PDA

View Full Version : Will Your Firewall Stop This?



DVD PIRATE III
01-10-2004, 04:10 PM
Heres a little test I found on another forum ..so far only 3 different firewalls have passed this test..so you wanna test yours?
Right click save target as...


Some Sites & Security companies register this as a trojan/virus/malware/spyware etc etc..
So its completely at your own risk that you want to use it.
By downloading this test you are agreeing to those terms and the Kazaa Lite Forum,My self, and this Test will not be held liable for anything once you have clicked the link

PC Audit (http://forum.pleasuredome101.com/index.php?act=Attach&type=post&id=36430)


Heres there website if you wanna download from there
http://www.pcinternetpatrol.com/downloads/audit.php

I warn you now, you may not like the results you get :helpsmile:
Dont be shy to post ya results here with the firewall your using so others no which is the goods and which isnt B)


EDIT: theres another tester here in this same thread that ive posted if anyone wants to try it -----> http://klboard.ath.cx/index.php?showtopic=...1172entry801172 (http://klboard.ath.cx/index.php?showtopic=93125&st=30&#entry801172entry801172)

leftism
01-10-2004, 04:45 PM
Which firewalls passed the test? I cant test it out right now because Im at Uni (yup on a Saturday :( ) but I definitely will when I get the chance.

j4y3m
01-10-2004, 04:46 PM
I Falied :unsure:

Sygate Personal Firewall Pro

DVD PIRATE III
01-10-2004, 04:50 PM
Originally posted by leftism@11 January 2004 - 05:45
Which firewalls passed the test? I cant test it out right now because Im at Uni (yup on a Saturday :( ) but I definitely will when I get the chance.
PM sent

leonarmston
01-10-2004, 04:53 PM
That is scary, I need to know which firewalls work. I have mcaffee personal firewall. I tried norton personal firewall it installs ok then after about 30secs it disappears from the notification bar and i cant use it again til i reboot then for 30 secs again.I cant even access it from the start menu, desktop, explorer. Any ideas?

fkdup74
01-10-2004, 05:03 PM
madafaca :angry:
feckin sygate :angry:

test results ahowed a full screenshot AND 'my documents'!!!!!!!!!!!!!!!!!!

hey DVD, wanna send me that pm too? :D

leftism
01-10-2004, 05:07 PM
To all you guys using sygate, go into advanced options and enable "DLL authentication" and try it again. I have a feeling that will stop this because the website says it uses DLL's.

The only problem with this is that DLL's often get changed under normal circumstances so it might be hard to work out whether its a kosher change or not

:(

DVD PIRATE III
01-10-2004, 05:07 PM
if you ran the test on nortons..itll hijack Nortons and crash it..

DVD PIRATE III
01-10-2004, 05:08 PM
Originally posted by leftism@11 January 2004 - 06:07
To all you guys using sygate, go into advanced options and enable "DLL authentication" and try it again. I have a feeling that will stop this because the website says it uses DLL's.

The only problem with this is that DLL's often get changed under normal circumstances so it might be hard to work out whether its a kosher change or not

:(
it uses .dlls, but that wont help ya

fkdup74
01-10-2004, 05:14 PM
aww, come on D, the suspense is feckin killin me :lol:
what passed?

DVD PIRATE III
01-10-2004, 05:15 PM
Originally posted by leftism@11 January 2004 - 06:07
To all you guys using sygate, go into advanced options and enable "DLL authentication" and try it again. I have a feeling that will stop this because the website says it uses DLL's.

The only problem with this is that DLL's often get changed under normal circumstances so it might be hard to work out whether its a kosher change or not

:(
when you get attacked by a trojan like this there aint gonna be no website to go check what it uses as its running processes, so my advice is to get a decent F/wall B)

ck-uk
01-10-2004, 05:18 PM
Passed. :)

Sysgate pro. :)

SeK612
01-10-2004, 05:20 PM
Norton Personal Firewall:

Failed :(

I don't think it got the right IP address but thats not the firewall.

leftism
01-10-2004, 05:21 PM
Originally posted by ck-uk
Passed. 

Sysgate pro. 

Can you post your settings in the options and firewall version number please? Some people have failed with sygate so it must be something to do with that.

fkdup74
01-10-2004, 05:26 PM
Originally posted by ck-uk@10 January 2004 - 09:18
Passed. :)

Sysgate pro. :)
:angry: :angry: :angry:

:P :lol: :lol: :lol:

creamer
01-10-2004, 05:29 PM
Originally posted by stupidguy@10 January 2004 - 16:46
I Falied :unsure:

Sygate Personal Firewall Pro
SAME AS MINE, CHEERS :D

WHAT WAS IT <_<

DVD PIRATE III
01-10-2004, 05:31 PM
Its a fucking good test thats what it is...lol

fkdup74
01-10-2004, 05:33 PM
Originally posted by DVD PIRATE III@10 January 2004 - 09:31
Its a fucking good test thats what it is...lol
:lol: :lol: :lol:

Samurai
01-10-2004, 05:39 PM
I Failed

Using Sygate Personal Firewall Pro 5.5 Build 2516 Signiture File Serial Number 1.0.1042

I know my firewall is up to date... I think it has to do with something else. I mean why do you have to d/l it? I belive it works because it is already on your system so no need for a firewall.

If anyone has used a port scanner, for instance, NetBrute, you&#39;ll learn that among all the IP addresses you&#39;ll see, yours is also visable. This doesn&#39;t mean everyone else can see it, just that it&#39;s visible to the program awake on your PC.

Simple Really

creamer
01-10-2004, 05:39 PM
THIS IS SOME FUCKED UP SHIT. :angry:

I FEEL ABUSED :( THEY EVEN KNOW MY FUCKIN NAME

DVD PIRATE III
01-10-2004, 05:46 PM
Originally posted by Samurai@11 January 2004 - 06:39
I Failed

Using Sygate Personal Firewall Pro 5.5 Build 2516 Signiture File Serial Number 1.0.1042

I know my firewall is up to date... I think it has to do with something else. I mean why do you have to d/l it? I belive it works because it is already on your system so no need for a firewall.

If anyone has used a port scanner, for instance, NetBrute, you&#39;ll learn that among all the IP addresses you&#39;ll see, yours is also visable. This doesn&#39;t mean everyone else can see it, just that it&#39;s visible to the program awake on your PC.

Simple Really


That&#39;s just it... this is a test that you load.
A trojan can easily do this and do it without any open windows you wouldn&#39;t even notice it.But you failed and that was the whole point of the test..its not a trick or anything like that..Its something that could easily happen when you download something and run it...

I will post at the end of this threads life which 3 firewalls, to date, passed this test and let me tell you now Sygate was not one of them B)

fkdup74
01-10-2004, 05:51 PM
Originally posted by Samurai@10 January 2004 - 09:39
I mean why do you have to d/l it? I belive it works because it is already on your system so no need for a firewall.


hey, i wanted to be skeptic too,
but what DVD says is true,
thats how a trojan works bro
it d/l&#39;s some evil shit to your pc
and runs w/o you knowing locally
read just about any trojan defs,
and it&#39;ll tell you as much

ck-uk
01-10-2004, 05:53 PM
I think it has to do with something else. I mean why do you have to d/l it? I belive it works because it is already on your system so no need for a firewall.


Mate thats where the one end of a trojan would be on your hd.What it does is use another process to access the net.One of your other progs.Just enable "dll auth&#39; so it cant modify them.

Samurai
01-10-2004, 05:56 PM
Differences between trojans and this software as as follows:

1) nothing was installed with this app, thus no foreign software installed to alert my AV of it&#39;s nature

2) trojans are, mostly there to transmit data to another user via the Internet. This is done by IP addresses, and for this to happen, my firewall would alert me to any outgoing data.

I believe this software is not as spectacular as what people are making it out to be. I&#39;ll be researching this further...

Mik3ll
01-10-2004, 06:00 PM
I failed <_<

EDIT: Sygate firewall pro.

fkdup74
01-10-2004, 06:01 PM
Originally posted by ck&#045;uk@10 January 2004 - 09:53
Just enable "dll auth&#39; so it cant modify them.
tried that C, didnt work, kept gettin the pop-up from sygate,
kept denying it, still got a failed result, just couldnt view it :(

unless pro&#39;s got a better auth prog than personal :unsure:

DVD PIRATE III
01-10-2004, 06:06 PM
Originally posted by Samurai@11 January 2004 - 06:56
Differences between trojans and this software as as follows:

1) nothing was installed with this app, thus no foreign software installed to alert my AV of it&#39;s nature


its not testing your antivirus...its testing your firewalls out bound protection
take a look at the name of this thread..does it read "Will your Anti-Virus stop This?
No it reads "will your firewall stop this"

leftism
01-10-2004, 06:06 PM
Originally posted by samurai
trojans are, mostly there to transmit data to another user via the Internet. This is done by IP addresses, and for this to happen, my firewall would alert me to any outgoing data.

Thats not quite right dude.

Pcaudit uses IP addresses as well (you cant transfer data over the net without them).

The reason your firewall didnt pick it up is because it hijacked an application (probably internet explorer) that is already allowed to access the net.

A trojan could do exactly the same thing and your firewall wouldnt pick it up either.

This is a very big deal.

ck-uk
01-10-2004, 06:07 PM
Enabling dll auth should stop it mate.

When i tried the test mate i watched tri accessing throught around 7 different apps including my modem software deamon tools bt etc. :)

DVD PIRATE III
01-10-2004, 06:08 PM
Bear in mind people this thread is not about bashing different firewalls ..id hoped that people who tried this test would learn something from it that may benefit themselves or others so lets keep the thread from blowing up in our faces ladies & gentlemen...

Mik3ll
01-10-2004, 06:12 PM
So can you post the firewalls that passed now?

Samurai
01-10-2004, 06:16 PM
Originally posted by DVD PIRATE III+10 January 2004 - 17:06--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (DVD PIRATE III @ 10 January 2004 - 17:06)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-Samurai@11 January 2004 - 06:56
Differences between trojans and this software as as follows:

1) nothing was installed with this app, thus no foreign software installed to alert my AV of it&#39;s nature


its not testing your antivirus...its testing your firewalls out bound protection
take a look at the name of this thread..does it read "Will your Anti-Virus stop This?
No it reads "will your firewall stop this" [/b][/quote]
Out-Bound Protection eh? Ok, when I&#39;ve run that file that was downloaded and gone through the whole process, not once does it even enter my list of applications using the Internet.

I already know it&#39;s using IE after a couple of tests, but we can&#39;t just disallow using IE because of this fact.

As for
Enabling dll auth should stop it mate., this did not work.

DVD PIRATE III
01-10-2004, 06:16 PM
weve only heard from 2-3 different firewalls so far..wait for a bit of variety to arrive... B)

Samurai
01-10-2004, 06:17 PM
Well we haven&#39;t heard from anyone using Zone Alarm & Pro users so maybe that&#39;s one. Possibly BlackIce is another.

ck-uk
01-10-2004, 06:19 PM
Guys it has to be you lot.

http://mysite.freeserve.com/nhawk/untitled.GIF

After i may take a few screen shots of it tring through my apps

leftism
01-10-2004, 06:23 PM
Originally posted by samurai+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (samurai)</td></tr><tr><td id='QUOTE'>Out-Bound Protection eh? Ok, when I&#39;ve run that file that was downloaded and gone through the whole process, not once does it even enter my list of applications using the Internet[/b]

Thats why this is so serious. Its obviously making an out-bound connection but apparently most firewalls dont even notice it.

<!--QuoteBegin-samurai
I already know it&#39;s using IE after a couple of tests, but we can&#39;t just disallow using IE because of this fact.[/quote]

This is another reason why its such a big deal. It could hijack any application not just Internet Explorer and you wouldnt even know it.

cwctv
01-10-2004, 06:41 PM
Using Tiny Personal Firewall Engine 2.0.15 and the program crashed out couldn&#39;t carry on, :lol: :frusty:

DVD PIRATE III
01-10-2004, 06:43 PM
Originally posted by cwctv@11 January 2004 - 07:41
Using Tiny Personal Firewall Engine 2.0.15 and the program crashed out couldn&#39;t carry on, :lol: :frusty:
thanks for posting so mate... :lol:

cwctv
01-10-2004, 06:54 PM
Update did it some more times the same then I opened a doc&#39; and bingo results were all over the screen, what a waste of time a fierwall is then but I am not getting another one. :( :frusty:

DVD PIRATE III
01-10-2004, 07:03 PM
Heres another firewall tester thats not so vicious if any one wants to try it


Rightclick Save target as

Firehole.exe (http://forum.pleasuredome101.com/index.php?act=Attach&type=post&id=31569)

Heres there website if people wanna get it from there and dont trust me...lol
http://www.keir.net/firehole.html

DVD PIRATE III
01-10-2004, 07:14 PM
Originally posted by Samurai@11 January 2004 - 07:16
Out-Bound Protection eh? Ok, when I&#39;ve run that file that was downloaded and gone through the whole process, not once does it even enter my list of applications using the Internet.

I already know it&#39;s using IE after a couple of tests, but we can&#39;t just disallow using IE because of this fact.


Thats because it hijacks any process running on your computer at the time and if youve already told Internet explorer it can access the net then this test will"hijack" that process and access the net because youve previously told it(IE ) that its allowed to...Internet explorer isnt gonna tell you its been hijacked and your firewall is just doing what youve told it too previously

And if Internet Explorer isnt running at the time of the test watch how many other processes it hijacks

Marius24
01-10-2004, 07:22 PM
i passed (i think) the program came up with a error so i terminated it :D

:lol: :lol: :lol:

Marius24
01-10-2004, 07:24 PM
i keep getting this error so i guess i pass <_<

http://server5.uploadit.org/files2/100104-1111111111111.GIF

DVD PIRATE III
01-10-2004, 07:29 PM
If ya firewall didnt stop it you didnt pass, as it tests your firewalls outbound security..it doesnt test for errors...lmao

3223
01-10-2004, 07:46 PM
i failed pcaudit and firehole with ZA Pro&#33; what can i do to make ZA more secure without switching firewalls?

EIDT: i think i know why i failed firehole... i checked do not show alert again when IE6 opens up. but i still dont know y i failed puaudit&#33;

4th gen
01-10-2004, 08:01 PM
Originally posted by Samurai@10 January 2004 - 17:17
Well we haven&#39;t heard from anyone using Zone Alarm & Pro users so maybe that&#39;s one. Possibly BlackIce is another.
zone alarm pro failed me :(

DarthInsinuate
01-10-2004, 08:28 PM
what&#39;s it mean if the IP they say you&#39;re on isn&#39;t the IP you&#39;re on?

DVD PIRATE III
01-10-2004, 08:43 PM
Did ya wall pass or fail?

I tried with my online banking and i tried a txt document from "My Documents" and either way the test first tried to hijack my browser, then when that failed proceeded to attempt to hijack every running process on my computer in an effort to connect to the net
this test is designed to test your firewalls outbound security and as you can see from the thread theres some pretty shocking results B)

leftism
01-10-2004, 08:48 PM
OK here are my test results.

Oldish version of Kerio (the one similar to the old Tiny): Failed
Sygate Pro: Failed
Zone Alarm: pass&#33;

I have to make an admission here, DVD_PIRATE did PM me and tell me that Zone Alarm would pass :)

The reason some of you have failed the test with ZA is because you havent enabled component control.

Go into ZA options and click on Program Control. Set the slider to high or click custom and tick both boxes.

Then click on the programs tab in the top right and see which programs are allowed access to the net. Right click on each of these programs and select options. Make sure "Authenticate components" is ticked.

Now run the test again. You will get loads of warnings, say no/deny all of them.

If everything went according to plan you will have passed the test&#33; :01:

We should all be thanking DVD_PIRATE for this info, we&#39;ve all been sitting behind our firewalls feeling safe when they&#39;ve been abouit as much use a chocolate fireguard&#33; I&#39;m certainly feeling very grateful anyway :)


Originally posted by DarthInsinuate
what&#39;s it mean if the IP they say you&#39;re on isn&#39;t the IP you&#39;re on?

It means that your connection is going through a proxy server, this might be set in the Internet Options in Internet Explorer or it could be your ISP putting all your connections through their own proxy server.afaik they usually do this for dialup users to speed up their net access.

DVD PIRATE III
01-10-2004, 08:57 PM
Thank you for the very thorough and informative post..
congratulations..
remember people I only told him it (Zone Alarm) would pass, so full credit to Leftism for figuring it out

Now if only someone would turn up with the other 2 firewalls that I know have passed I&#39;ll be a happy camper... :P

CPU1
01-10-2004, 09:37 PM
what are the other two

3223
01-10-2004, 09:41 PM
YES&#33;&#33; im safe woth ZA now. thanks&#33;

Ynhockey
01-10-2004, 09:53 PM
The ZA way seemed to work for me as well, but it&#39;s too bothersome... i mean, i&#39;d hate to have to allow/block programs again and again each time they try to access the internet (that&#39;s how it works with the high security setting)... i feel unsafe :(

DVD PIRATE III
01-10-2004, 09:56 PM
well its safer than having a trojan like this access the net..id rather take the time and energy to make a couple of extra clicks with my mouse than be to lazy and lose out big time in the long run...
might as well uninstall it..if you cant let it do its job , then its pointless having it

A lot of people are missing the point here...if youve allowed say for instance internet Explorer access to the net and some trojan youve got hijacks IE, then your firewall is gonna let it out because youve allowed IE access to the net..
basically you just got OWNED if that happens

dudevenezuela
01-10-2004, 10:07 PM
FAILED
Sygate Personal Firewall version 5.5 build 2516
:o :frusty: :frusty: :frusty: :frusty:

DVD PIRATE III
01-10-2004, 10:14 PM
Originally posted by cpumaster1@11 January 2004 - 10:37
what are the other two
CPUMaster...Its me "Skank"..what firewall are you using?

dudevenezuela
01-10-2004, 10:15 PM
Passed









After chosing "Block All"
:D

Mïcrösöül°V³
01-10-2004, 11:05 PM
Norton internet security 2003, failed, failed, failed http://www.mcbriens.net/liam/img/smilies/fingerleft.gifhttp://www.mcbriens.net/liam/img/smilies/swearani.gif

leftism
01-10-2004, 11:13 PM
Sorry for going slightly OT but does anyone know if the same principle would work with linux? I mean DLL&#39;s are the same as shared libraries right? Can you load/unload shared libraries at runtime with linux?

I suspect this issue is really more of a problem with the windows architecture but it would be &#39;interesting&#39; if this attack worked with linux as well.

DVD PIRATE III
01-10-2004, 11:19 PM
Who wants to check there anti-virus/anti-trojan scanners?...go to this thread if ya not afraid...lol

http://klboard.ath.cx/index.php?showtopic=93194&hl=

here come some more failures...lol

as for linux Im not sure but id say no off the top off my head , but then again..ill give it a test this evening on a linux comp

99shassan
01-10-2004, 11:27 PM
Should I get Zonealarm Pro from Kazaa and what is the latest version? I can&#39;t get on their website. Same reason as I posted before about being unable to go on the symantec website.

DVD PIRATE III
01-10-2004, 11:29 PM
Zone Alarm Pro 4.5.538 with Web Filtering is the latest..download the trial and ill pm u a key if ya want

fkdup74
01-10-2004, 11:36 PM
well D, the &#39;other&#39; f/w failed :(
f*cker was a b*tch to configure, musta done somethin wrong :unsure:
plus, no matter how many rules i created, port **** was still open :blink:
tried blockin UDP, TCP, ICU, FBI, CIA........... :lol: :P
just d/l&#39;ed ZA pro and Sygate pro :lol:
i&#39;m gonna get a freakin f/w to pass :P :lol:

the ICU,FBI,CIA is BS of course :P
but seriously, tried every protocol, in & out, unknown, you name it :blink:
this shits givin me a headache :lol: :lol: :lol:

99shassan
01-10-2004, 11:41 PM
I am currently removing Norton Personal Firewall 2004 Pro, Gonna get what you suggested.

Can you send me the installation file for the firewall? All the ones that I am downloading are corrupt.

leftism
01-10-2004, 11:50 PM
Here is an ed2k link for the latest version with a working keygen.

ZoneAlarm.Pro.with.Web.Filtering.v4.5.538-ROR.ShareReactor.zip (http://ed2k://|file|ZoneAlarm.Pro.with.Web.Filtering.v4.5.538-ROR.ShareReactor.zip|5100676|af7ef45e287871221cd5c52a2af489ab|/)

and just in case the board doesnt like ed2k links..


ed2k://|file|ZoneAlarm.Pro.with.Web.Filtering.v4.5.538-ROR.ShareReactor.zip|5100676|af7ef45e287871221cd5c52a2af489ab|/

Sorry theres no sig2dat link but most people seem to be using either overnet, emule or edonkey these days. (Only took a few minutes for me with overnetlite)

DVD PIRATE III
01-10-2004, 11:51 PM
Please understand people that i cant configure your firewalls for you so there may be walls that will stop this if the F/walls configured properly..
No Im not a Zone Alarm premoter,just a user...lol
hope this was a learning experience for everyone who tried this..
it sure was entertaining for me.. :D

99shassan
01-11-2004, 12:04 AM
this thing is slow, is going at a rate of 3.3kb/s

Rip The Jacker
01-11-2004, 12:32 AM
Well, I failed with Sygate. :(

balamm
01-11-2004, 12:42 AM
:lol: :lol: :lol: :lol: :lol: :lol:

NOOBS&#33;&#33;

Trojans don&#39;t ask you to click buttons so they can take a screen shot while connected to a trusted zone and send it back to a trusted site. No they don&#39;t&#33;

Just because it said "next" doesn&#39;t mean it&#39;s not an "OK" button.

You failed the test, not your firewall.

Hijacked? Hijacked what?

Hijacked your brains :lol: :lol: :lol:


I bet every one of you also has NetBIOS over TCP/IP installed too. "file and printer sharing". This isn&#39;t for "filesharing" with peer to peer programs, this is for allowing others access to your files and printer with no program and very little authorization needed. WISE UP.

If you can&#39;t figure out how to disable this crap, then at least check your firewall settings for it.


Sygate: By default, Sygate allows other PCs on a Windows network to browse--but not access--your files and printers. To enable sharing, right-click the firewall&#39;s system tray icon and choose Options,Network Neighborhood. From the drop-down list, select the network interface you use to connect to the Windows network, check Allow others to share my files and printer(s), and click OK. Sygate&#39;s default setting allows only PCs on the local network to browse and access your files and printers (choose the Security tab to view this and other settings).


If you have multiple network adaptors or VMware or VPC installed with virtual connections, then uncheck them too. You have to do it for each device.

I&#39;d recommend computer courses for anyone who didn&#39;t figure this out. Sans institute is a good place to start. Lot&#39;s of free articles and webcasts and some very good courses.

Or stay stupid and run off and look for some other software to make up for the damage caused by your abuse of illegal substances <_<


:P

DVD PIRATE III
01-11-2004, 12:43 AM
Originally posted by KrackHead2k@11 January 2004 - 13:32
Well, I failed with Sygate. :(
Dont feel left out mate cause your not alone on that :P

DVD PIRATE III
01-11-2004, 12:46 AM
@ balamm..noob ya self..a failures a failure...
if it was a real trojan then just about everyone was fucked...lol

Bring your self over to the virus thread and lets see what else you got please..id like ya opinion on it..cough cough

leftism
01-11-2004, 12:55 AM
Originally posted by balamm+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (balamm)</td></tr><tr><td id='QUOTE'>
Trojans don&#39;t ask you to click buttons so they can take a screen shot while connected to a trusted zone and send it back to a trusted site. No they don&#39;t&#33; [/b]

Your right they dont. Whats your point?


Originally posted by balamm+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (balamm)</td></tr><tr><td id='QUOTE'>
Just because it said "next" doesn&#39;t mean it&#39;s not an "OK" button.

You failed the test, not your firewall. [/b]

eh?

edit: Ah I see. You think that the only way a trojan could achieve this is by getting the user to click buttons? No my friend. The loading and unloading of DLL&#39;s happens without user interaction all the time.


Originally posted by balamm

Hijacked? Hijacked what?

Hijacked your brains

right... <_<

The DLL hijacked a trusted application and the vast majority of firewalls dont notice regardless of their configuration. Do you even know what a DLL is??



I bet every one of you also has NetBIOS over TCP/IP installed too. "file and printer sharing". This isn&#39;t for "filesharing" with peer to peer programs, this is for allowing others access to your files and printer with no program and very little authorization needed. WISE UP.

No I dont have it enabled. But thats got nothing to do with this at all. Whos the NOOB now?

<!--QuoteBegin-balamm@

If you can&#39;t figure out how to disable this crap, then at least check your firewall settings for it. [/quote]

I disabled it and my firewall still failed the test. Whats your point?

<!--QuoteBegin-balamm
Or stay stupid and run off and look for some other software to make up for the damage caused by your abuse of illegal substances [/quote]

I see your wit is matched only by your logic <_<

btw I&#39;m a 2nd year computer science student with a lot of experience in network programming. Nothing you&#39;ve said is even related to this topic of DLL hijacking. It is you who needs to be educated not us :)

DVD PIRATE III
01-11-2004, 12:57 AM
I hate know it alls ...lol :D

@Balamm...whoever said it was a trojan?
Have a look at the name on the thread...lol

Basically this tests your firewalls outgoing connections, and i know your firewall failed..that mustve been a blow to the old ego :helpsmile:
Please research a little more before misinforming people..you dont know it all so dont pretend to..
noob? u the only noob here mate... B)

Wizzandabe
01-11-2004, 01:13 AM
I failed, maybe thats because I dont have a firewall. Comeone someone hack me, and get pass my NAT :P

RGX
01-11-2004, 01:28 AM
Zone Alarm all the way, secure and tight

wormless
01-11-2004, 01:49 AM
what about xp&#39;s?

leftism
01-11-2004, 01:56 AM
what about xp&#39;s?

XP&#39;s firewall? Worse than useless :)

It only blocks incoming packets not outgoing. :lol: :lol: :lol:

Apparently they&#39;re going to release a new implementation of it in service pack 2, but I recommend you stick to one that isnt vulnerable to this DLL hijacking attack.

I recommend Zone Alarm, but make sure you follow the instruction in this thread and enable component control.

DVD PIRATE III
01-11-2004, 01:58 AM
That component control makes or breaks Zone Alarm...
Good post on how to get around it with Z/A leftism


heres some comments from elsewhere that give you a REAL explanation of whats going on, not just some halfwits pathetic excuse for why his/her firewall failed.

Quote1
The browser is not the only way pcAudit tries to get out to the internet. My understanding is that it scans all the active processes in your computer, trying to find one which has the ability to connect to the internet. This could be your instant msg, your antivirus live update, your webcam, etc.
Then pcAudit piggybacks on the component to sneak out of your computer.

Sygate Personal Pro 5.5.2513: FAILED
Sygate has intercepted some outbound attempts that I answered "Block". However at the end pcAudit could connect to its home, probably through a component that I previously enabled access to the Internet. I&#39;ve made several tests, shutting down some more resident programs. Each time Sygate fails. It would be ironical if pcAudit could use Sygate itself to get to the Internet.

ZoneAlarmPro 4.5.538: PASSED
ZAP asked permission at every outbound attempt. Some of them I don&#39;t even know that could connect to the Internet like CTHelper (SB Live), LVCom Server (Logitech Webcam). I told ZAP to block all of them. At the end, pcAudit is stuck.


Quote2
In my understanding this is a test to simulate a hacker attack into your system, so instead of pursuing for another firewall for the 100th time I just installed this app: CODE
http://maxcomputing.narod.ru/ssme.html?lang=en

and enable the "Watch App Activity" in it. It catches the dll injection that pcaudit tries to do in your browser. If you try to run pcaudit it will crach and leave a log file. You won´t see the pcaudit screen saying that your firewall passed, but as its simulates a hackers attack, the fact that it can´t even run, I think is even better.

And in the pestpatrol website says that it catches pcaudit, but since I don´t have it I don´t know if this information is correct.
End Quote 2

balamm
01-11-2004, 02:21 AM
It failed because I allowed it to fail. ;)

If you&#39;re stupid enough to accept this "package" and run it, then don&#39;t blame it on your firewall.

@leftism, It might not be too late to ask for a partial refund. 2 years and still haven&#39;t picked up any common sense.... that&#39;s a real problem.

According to your logic, every element and every script on a page should be blocked by the firewall... untill you ok it. :lol:

So I sat and watched this program for some time to test your theory that it could do something on it&#39;s own, that a .dll would magically take the initiative.
Nope, nothing.

I had to physically press a button, several in fact, allowing it to do what it was coded to do.

At which point it did what I had allowed it to do. These are the .DLL&#39;s it called -

The new DLLs have been loaded:
C:&#092;WINNT&#092;system32&#092;caboview.dll
C:&#092;WINNT&#092;system32&#092;ws2help.dll
C:&#092;WINNT&#092;system32&#092;ws2_32.dll
C:&#092;WINNT&#092;system32&#092;wsock32.dll
C:&#092;Program Files&#092;TechSmith&#092;SnagIt 7&#092;msvcr71.dll
C:&#092;WINNT&#092;system32&#092;umdmxfrm.dll
C:&#092;WINNT&#092;system32&#092;serwvdrv.dll
C:&#092;WINNT&#092;system32&#092;msvcrt.dll
C:&#092;WINNT&#092;system32&#092;ADVAPI32.DLL
C:&#092;WINNT&#092;system32&#092;GDI32.DLL
C:&#092;WINNT&#092;system32&#092;USER32.DLL
C:&#092;WINNT&#092;system32&#092;KERNEL32.DLL

Then, at the continue prompt,

The new DLLs have been loaded:
C:&#092;WINNT&#092;system32&#092;mvbscript.dll
C:&#092;WINNT&#092;system32&#092;msrating.dll

And if you don&#39;t want these things communicating next time you&#39;re stupid enough to press that button, here&#39;s where you configure that.

http://members.shaw.ca/fourum/rules.jpg

All the software you need is right in front of you and you just can&#39;t see it. All you gotta do is use a bit of logic and common sense to figure it out.

