Manual Outpost Firewall Versie 4.0 (page 96 of 100) (English)

46516

Zoom out

Zoom in

1/100

Appendix C: Penetration Techniques

Outpost Firewall Pro allows to control the following actions:

Components injection

Windows operating system by design enables installing system interceptors (hooks)

through which foreign code can be injected into other processes. Usually this technique is

used to perform common, legitimate actions, for example, switching the keyboard layout or

launching a PDF file within the web browser window. However, it can be likewise used by

malicious programs to embed malicious code and thus hijack the host application. An

example of leak test using such technique to stage a simulated attack is a PC Audit

program (

http://www.pcinternetpatrol.com/).

Outpost Firewall Pro controls the installation of a hook interceptor in a process's address

space. This is implemented via the interception of functions that are typically used by

malicious processes (Trojans, spyware, viruses, worms etc.) to implant their code into

legitimate processes (i.e. Internet Explorer or Firefox). The behavior of a DLL file

invoking such functions is considered suspicious and triggers legitimacy verification.

Control over another application

DDE technology is used to control applications. Most famous browsers are DDE servers

and can be used by malicious programs to transfer private information into the network.

One example of this technique is Surfer leak test

(

http://www.firewallleaktester.com/leaktest15.htm). ZABypass is another example of a

leak test using this method.

With Outpost Firewall Pro, every attempt to use the DDE intercommunication is monitored

with no exclusion, whether the process is open or not. DDE inter process communication

control enables Outpost Firewall Pro to control the methods used by applications to get

control over the legitimate processes. It prevents malware from hijacking the legitimate

program and checks whether such DDE-level interactivity is allowed to be performed upon

the network-enabled applications. In case such attempt is detected, it triggers legitimacy

verification.

Application window control

Windows allows applications to exchange window messages between processes. Malicious

processes can get control over other network-enabled applications sending them window

messages and imitating user input from keyboard and mouse clicks. The example of using

this technique is Breakout leaktest (

http://www.firewallleaktester.com/leaktest16.htm).

Report abuse

Libble takes abuse of its services very seriously. We're committed to dealing with such abuse according to the laws in your country of residence. When you submit a report, we'll investigate it and take the appropriate action. We'll get back to you only if we require additional details or have more information to share.

Product:

Forumrules

To achieve meaningful questions, we apply the following rules:

First, read the manual;
Check if your question has been asked previously;
Try to ask your question as clearly as possible;
Did you already try to solve the problem? Please mention this;
Is your problem solved by a visitor then let him/her know in this forum;
To give a response to a question or answer, do not use this form but click on the button 'reply to this question';
Your question will be posted here and emailed to our subscribers. Therefore, avoid filling in personal details.

new questions and answers
new manuals

You will receive an email to register for one or both of the options.

Get your user manual by e-mail

Enter your email address to receive the manual of Outpost Firewall Versie 4.0 in the language / languages: English as an attachment in your email.

The manual is 2,59 mb in size.

You will receive the manual in your email within minutes. If you have not received an email, then probably have entered the wrong email address or your mailbox is too full. In addition, it may be that your ISP may have a maximum size for emails to receive.

The manual is sent by email. Check your email

If you have not received an email with the manual within fifteen minutes, it may be that you have a entered a wrong email address or that your ISP has set a maximum size to receive email that is smaller than the size of the manual.

The email address you have provided is not correct.

Please check the email address and correct it.

Your question is posted on this page

Would you like to receive an email when new answers and questions are posted? Please enter your email address.

Info

Outpost Firewall Versie 4.0 Manual

Product: