Re: Windows Firewall Has A Backdoor

From: Dan (spamyou_at_user.nec)
Date: 02/26/05

• Next message: Gordon: "Making a Boot CD?"
• Previous message: Malke: "Re: usb device jumping up my cpu usage to 100%"
• In reply to: mar: "Windows Firewall Has A Backdoor"
• Messages sorted by: [ date ] [ thread ]

---

Date: Sat, 26 Feb 2005 09:29:51 -0700

Now that is a real cause for concern. Thanks for the alert mar.

"mar" <anonymous@discussions.microsoft.com> wrote in message
news:383sisF5h4h65U3@individual.net...
: Windows Firewall Has A Backdoor
: Posted at 2005-02-19 20:00:00 GMT
: http://habaneronetworks.com/viewArticle.php?ID=144
:
: I was just poking around with the Windows Firewall on my system. When
: I went to look at the exceptions, I was confronted with an entry that
: I couldn't recognize, rk.exe. Rk.exe was allowed full access to and
: from my computer. I did a quick search for rk.exe on the internet and
: came across ProcessLibrary's website which stated the following about
: rk.exe:
:
: rk.exe is a process that belongs to a software from RelevantKnowledge.
: The software monitors how you use the Internet as well as displays
: various surveys in popup windows. This process should be removed to
: protect your personal privacy. For more information visit their
: privacy policy agreement at
: http://www.relevantknowledge.com/Agreement.htm
:
: Let's see, RelevantKnowledge, um, never heard of them, I know what
: software I have installed, and none is from this company. Anyway, what
: else does it say? Um, 'The software monitors how you use the
: Internet', well, this can't be too good, ok then, how about 'displays
: various surveys in popup windows'. so let's add it up:
:
: Never heard of the company Bad
: Monitors My Internet Activity Bad
: Displays Popups Bad
:
:
: Well, to me, this does look like spyware and adware. It is spyware
: because it is monitoring and probably recording information about
: where I am going and what I am doing on the Internet. It is also
: adware because of the nice popups it will provide me.
:
: Well, I actually have never seen any activity from rk.exe on my
: system, and infact, the file doesn't even exist. I must have cleaned
: it out with a spyware remover like, AdAware or Webroot's Spysweeper.
: The point of the matter is that this entry has found it's way into my
: Windows Internet Connection Firewall Exceptions list without my
: knowledge. And as it turns out, isn't that hard to do.
:
: As long as the person currently logged into the computer has
: Administrative privileges, an application can easily add an entry into
: the
:
HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/Authori
zedApplications/List/
: key that will allow any application full rights to and from the
: computer without the user's interaction or knowledge.
:
:
: Just because you think that Microsoft and their supposedly secure
: Windows Firewall is running doesn't mean that you're safe. You must
: check the settings of the firewall regularily. Always scan your system
: at the minimum once a week with the anti-spyware tools and ensure that
: you run SpywareBlaster everytime you use your computer.
:
: For more information about SpywareBlaster please visit here, for more
: information about anti-spyware and anti-adware products, please read a
: full review of the top 5 ad / spyware fighters at:
: http://habaneronetworks.com/viewArticle.php?ID=95.
:
:
: If you are currently using Window's own firewall to protect you,
: either ensure that there are no unknown exceptions or find a better
: firewall.
:
:
: PS. If you are ever unsure about a process, head on over to Process
: Library and search for the running processes name.
:
:
: I have added another article that explains that Microsoft's
: AntiSpyware Beta also ignores any changes to the registry for this
: key.
: You can read the article here
: http://habaneronetworks.com/viewArticle.php?ID=146

---

• Next message: Gordon: "Making a Boot CD?"
• Previous message: Malke: "Re: usb device jumping up my cpu usage to 100%"
• In reply to: mar: "Windows Firewall Has A Backdoor"
• Messages sorted by: [ date ] [ thread ]

---

Relevant Pages Re: Recommends for spy software remover? ... Here a book on "Defense and Detection Worms" in the internet section: ... >> What are some good, free, spyware remover programs that don't add ... It contains advice ... You should at least turn on the built in firewall. ... (microsoft.public.windowsxp.general) Re: memory ... one thing i have noticed in regards to spyware programs ... The settings above provide decent security and still provide you with the ... This is why I suggest that you do not use the inbuilt microsoft firewall. ... settings for the Windows Firewall. ... (microsoft.public.windowsxp.setup_deployment) Re: Spyware solution leaves pc in sorry state ... > My win 98 machine was infected by some spyware which ... First, when I boot my pc, Internet ... > I do NOT have any windows or programs running. ... by the normal home user and in cooperation with a good firewall, ... (microsoft.public.security) Re: Default page hijacked ... > My default page has been hijacked by spyware / adware. ... > default page in internet options as the relevant section is greyed. ... disable your Windows Messenger service. ... by the normal home user and in cooperation with a good firewall, ... (microsoft.public.windows.inetexplorer.ie6.browser) RE: Windows Firewall Has A Backdoor ... > I was just poking around with the Windows Firewall on my system. ... > The software monitors how you use the Internet as well as displays ... > Well, to me, this does look like spyware and adware. ... (microsoft.public.windowsxp.general)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > WinXP  > microsoft.public.windowsxp.general  > 2005-02