It&#39;s easier to make excuses though isn&#39;t it. <_<

DVD PIRATE III
01-11-2004, 02:26 AM
youve just proven to the whole board that your the only one thats making excuses.. :D
what a dickhead B)

you dont get the part that its simulating an outgoing attack,from maybe running a key gen to installing some dodgy software...
ever since ive seen you on this board balaam youve got an excuse for everything..
Youve proven to the board without a doubt your a nothing... :lol:

balamm
01-11-2004, 02:40 AM
Go download some more software(shortcuts to existing features) if it pleases you. I&#39;ll stick to a common sense approach.
All these things are only doing what they&#39;ve been designed and configured to do and if you&#39;d rather patch and worry, you go ahead. :)
Simulating an out going attack.... yeah, OK :lol:
You&#39;re soooo confused.

exeus
01-11-2004, 02:46 AM
I havnt read all the threads, but i agree with (balamm)
the point is any half decent programmer can write a program
to get around any firewall anti-virus etc ....that is one of the reasons they have "updates"

EDIT: So your saying the firewalls that didnt pass will never be updated to pass such a test?

DVD PIRATE III
01-11-2004, 02:50 AM
go download the updates then...then get back to us... :D
"edit" if your talking about Sygate updates, dont worry, they have none and got raped in the test...
Thats why Balaam is so wound up...lol, his personal fav got raped and OWNED
this is just a simulation type scenario,i just imagine if this was the real thing..You wouldnt know what hit ya

leftism
01-11-2004, 03:05 AM
Originally posted by balamm+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (balamm)</td></tr><tr><td id='QUOTE'>Go download some more software(shortcuts to existing features) if it pleases you. I&#39;ll stick to a common sense approach.
All these things are only doing what they&#39;ve been designed and configured to do [/b]

:lol: :lol: :lol:

You dont even understand what DLL hijacking is do you?

This thing can use any application thats allowed to access the net to do its job. It loads the DLL into the target application and hijacks it.

Notepad, your AV software, whatever. If the target application has been allowed access to the net it can use it. Is capturing screenshots an existing featiure of notepad, how about wordpad? I think not.

btw that big list of DLL&#39;s you posted? Only one of them is a threat, can you tell us which one it is? Which one you&#39;d block and which ones you&#39;d leave?

<!--QuoteBegin-balamm
So I sat and watched this program for some time to test your theory that it could do something on it&#39;s own, that a .dll would magically take the initiative.
Nope, nothing. [/quote]

:rolleyes:

You dont understand any of this do you?

This tester has been coded to require you to press buttons etc. It could have been coded to run without a window, without any buttons, without you knowing about it.

As your sitting here reading this, DLL&#39;s are being unloaded and loaded without you doing a thing. Its how windows works.

Do I have to explain this concept a 3rd time or have you grasped it now?

Stick to you 1337 h4x0r SMB over TCP/IP cracking and flaming people on forums. This stuff is waaay over your head.

DVD PIRATE III
01-11-2004, 03:21 AM
edited cause balaam backed his shit up where it was needed..
(in the antivirus thread..)

ok people things may have got a bit outa hand here, so lets put it down to a learning experience for everyone..
Thank u all for participating, and i hope youll all participate in my Windows& office exploits. look forward to ya comments and theorys :)

balamm
01-11-2004, 03:40 AM
Originally posted by DVD PIRATE III@10 January 2004 - 20:21
I remember he banned me back in july of last year when he was a mod, cause i didnt agree with him on something and he packed a sad :lol:
Try to be just a little bit truthfull.

You were foul. You were a troll. You had how many logins? And they were all the same, banned for being extremely ignorant and rude. No one enjoyed your act and we had many complaints about you being abusive.
I see you&#39;re starting that again ;)




Is capturing screenshots an existing featiure of notepad

I think you should try to read a little slower. You&#39;re missing a lot here.
I&#39;ll leave the personal shit to you and the DVD PIRATE. Maybe we can discuss this again when you mature a bit. Probably not though :)

DVD PIRATE III
01-11-2004, 03:49 AM
If your memorys so good what was my name back then off the top of your head?
And this was probably one of the logins so give me the name of the original name i had..i bet ya cant remember
anyway why arent you a mod any more?,,i heard but id like to hear your side ...lol

leftism
01-11-2004, 03:54 AM
Originally posted by balamm+--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (balamm)</td></tr><tr><td id='QUOTE'>I think you should try to read a little slower. You&#39;re missing a lot here. [/b]

Such as....?

<!--QuoteBegin-Balamm
Maybe we can discuss this again when you mature a bit. [/quote]

Says the guy who burst onto the thread with this venomous piece of shit post.


&nbsp; &nbsp; &nbsp;
:lol:&nbsp; :lol:&nbsp; :lol:&nbsp; :lol:&nbsp; :lol:&nbsp; :lol:

NOOBS&#33;&#33;

Trojans don&#39;t ask you to click buttons so they can take a screen shot while connected to a trusted zone and send it back to a trusted site. No they don&#39;t&#33;

Just because it said "next" doesn&#39;t mean it&#39;s not an "OK" button.

You failed the test, not your firewall.

Hijacked? Hijacked what?

Hijacked your brains....

Or stay stupid and run off and look for some other software to make up for the damage caused by your abuse of illegal substances&nbsp;

If thats what you mean by maturity you can shove it up your arse with the rest of your &#39;knowledge&#39;&#33;&#33; :lol: :lol: :lol:

PS

Strange how this thread was quite good until you turned up eh? Your a typical internet hard ass balamm. In a real life situation you wouldnt say shit if you had a mouth full of it, but once your behind a computer screen.. my my just looks at your balls grow&#33; :lol: :lol: :lol:

DVD PIRATE III
01-11-2004, 03:57 AM
I cant wait till the school holidays are over and all the idiots go back to preschool..

SeK612
01-11-2004, 04:00 AM
How many trojans out there that use this exploit and how easy would it be for someone to get it onto your system (is it the case that a small file off the net which returns nothing from a virus scan could do such a thing).

If it is as serious as people are making out will the firewall companies that have failed here release patches and / or info on how to configure your firewall to stop this?

DVD PIRATE III
01-11-2004, 04:34 AM
Firewall companies patch there products, then the script kiddies patch theres.. B)
The point of this exercise was to show people the possibilities that are out there.
Imagine that this firewall tester I posted here was a key gen that youd been given to use for some software or game etc...you click on the key gen to generate a key, and presto you just got OWNED
Its a very viable possibility..
Out of all the people that tested here only one person kicked up a fuss over it, but dont worry about him hes been demodded cause of a personality disorder(ie, hes never wrong, no matter what)
you can be your own judge on the possibilities and realities

SeK612
01-11-2004, 04:49 AM
But is switching firewalls, like some suggested they might do, a good thing? Some firewalls performed better at responding to this threat but no doubt some of the ones that failed may be better at responding to other threats and indeed the next threat that appears.

