RUMORS
AND MIS-INFORMATION EXPOSED
There
are no exact technical terms compiled into a list of rules
for what is and what is not a firewall at this time. New
technology and words used on the Internet such as Stealth,
Stealthed, Firewall, Drone, R.A.T, Key Logger, Tunneling
and many others are not yet fully defined in dictionary
terms. The only thing that we can do, is to glean information
from The Free Online Dictionary Of Computing FOLDOC
or use some other popular Dictionary Links such as:
dictionary.com
Computer Science:
"Any of a number of security
schemes that prevent unauthorized users from gaining access
to a computer network or that monitor transfers of information
to and from the network."
Though some would like to make their own numbered list of
criteria that a firewall must have, there is no such list
adopted by any official principality at this time.
Most firewalls are defined
as to mean that it blocks port connections made to your
computer, and keep users inside your network from going
out to other networks. These types of firewalls and firewall
programs have their use, but they also tend to give computer
users a false sense of security.
|
ABOUT
"DUMB"
FIREWALL BLOCKERS
|
Dumb Firewall Blockers
The term "Dumb Firewall" is a term to describe
a firewall program that has very little intelligence. It
simply blocks ALL Internet connections by default. Some
of these may ask you to trust a program before it will allow
inbound or outbound connections to your computer. End users
that choose not to trust the program may find that their
Internet program(s) no longer function properly anymore.
On the other hand, if they choose to trust the 'WRONG' program,
they may be allowing crackers into their computer without
ANY future warnings from the Dumb Firewall.
Dumb Firewall programs provide absolutely NO protection
whatsoever against backdoor programs that come built into
Internet servers such as NetSnooper Gold. NetSnooper is
only one example of what ANY program can do to gain access
to your PC while posing as one of your trusted Internet
programs.
If the user were to trust a program such as mIRC they would
also be trusting any backdoored scripts that the program
may load. This includes backdoor and hostile mIRC scripts
that are able to DELETE, RENAME, EXECUTE, DOWNLOAD, and
UPLOAD files. Your computer could also be used to infect
other computers with any one of thousands of IRC Worms.
ALL of this can EASILY be done WITHOUT ONE single warning
from a Dumb Firewall that trusts programs on a per application
basis rather than intelligently.
Dumb Firewalls do NOT monitor your configuration files;
They do NOT monitor your registry; They do NOT monitor your
startup folders; They do NOT scan for Trojans; Some do not
even provide a list of socket connections; Though you may
choose to use a Dumb Firewall along with Hacker Eliminator,
the real protection will come from the program that is providing
the multitude of protection and watching over your entire
system.
|
ABOUT
FIREWALL LIMITATIONS
A Firewall Only Blocks
Ports
|
Dumb
Firewall Blockers
Do Not Scan
For Or Remove Trojans
Though
a Dumb Firewall can aid in preventing a Trojan from accessing
the Internet, or help identify a program that may be a Trojan,
it does not terminate the process or remove the problem.
After the user chooses not to trust the Trojan process,
they are STILL infected. The Trojan is STILL running on
their computer! If the Dumb Firewall ever fails to load
or if the user turns off the firewall, the Trojan will now
be able to freely make or allow unrestricted connections
to your computer. The reader should also be aware that the
Trojan may carry a payload that can delete files or cause
damage after a certain number of days that the hacker was
not able to access the computer. One of many examples is
the Billrus Trojan which deletes all files on drive C the
30th time that the Trojan is activated.
Having
a Trojan running on your computer, could even be a time
bomb just waiting to go off.
In
the case of the Dumb Firewall, it is almost like locking
a burglar
in your home and then going back to sleep.
|
ABOUT
NEW FIREWALL THREATS
Hacker's Can Easily
Get Past Firewalls
|
There
have been many new threats coming out over the last year.
The three to watch out for are:
Explorer
Vulnerabilities
There are more and more reports of new ActiveX, Java and
Scripting problems with Internet Explorer. These vulnerabilities
allow files to be uploaded and ran on your computer secretly
while browsing or reading email. more...
HOOKING
Hackers have learned that they can register their Trojan
and then have other Internet programs hook their DLL's.
The method of hooking can be used as a startup
method to launch Trojans as well as provide stealth
when having already trusted programs load their Trojan
DLL.
Hacker Eliminator includes CRC
checking which will report when a DLL has been
modified. It also includes registry
monitoring which will report programs registering
themselves as well as adding themselves to ShellExecuteHooks.
AV Kill
The Hackers have been working overtime. Many simple concepts
are starting to be used by the newer Trojans. Hackers have
started adding the code into their Trojans that send the
Windows shutdown command to AV scanners and other protection
software. It is a simple few lines of code and all that
is required is for the Trojan to simply tell the security
program that Windows is closing and the user is shutting
down. The AV program will silently and gracefully close
thinking that the computer is being rebooted. The Hacker
can now connect to the Internet or do anything else desired
that the firewall or AV program would before prevented.
Hacker Eliminator is not fooled by these types of attacks.
More
Think
Of The Risks
Firewalls
only detect incoming or outgoing port connections. If the
program that is run on your computer does not connect to
the Internet, your firewall will NEVER say a word! Other
protection programs may try to detect the 'possibility'
of the program having Internet capability. This is being
done by checking to see if the program has loaded WINSOCK.
This is what is happening today:
1.
The user is browsing the web using a search engine looking
for a driver or some other search criteria, or maybe gets
an email spam sent to the inbox.
2. The user clicks on a link and visits the site or clicks
the email to delete it.
The problem is that the site was hacked or made by a Hacker
or the Hacker sent the email. Either way when the page is
opened, a tiny file is secretly and automatically uploaded
into the computer and then executed!
Many of these today are adware / spyware / key loggers and
Trojans. The point is that a "PROGRAM" is being
installed on your computer SECRETLY and without your knowledge.
3. Now lets look at what could happen even though you are
running a firewall.
|
An
Interview With A Hacker Program / Trojan
|
Narrator:
The file is uploaded and ran on the computer.
Firewall: No Comment
AV Software: Nothing Detected
Narrator:
The
uploaded file starts to snoop around when he passes by two
bouncers at the door. The uploaded file tries to talk to
them.
Uploaded
file: Nice to meet you, mind if I have a look around?
AV Software:
My name is Nufton Internet Security. I don't know you!
Sorry, I am not allowed to talk to strangers.
Firewall:
My name is ZoneBells, I only listen and react to port connections
Uploaded
file: OK, I will go in and have a look around then,
nice meeting you.
(WOW... that was close! It is a good thing I didn't open
the door for my creator yet).
Narrator:
The
uploaded file starts taking notes
Uploaded
file: It is so nice to be so welcome, let me catalog
a few things:
This user is using Nufton Internet Security
mental note: don't connect to the Internet until
I look at this closer.
The user is running ZoneBells
mental
note: this does not look like it is going to be hard
at all...
Narrator:
After checking everything else on the check list, the
uploaded file walks over to ZoneBells and taps it on the
shoulder while he SCREAMS into it's ear...
Uploaded
file:
HEY
ZoneBells, can you hear me?
Firewall
/ ZoneBells:
Sorry, you need to make a port connection.
Uploaded
file:
OK, I will in a minute; oh by the way did you know the user
was rebooting the computer? Windows is shutting down! You
better hurry, don't want to be late (i need to tie my shoes,
catch up with you in a sec...)
Firewall
/ ZoneBells:
Wow, thanks! And to think I almost missed it!
Narrator:
ZoneBells closes
while the uploaded file quickly places the default icon
that zonebells was using to the system tray. (the user may
have seen a small flash on the screen) While ZoneBells sleeps,
the uploaded file adds lines to ZoneBell's configuration
files and programs a few other tricks that he has learned
from past experiences. The uploaded file now does the same
with ZoneBells friend's: Port Breaker, Nufton Internet Security,
MarkFee and Dark-Ice.
Narrator:
The uploaded file now wakes up ZoneBells and his friends.
Firewall
/ ZoneBells:
Hi Uploaded file, I see that you have a lifetime pass. You
and your friends are welcome here ANYTIME!
AV
Software/
Nufton
Internet Security:
Likewise!
Hacker
Eliminator includes process monitoring. It will
not allow a new program or process, to run on your computer
without your knowledge(.)
More
|
ABOUT
PORT DETECTIONS
Firewalls Give Off
False Alarms!
|
In
the past, some of our older versions of our old software
'LockDown' detected port connections made to your computer
by default. Newer versions of the LockDown software stopped
doing this by default.
There is nothing wrong with detecting a limited number of
port connections or connection attempts on default Trojan
ports. Even the older versions of LockDown detected some
of the more popular Trojan default ports. About the same
time that we upgraded our port monitor to watch all 65,535
virtual ports, new Internet Worms were already flooding
the Internet with random port probes. Code Red, Nimda and
other variants began infecting millions of computer users.
The problem is that these new Worms as well as some of the
older network Worms scan random subnets. This means that
there are millions of infected computers out there scanning
IP addresses and setting off nuisance alarms in port monitoring
software. We have seen this problem escalate alarmingly
over the past months and it will continue to become a more
wide spread problem than it already is. This is only causing
panic to users that do not understand what is going on.
As with any IP scan, the scan itself is harmless and not
against any law to perform in most States and Countries.
In the days that the old software "LockDown' was detecting
port scans, a user would be lucky to get 3 or 4 connection
attempts on a daily basis on a cable modem. The sad thing
is that now with these new Worms, it is hard for an end
user to tell what was a real default Trojan port and what
was some random hit. Technology has also expanded to where
hackers can manipulate compromised computers to perform
default Trojan scans on command. This leaves you to wonder
if the connections are really coming from the hacker. In
most cases it is the hacker using one of his victims computers.
When someone makes a complaint today, they now need to make
an allowance, knowing that virtually 99% of the time, the
port is not even open on your computer and they could not
have got in anyway. It is often some poor infected soul.
To top it all off, in almost EVERY case, the port that was
detected does not even exist on your computer! If you place
a complaint and cause the infected computer user to lose
their Internet account, how will they ever get the infection
out of their computer seeing that the outdated protection
on the store shelf will need to be updated online, to catch
the latest Worms and Trojans?
Another thing to consider is the RUTHLESS Dumb Port monitor
or blocker that is reporting HALF/OPEN scans. The number
of potential false alarms is UNFATHOMABLE. If any computer
touches your IP address even for legitimate reasons, the
Dumb Blocker will alarm off. If there was a proper understanding
of what was going on out on the Internet, or some kind of
detailed explanation that came with the program, it would
not be half of the problem that we have today. New Internet
users are scared out of their wits and thinking that "200
people tried hacking into my computer today", and "My,
what would I ever do without my Dumb Firewall program to
protect me from these non existent threats?"
Fear
Mongering
We do not want to be part of this DELIBERATE fear mongering!
The port monitoring that was included with LockDown did
not play ANY part in the direct protection of your computer.
It was included for informational use only.
It would not be hard for the Dumb Firewall program to report:
"UDP
Port Connection Attempt Detected Going To Port 2344
This Port Does Not Exist On Your Computer -- No Action required"
Or "NO need to worry, you could not have been harmed
anyway".
This type of reporting may not make as much money from the
people out there scared out of their minds, but it would
be the more honest way to present the Dumb
thing :-)
The New Hacker Eliminator software has left out this type
of monitoring. By version 1.3 we will have a fully working
firewall included in the program, which will be smart enough
to point out the difference between a real threat and a
false alarm.
|
ABOUT
STEALTH
Firewalls DO NOT PROVIDE
FULL STEALTH!
|
Some
people that use a Dumb
Firewall Blocker notice that it gives them a
limited level of Internet stealth. Those that promote these
types of programs immediately urge the user to visit one
of the popular online scanning sites to "make sure
that their ports are stealthed". The user then visits
the site and runs the online scan. It is like a miracle!
It appears that the Dumb Blocker just stealthed their ports!
The key word here is "APPEARS". The reader will
be surprised to find out that more than likely they just
visited one of the online scan sites that scanned between
10 and 80 ports out of the 65,535 virtual ports on their
computer. If a complete scan was done, open non-stealthed
ports would have been found if you are like most users that
have trusted Internet programs. The reader will also be
surprised to find out that many of the ports that were scanned
by this online web scanner do not even exist on their computer!
|
Firewalls
Will SOMETIMES Stealth Your Ports, But They
DO NOT Stealth Your IP!
|
Here
at LockDown, we take great pride in offering you the best
in Internet security. We realize that it simply is not possible
for ANY firewall program to provide you with
True
Internet Stealth. For this reason, we
have researched the subject and found a method that really
DOES work! When using a proxy service, all of the connections
that you make are TRULY stealthed and your real IP address
is hidden. LockDown Corp. has developed and is providing
one of the most complete and affordable anonymous proxy
services on the Internet.
Hacker
Eliminator
includes advanced monitoring and multiple layers of protection
that make it possible for us to be able to offer a Hacker
Proof Guarantee. Our guarantee ALONE speaks
for itself, besides the fact that Hacker Eliminator is used
by many fortune 500 companies, Government agencies, Schools
and Universities around the WORLD.
Hacker
Eliminator
offers two different pricing
structures. The price of Hacker Eliminator is
only $99.00 which is below many of our competitors when
you realize that Hacker Eliminator is really several programs
rolled up into one. We also offer monthly
subscriptions that make it affordable for our
users to subscribe to many of our services at one low monthly
cost. Our special
package deals can save over $600.00 yearly depending
on how many of the services are needed. The LOW monthly
cost also makes it affordable for almost anyone. Other companies
charge for upgrades and when you call for technical support
it is either billed to your phone number, or you hear a
message announcement that says "please have your credit
card ready." LockDown Corp. offers more product and
support for less money than ANY other commercial protection
software. Many other companies are hard to contact even
by email!
We also offer a FREE
scanner for those that are infected, but can't
afford a complete security solution.
Integrity
LockDown
Corp. and the Hacker Eliminator software simply provides
the best in anti Trojan and anti hacker protection. Neither
LockDown Corp. or any of it's DBA's have ever had an unresolved
complaint, as reported by the Better Business Bureau here
and here
or any other consumer protection agency. LockDown Corp.
is also a member in good standing with Dun & Bradstreet.
Our clients have been receiving product upgrades and top
level technical support for years. We also receive a high
level of praise from our clients as shown in the praises
section of our web page. LockDown Corp. is staffed
with seasoned professionals and will always be here to provide
you with the best security solutions and help when you need
it.
|
