The Technical Exorcist

April 17th, 2007

Combining Hardware and Software Firewalls?

Posted by exorcist in Mail

Recently I was trying to explain to someone why there was no point in installing a software firewall on a PC that was already protected by the hardware firewall on a NAT router. We both agreed that there was no point in having a software firewall monitoring incoming traffic. The router performs the same port controlling functions as the software firewall, and provides NAT services as well, effectively hiding the connected workstations. Since the hardware firewall is more difficult to penetrate, neither of us thought it likely that anything that couldn’t be stopped by the hardware firewall would be stopped by the software firewall.

The value he saw in the software firewall was that, unlike the hardware firewall, it would monitor outgoing traffic. He postulated that this “program control” would provide a second layer of security. If a malicious program eventually made its way onto the system, and then tried to phone home, the software firewall would warn him, and he would get a chance to deny it access to the internet, limiting the amount a damage done. This is one of the angles the vendor pushed the product from, and it passes the common sense test, so it is a fairly reasonable conclusion to come to—if you only spend a brief moment thinking about it.

My objection is that it is so stone-cold simple to get around program control, anyone clever enough to break through your other security measures would slip by it as easy as a rear-wheel drive car slips on ice.

The easiest method is for the hacker to change the name of his piece of malware to match another program on their system that requires internet access, for example “Internet Explorer”, or “Yahoo Messenger”. If they looked closely, the might see clues that something was amiss, but programs like these are always being updated, so it wouldn’t seem out of the ordinary that they needed permission again. The user would click allow without bothering to look twice.

But there’s another easy method that won’t cause any alert to display. All the hacker would have to do is load his little joke as a plug-in for your favorite browser. Web browsers typically don’t notify you when a new plug-in is added. It’s assumed that you added it, so of course you already know about it. A plug-in almost never alters the programs executable, so it would not be detected as a change in the program by a software firewall’s program control. It would get access to the internet just by piggy-backing on the rights of your web browser. Don’t believe it could work? You can prove it does. Just download and install a plug-in that accesses a remote server for your favorite web browser, and see if your software firewall picks it up as a change. You could try Forecastfox for Firefox.

And those are just two easy ways off the top of my head. A real nerdy hacker might try to insert the information he’s trying to send into unencrypted packets being sent out by other applications, and then intercept them on the other end. If I can come up with three ways of doing it without trying, you know your favorite enemy can come up with sixteen.

From my viewpoint, calling a software firewalls “program control” security is analogous to calling a T-shirt body armor. They both offer approximately the same level of protection.

March 3rd, 2007

Hosting Simultaneous Warcraft III Games

Posted by exorcist in Hardware, Mail, Software

The other day I received an e-mail along these lines:

“The reason I’m writing is thanks to me moving back home Femme and I will be
back to one computer. ShadowQ (the guy I work with) suggested a router, but
we’re not sure what kind. So how do you get two people playing Warcraft III side by side?
If you do use a router, make/model? And do you use a wireless connection at all in your set up?”

In my reply, I gave an overview of how I set up our computers for the Ethereal Land game players:

“I use a Linksys wired router. I can’t really recommend Linksys, though. I haven’t been totally happy with their routers, but then I haven’t been totally happy with any router. I’d just make sure you get a well-known brand, whether it be Linksys, D-Link, Netgear, or whatever. I have used a wireless router in the past, but Ethereal residents were both very unhappy trying to play Warcraft online with it. Missed packets are no big deal when you’re browsing the web, but if you’re playing a game, it can make you lag like crazy. I’d stay away from wireless if you can. If you have a little money to blow and really don’t want to run Cat 5 cables for a wired router, I’ve heard that the routers that transfer data over your home electrical system work pretty good now.

To get two people online playing Warcraft at the same time, I set up both PC’s with fixed IP addresses. I then went into Warcraft’s Game settings and changed the network port on the one PC to 6112, and the other to 6113. Then I went into the router settings and set up port forwarding for the first machine to use port 6112, and the second machine to use 6113. This was necessary because Port forwarding sends all packets for the specified port to the IP address you supply. This means two people can’t play on the same port. You also need two Warcraft CD keys, because two people can’t be online with the same key.”