DVD PIRATE III
01-11-2004, 05:09 AM
Thats entirely your choice....I cant recommend the perfect firewall to you, only you know what youll feel comfortable with..
Tomorrow it&#39;ll be a different virus,exploit, trojan or whatever.The script kiddies/hackers etc keep the firewall creators in a full time job, but at the end of the day theres no absolute safety in a firewall.your firewall might be secure today but by tomorrow morning some one may have written a script that renders your firewall useless and that is a big part of reality in this day and age..
Dont stress too much about this little script I posted mate... :)

leftism
01-11-2004, 05:12 AM
Originally posted by sek612
But is switching firewalls, like some suggested they might do, a good thing? Some firewalls performed better at responding to this threat but no doubt some of the ones that failed may be better at responding to other threats and indeed the next threat that appears.

I would advise switching whenever the need arises. Attacks keep on getting more sophisticated and this one is definitely one of the more insidous I&#39;ve come across. Afaik all firewalls have covered the same bases with regards to previous threats.

Imho its the ability to deal with this new one that sets firewalls apart at the moment.

The rest of them will catch up in time and then a new attack will appear and we&#39;ll all have to switch to the first firewall that can deal with it. Its a bit like an arms race, you have to keep up to date with the latest attack otherwise theres not much point in having a firewall at all.

TheFilePirater
01-11-2004, 06:06 AM
all this thing is a trojan...

DVD PIRATE III
01-11-2004, 06:16 AM
I take it youve just joined the ranks of FAILEDIts designed to test the outbound security of firewalls..As you can see from the thread over 90% of the forum members that participated failed.So dont feel too bad cause your not alone... :P

leftism
01-11-2004, 06:17 AM
Originally posted by TheFilePirater
all this thing is a trojan...


All..?

There was a case in the UK recently where a guy got accused of downloading kiddy pron. When they examined his computer they found that it was infected with a trojan and that someone had uploaded it onto his PC.

He lost his job and his family. I can provide you with a link to the news story if you like.

Apart from that theres more &#39;normal&#39; stuff. All your passwords and maybe your credit card info as well if anyone in your house uses the PC for internet shopping.

Security is important :)

TheFilePirater
01-11-2004, 06:21 AM
well, theres no such thing as security on the internet, as long as your pluged in theres always a threat, no matter how many firewalls and anti-virus you run...its always possible

theres only one way to be completey secure, that is to disconnect completey from the internet

Jg427
01-11-2004, 06:22 AM
Originally posted by 99shassan@10 January 2004 - 17:27
Should I get Zonealarm Pro from Kazaa and what is the latest version? I can&#39;t get on their website. Same reason as I posted before about being unable to go on the symantec website.
You really should check your HOST file to see what it&#39;s blocking.

In your address bar enter 206.204.52.5 for symantec
and 208.185.174.44 for zone labs

leftism
01-11-2004, 06:28 AM
Originally posted by TheFilePirater
well, theres no such thing as security on the internet, as long as your pluged in theres always a threat, no matter how many firewalls and anti-virus you run...its always possible

theres only one way to be completey secure, that is to disconnect completey from the internet

That is true but..

It doesnt mean you should leave yourself wide open to any script kiddie who can copy and paste DLL hijacking code into a compiler.

Mïcrösöül°V³
01-11-2004, 08:45 AM
DVD pirate has alot of good points. he is just trying to offer a "possibility", which is the cool part of belonging to this forum. How many other peeps who just download shit with no thought of viruses or trojans, get ahold of info like this? thats why they get owned and we DON&#39;T&#33; we have mass ability to exploit flaws, viruses, etc.... which helps us all in the long run. the same way we seem to stay ahead of RIAA and the like......just my opinion, don&#39;t take it personal. :)

ck-uk
01-11-2004, 08:59 AM
Originally posted by leftism+11 January 2004 - 02:05--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (leftism &#064; 11 January 2004 - 02:05)</td></tr><tr><td id='QUOTE'>
Originally posted by balamm@
Go download some more software(shortcuts to existing features) if it pleases you. I&#39;ll stick to a common sense approach.
All these things are only doing what they&#39;ve been designed and configured to do

:lol: :lol: :lol:

You dont even understand what DLL hijacking is do you?

This thing can use any application thats allowed to access the net to do its job. It loads the DLL into the target application and hijacks it.

Notepad, your AV software, whatever. If the target application has been allowed access to the net it can use it. Is capturing screenshots an existing featiure of notepad, how about wordpad? I think not.

btw that big list of DLL&#39;s you posted? Only one of them is a threat, can you tell us which one it is? Which one you&#39;d block and which ones you&#39;d leave?

<!--QuoteBegin-balamm
So I sat and watched this program for some time to test your theory that it could do something on it&#39;s own, that a .dll would magically take the initiative.
Nope, nothing.

:rolleyes:

You dont understand any of this do you?

This tester has been coded to require you to press buttons etc. It could have been coded to run without a window, without any buttons, without you knowing about it.

As your sitting here reading this, DLL&#39;s are being unloaded and loaded without you doing a thing. Its how windows works.

Do I have to explain this concept a 3rd time or have you grasped it now?

Stick to you 1337 h4x0r SMB over TCP/IP cracking and flaming people on forums. This stuff is waaay over your head.[/b][/quote]
Mate what are you on about.

A trojan,dll has to be executed/loaded somewhere along the line mate & if your system & firewall are setup properly when it happens you stop it if the trojan or its actions havnt already been stoped throught another kind of monitor for changes to your system.As balamms saying also as you&#39;ve proven with the same firewalls failing then passing after a few changes in the settings. :)

99shassan
01-11-2004, 09:44 AM
Well, I installed the firewall yesterday, but I still failed. What settings should I enter?

DVD PIRATE III
01-11-2004, 11:05 AM
@ Ck-Uk
Balaam is well known in this forum as someone who can never admit hes wrong..Hence the reason hes no longer a mod(Attitude ajustment is needed)..he came into this thread and immediately abused everyone by calling everyone a noob, then he went into the antivirus test thread and did exactly the same thing.
he basically said the virus thing didnt work yet when i asked him to start executing the viruses and tell me what happened, he dropped his nuts :P .

This test was designed to simulate a outgoing transmission and he choked when he failed the test.Reason he choked is he likes everyone to think hes a "master" authority on every subject known to man...there isnt room in this forum for every member and balaams ego.
His wall failed and he got dirty on it..Outsmarted by something so simple that he couldnt handle it(or his ego couldnt)
As for the matter of Dll&#39;s, the test works like this, if theres a browser window open then the process will attemt to piggy back on that to access the internet,if youve ticked the box that says "Always allow Internet Explorer to access the net" then it has nothing to stop it from accessing the net.If by some chance your firewall stops the process from using IE, then it will attempt to piggyback on any process you have running on your computer.and if any of those processes have Internet privlages then itll use them to access the net.OWNED
Nobody posted that there antivirus/antitrojan programs picked this up when they downloaded the test on to there computer right?ok
The point of this exercise was to show people the possibilities that are out there.
Imagine that this firewall tester I posted here was a key gen that youd been given to use for some software or game etc...you click on the key gen to generate a key, and presto you just got OWNED..Why cant people see that you ask? because there ego&#39;s are blocking there vision
98% of the forum got OWNED hardcore by this simulation and unfortunately there were a few sore losers that couldnt deal with it..A very clever script kiddie could have made this simulation so that you dont need to execute it ..itll execute itself or by some other means.And people refuse to see it like that..
I feel sorry for people that have ego problems cause they could have so much more to offer if they just let themselves, be themselves

