired of waiting.'
- R Davies
Tom Liston finally got tired of waiting, and one might wonder why he waited so long. Now the cat is out of the bag: personal firewalls never did protect you as they claimed. They trapped innocent Winsock calls but never saw any traffic emanating out of anything but the Microsoft stack, and the technology to create trojans and other malicious programs which circumvented the Microsoft stack has been available on all Windows platforms for years. It was time to alert Harry Homeowner. It was time for Harry Homeowner to stop putting blind trust in this new generation of rainmaker applications.
Liston wasn't too happy with the reception he received at Zone Labs. 'Duck mislead and obfuscate,' he called it. He was somewhat more pleased with the reception at Tiny Software. Although his first query went unanswered, subsequent queries met with a prompt and polite answer. Yes, it is true, wrote Tiny Software, we do not monitor other than through Microsoft Winsock, but we will see what we can do to change that.
Yet it still makes one wonder. For there have been reports that Winroute Pro, the commercial version of Tiny Personal Firewall, does indeed monitor and stop traffic as it should (no version of ZoneAlarm does this). And in such case, whatever were people thinking when they devised these applications?
Had they reached a conscious corporate decision to not offer proper protection to those other than the paying customers? Something was deliberated, some conclusions were reached, of that we may be certain. For to create a firewall, one must be very well acquainted with the link layer, the network layer, the transport layer, and the application layer. And to create a personal firewall for Windows one must be intimately acquainted not only with the above but also with Winsock and NDIS. It's not so much a matter of being negligent if one does not master this theory as it is a matter of technically not being able to construct a firewall at all without it. So they knew all right - they all knew, right from the beginning.
But what were they thinking? That no one would ever happen upon this dirty little secret? Admittedly it took several years for anyone to ferret it out. But what luck that was - were they rolling the dice and gambling on no one ever finding out? For surely it smells of a very dangerous gamble a mile off.
Are other personal firewalls built the same shoddy way? If you are running another PFW and have a hardware configuration that lets you run Outbound, then send in your report to Tom.
Will things change? Probably not. The greatest delusion has been that Harry Homeowner thought the box was safe. It never is and never will be. As always, it pays to be alert - and it pays double, as we see now, to not put blind trust in any rainmaker.