January 27th, 2007

The Perils of Net Neutrality Legislation

Posted by exorcist in Mail

This letter was not specifically addressed to me, but to a newsgroup that Brer Licky reads.

I’ve just become aware of the Net Neutrality debate going on. I’m
wondering what you all know about and think about this issue as users
of the internet. I can’t explain the issue as well the people who are
behind the movement to preserve Net Neutrality. There is information
about it at (at least regarding USA) and (regarding Europe).

I’m really curious to find out if you have heard about this and what
you think about it.

~Ed Provencher

First off, I should point out that the links Ed provided are simple propaganda sites, and don’t even make an effort to be unbiased. A far better starting point for someone who is new to the Net Neutrality debate would be this article on the Washington Post. Jeffrey Birnbaum doesn’t take a stance on what the government should rule on this matter, but he does a pretty decent job explaining the issues, and why neither side is in the right.

But as Mr. Birnbaum also pointed out, the government must take a stance one way or the other—either allowing the cable companies to carry out their plans, or stepping in to preserve Net Neutrality. So what should be done?

My take is that as long as they aren’t violating any consumer rights, the thing to do is let capitalism take it’s course. If they provide inferior service, people will switch to a better one. If they do create a monopoly and start to abuse people, the courts can break it up.

If people want the Internet to remain free and open to new ideas, they need to let companies experiment with ideas like this. All the laws that are necessary to protect competition are already in place. Allowing the government to make laws how it’s citizens charge for and carry out their data transfer services will only result in more trouble later as the technology changes and the laws become outdated.

January 15th, 2007

A Case Study on Why DRM is Bad News

Posted by exorcist in Mail

You’ve probably heard a million rants against DRM (Digtial Rights Management) protected music, software, and hardware. You may have wondered if people were making a big deal out of nothing. Well, they aren’t. This letter I received a few weeks ago is a good example of what could very possibly happen to you if you continue to buy DRM infected files.

M–wants to download music from Wal-Mart. In fact she has downloaded an installer and paid for some songs, and downloaded some songs. When she tries to play the songs, WMP 9 says “Windows Media Player has encountered an unknown error.”

Upgrading Windows Media Player did not help. In fact, following all the suggestions listed here
did not help.

The posts give a good description of what I’ve encountered.

One note: it appears that not all of the Windows updates that I’ve downloaded have been installed, and I can’t try that now because M— has stuff running. By tomorrow morning you can probably assume I have installed all the updates without better success.

To clarify: currently when I go to the web page to upgrade DRM support for pre-11 WMP, the button is grayed out (using the latest greatest IE).


And here’s my reply.

Unfortunately, M has got her first taste of why DRM is unacceptable. Even after you buy songs, and have used them for months, your music files are still under their control, and they can and will accidentally (when they aren’t doing it on purpose) screw you over. Since you have all the components they require of you, (Windows is updated, WMP is updated, etc.) the fault lies squarely with them, and there isn’t much you can do besides continue to harass them for swindling you, and make sure they realize how unacceptable this is. You can try to contact their customer support like they suggested (—maybe they can manually validate your licences. Unfortunately, even after they get them working for you, you are still entirely vulnerable. All they have to do is make a mistake in their databases and your music won’t play anymore. Also, the latest version of WMP (I can’t remember if they’ve released it yet,) won’t allow you to back up your licences, so if you have to do a re-format, or otherwise lose your files, you’ve lost all the money you paid.

The only practical solution I’ve managed to come up with is to demand your money back, and buy elsewhere.

Here are some respectable non-DRM stores. They’re selections are somewhat limited, but at least they should work.

You can get a very small amount of free non-DRM music from Amazon as well.

Rumors are flying like mad that Amazon is looking to provide a DRM-free music store with a variable pricing scheme, but Amazon has thought about getting into the music download selling business for a while, and hasn’t done it yet, so I guess I’m not holding my breath.

Good luck

The Technical Exorcist

Do you see the problem? Companies who implement DRM give themselves the right and power to renege on a sale. Instead of a contract between peers, your rights are considered subordinate to theirs. This is reprehensible both ethically and practically. Take this story as a warning. Examine the the service agreements on ITunes, Napster, MSN Music, or any other store, and see if you dare buy from them again.