DVD PIRATE III
01-11-2004, 11:19 AM
Originally posted by ck&#045;uk@11 January 2004 - 21:59
A trojan,dll has to be executed/loaded somewhere along the line mate & if your system & firewall are setup properly when it happens you stop it if the trojan or its actions havnt already been stoped throught another kind of monitor for changes to your system.
As balamms saying also as you&#39;ve proven with the same firewalls failing then passing after a few changes in the settings. :)
Thats true mate, So obviously 98% of the forum havent got there firewalls configured or whatever..In the real world theres no second chances..if that was a real trojan do you think its gonna stop so you can change your settings?ROFLMAO&#33;&#33;&#33;&#33; :lol: :lol: :lol:
I highly doubt it.. B)
Anyway all I know is that I bought a test simulation here for enlightning everyone to what is avalable and I ended up OWNING
this test raped just about everyone because people dont know how to configure there firewalls etc
same with the virus tester

leftism
01-11-2004, 12:09 PM
Originally posted by ck&#045;uk
A trojan,dll has to be executed/loaded somewhere along the line mate & if your system & firewall are setup properly when it happens you stop it if the trojan or its actions havnt already been stoped throught another kind of monitor for changes to your system.As balamms saying also as you&#39;ve proven with the same firewalls failing then passing after a few changes in the settings


All trojans have to be executed once.What he was saying is that once its executed you then need to start pressing buttons to get the DLL&#39;s to load/unload.

Whilst you&#39;ve been browsing this forum IE has been loading and unloading DLL&#39;s but you havent explicitly told it to have you?

Most firewalls dont even provide DLL authentication, so it doesnt matter how you configure them, they simply dont have that functionality.

99shassan
01-11-2004, 12:46 PM
So generally I uninstalled Norton Personal Firewall for Zonealarm for no reason? Thats so fucking annoying :angry:

DVD PIRATE III
01-11-2004, 01:15 PM
No offense but Nortons Internet Security is gay...you did ya self a favour

Wizzandabe
01-11-2004, 01:24 PM
I wish someone can conenct to my ip :lol:

balamm
01-11-2004, 01:44 PM
As I said before you ignorant arrogant little fuck :angry: , it got out because I allowed it out. :angry:

You don&#39;t even know how this shit works. You&#39;ve flipped flopped back and forth between it is a trojan, it isn&#39;t a trojan, it is a trojan.. Make up your mind.

If you payed for this, you got screwed. The program they use and call their own is free from MS and I have it installed. You want it? Figure it out your self dick.


Shove this squarely up your abused ass

http://members.shaw.ca/fourum/fuckyou.jpg

Anyone with sygate should get the same results. Just say NO.

Oh and to answer to your fucked up little name game, I have the entire database from that time. every PM, every post. Your point? :angry:

Neo 721
01-11-2004, 01:51 PM
Well early tests show that blackice has failed :(

Now for the holy grail: Kappersky anit hack

100%
01-11-2004, 02:21 PM
Zone Alarm Pro 4.5.538 with Web Filtering is the latest..download the trial and ill pm u a key if ya want

Could you pm me the key please

Thanx

DVD PIRATE III
01-11-2004, 02:28 PM
Pm sent mate

Balaam , your behaviour is totally unacceptable..this forum is not the place to vent your frustrations..i suggest you sort your attitude out,because no one wants to see your bad temperedness..
You used to be a mod, so you should be setting an example instead of carrying on in this childish manner.And if your not a mod now , youve just shown the whole forum why...
what an embarassment.... :01:

DVD PIRATE III
01-11-2004, 02:44 PM
Originally posted by Neo 721@12 January 2004 - 02:51
Well early tests show that blackice has failed :(

Now for the holy grail: Kappersky anit hack
I never tested BlackIce on this test as ive heard a few bad reviews concerning there outbound protection
You can read about it here---------&#62; http://grc.com/lt/leaktest.htm

balamm
01-11-2004, 02:56 PM
And your existence is unacceptable :angry: What forum threw you out this time? That&#39;s why you&#39;re back here again isn&#39;t it? <_<

Your attitude swings like a woman with PMS. You&#39;d say or do anything for a little sympathy though I&#39;m sure. Just manipulate your way out of another problem you&#39;ve caused, shit you&#39;ve said. Well, f**k U&#33; I don&#39;t forget. You said crap so here we are. Let&#39;s dance f**ker.

Address the facts. You&#39;ve been shown to be full of shit on this one.
New excuse is? :angry: Back up your mouth idiot.

james_bond_rulez
01-11-2004, 03:02 PM
:&#39;( :&#39;( peace??

wormless
01-11-2004, 03:06 PM
u both acting like kids what example is that to kids who use this forum, for god sake grow up.

if black ice failed aint that what the government use or is it something else?

leftism
01-11-2004, 03:14 PM
Originally posted by balamm
Just manipulate your way out of another problem you&#39;ve caused, shit you&#39;ve said. Well, f**k U&#33; I don&#39;t forget. You said crap so here we are. Let&#39;s dance f**ker.


Look at your 1st post in this thread balamm. The only person spoiling for a fight or causing problems is you.

This thread was pretty relaxed before you showed up <_<

RealitY
01-11-2004, 03:20 PM
Well for one I dont use keygens or exe from anywhere other than ShareReactor. Untill someone can truly make something hostile and shove it into a media file then I havn&#39;t got much to worry about. Though I no longer use any MS media software any longer generally. Secondly I have NO personal information on my computer, its on one that has NO internet. Thirdly I am glad to see Zone Alarm did well since that is what I use it for, outbound protection since being behind a router is the best inbound protection I can imagine.

DVD PIRATE III
01-11-2004, 03:46 PM
Blackice is meant to be used by a lot of big corporations etc..I know my ISP uses it ..but check out the link i posted to grc.com and see blackices lame excuse concerning its outbound protection
heres the link to the lame excuse they gave anyways http://grc.com/lt/leaktest.htm

Edit..oh I see Balaams had a few too many drinks.. go to bed , cause no one wants to hear from you..youve got nothing positive to contribute to this thread so go to bed or something..your just making a bigger idiot of yourself
ps you couldnt fight your way out of a paperbag in the state your in

SeK612
01-11-2004, 04:05 PM
On a side note Norton AV considers the PCAudit thing spyware :)


File names: pcaudit.exe

When Spyware.Pcaudit is executed, it performs the following actions:


Displays a graphical user interface named pcAudit Leak Test.


With the user&#39;s permission, the spyware tracks and sends the following information to the server of Internet Security Alliance:

Computer name or any identification
IP address
Name of the subdirectories and files in the My Documents folder
Snapshot of the computer&#39;s screen
Keystrokes

Source (http://securityresponse.symantec.com/avcenter/venc/data/spyware.pcaudit.html)

DVD PIRATE III
01-11-2004, 04:07 PM
thats a new one...nobodys posted that yet..good observations mate

100%
01-12-2004, 04:09 AM
These type of tests and threads should be sent to the firewall protector providor. So they know.and fix and apologize.and pay us tons of cash for helping them

zedd
01-12-2004, 04:13 AM
ok, after this big cat fight i managed to get the jist that zone alarm is a good firewall to have but what about the other two. i have sygate and it failed so i will propbably start using zone alarm, if someone can post the key please.

ck-uk
01-12-2004, 07:50 AM
No keys allowed on the board mate. :)

& sygate passed too. :)

DVD PIRATE III
01-12-2004, 09:21 AM
@ Zedd
:ph34r: PM sent

Robert00000
01-12-2004, 04:23 PM
I think we should thank DVD PIRATE III for enlightening us of this security problem.

I have two computers (three if you count the new one i got free for building a friend a new pc :D ), and multiple partitions on each.

the firewall failed the test on one pc (on the general partition), because the settings were lower than they could be. But i don&#39;t have anything valuable worth stealing by any hacker from this computer, its just used to download files from p2p networks and testing freeware/shareware software from download.com and others.

The other computer i use one partition for business purposes and another for online transactions (banking/shopping). the firewall setings on this computer are to the maximum on both partitions (i use zonealarm pro on both pc&#39;s by the way).

I also don&#39;t install anything other than trusted software and even keep these installations to the minimum, installing only those that are essential. (nothing download from the net except zonealarm from the zonelabs website)

By using two computers i keep my security to the max. where i need it, but this doesnt limit me from downloading things just for fun and curiosity on the other computer.

This is good practice for everyone, even if you don&#39;t have two computers, the hard drives being as large as they are nowadays, you can at least have multiple primary partitions, and keep one partition very secure for transactions.

By the way i didnt install this test software on the secure computer, but i have all the settings suggested by DVD PIRATE III on zonealarm, so i know its relatively secure :D

fkdup74
01-12-2004, 05:59 PM
Originally posted by Zedaxax@11 January 2004 - 20:09
These type of tests and threads should be sent to the firewall protector providor. So they know.and fix and apologize.and pay us tons of cash for helping them
:lol: i&#39;d send sygate a link, but theres too many requests for product keys in here :lol:

@ DVD - think its ok to post the other success?
i havent got it to pass yet, but havent messed with it though
(been burning a few discs :P :D )
maybe some one else can get it to pass...........

wormless
01-13-2004, 12:43 PM
Originally posted by DVD PIRATE III@10 January 2004 - 16:10
heres a little test I found on another forum ..so far only 3 different firewalls have passed this test..so you wanna test yours?
Right click save target as...


PC Audit (http://forum.pleasuredome101.com/index.php?act=Attach&type=post&id=36430)


Heres there website if you wanna download from there
http://www.pcinternetpatrol.com/downloads/audit.php

I warn you now, you may not like the results you get :helpsmile:
Dont be shy to post ya results here with the firewall your using so others no which is the goods and which isnt B)


EDIT: theres another tester here in this same thread that ive posted if anyone wants to try it -----&#62; http://klboard.ath.cx/index.php?showtopic=...1172entry801172 (http://klboard.ath.cx/index.php?showtopic=93125&st=30&#entry801172entry801172)
http://securityresponse.symantec.com/avcen...re.pcaudit.html (http://securityresponse.symantec.com/avcenter/venc/data/spyware.pcaudit.html) for those who ran pcaudit i suggest u read symantec response and look for what it says&#33; as i was looking on syms site through spywear adware e.t.c. and say pcaudit and knew i seen that name somewhere but wasnt sure where but then i remembered klf and put a search for pcaudit and found the post i wanted&#33;

wormless
01-13-2004, 12:53 PM
Originally posted by SeK612@11 January 2004 - 16:05
On a side note Norton AV considers the PCAudit thing spyware :)


File names: pcaudit.exe

When Spyware.Pcaudit is executed, it performs the following actions:


Displays a graphical user interface named pcAudit Leak Test.


With the user&#39;s permission, the spyware tracks and sends the following information to the server of Internet Security Alliance:

Computer name or any identification
IP address
Name of the subdirectories and files in the My Documents folder
Snapshot of the computer&#39;s screen
Keystrokes

Source (http://securityresponse.symantec.com/avcenter/venc/data/spyware.pcaudit.html)
ive just seen yr post i have posted it too as i came across it when lookinh through spywear and adware on syms site.

@everyone i have not downloaded it and its not on my system i suggest other people who have do what norton say to do. u cannot trust everything and everyone on this site. for all you know there could by trojans e.t.c. putting things like pcaudit on here and u download them without checking them first.

DVD PIRATE III
01-13-2004, 01:51 PM
[QUOTE=SeK612,11 January 2004 - 16:05] On a side note Norton AV considers the PCAudit thing spyware :)

[QUOTE]File names: pcaudit.exe

When Spyware.Pcaudit is executed, it performs the following actions:

Displays a graphical user interface named pcAudit Leak Test.

With the user&#39;s permission, the spyware tracks and sends the following information to the server of Internet Security Alliance:
Computer name or any identification
IP address
Name of the subdirectories and files in the My Documents folder
Snapshot of the computer&#39;s screen
Keystrokes




What Nortons descibes as its behavior,is what its supposed to do...
Nortons job is to try and stop it if it can. thats the point of the test
I think Nortons are dirty on it cause they havent got a really secure fix to stop this getting past Nortons products(by that i mean not in there default state)

j4y3m
01-13-2004, 01:55 PM
I Still Cant Pass It Even With DLL Authentication On :blink:

DVD PIRATE III
01-13-2004, 02:00 PM
Originally posted by stupidguy@14 January 2004 - 02:55
I Still Cant Pass It Even With DLL Authentication On :blink:
What product you using mate?

j4y3m
01-13-2004, 02:03 PM
Originally posted by stupidguy@10 January 2004 - 16:46
I Falied :unsure:

Sygate Personal Firewall Pro
...

DVD PIRATE III
01-13-2004, 02:12 PM
Originally posted by stupidguy+14 January 2004 - 03:03--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (stupidguy @ 14 January 2004 - 03:03)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin-stupidguy@10 January 2004 - 16:46
I Falied :unsure:

Sygate Personal Firewall Pro
... [/b][/quote]
Make sure you have the latest version, definitions etc, and then have a look on page 2 or 3 of this thread for settings that others that have passed with that F/wall

j4y3m
01-13-2004, 02:44 PM
Originally posted by DVD PIRATE III+13 January 2004 - 14:12--></div><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (DVD PIRATE III @ 13 January 2004 - 14:12)</td></tr><tr><td id='QUOTE'>
Originally posted by stupidguy@14 January 2004 - 03:03
<!--QuoteBegin-stupidguy@10 January 2004 - 16:46
I Falied :unsure:

Sygate Personal Firewall Pro
...
Make sure you have the latest version, definitions etc, and then have a look on page 2 or 3 of this thread for settings that others that have passed with that F/wall [/b][/quote]
I Can&#39;t Find Them Lol :blink:

h1
01-13-2004, 09:51 PM
passed with flying colors

[linux machine]

SciManAl
01-14-2004, 05:41 AM
i ran this test and it crashed my comp...?&#33;?&#33;?&#33; i have some of my own apps checking for this stuff but wow that was explosive... i thoiught it was really a virus, but then i read the posts... :lol: &#092;

i have no clue what happened... this was with the computer stats in sig... hmm...

i bet you guys could beet the test if you unplugged the net... :P

DVD PIRATE III
01-14-2004, 06:03 AM
Originally posted by SciManAl@14 January 2004 - 18:41
i ran this test and it crashed my comp...?&#33;?&#33;?&#33; i have some of my own apps checking for this stuff but wow that was explosive... i thoiught it was really a virus, but then i read the posts... :lol: &#092;

It pays to read through the thread a bit when your participating in one of these tests..Just incase...


:)

sparsely
01-14-2004, 07:09 AM
sparsely doesn&#39;t care.
woo&#33;
I win&#33;