|
COMMAND Tiny personal firewall permits bypass when accessing console, even if locked SYSTEMS AFFECTED 2.0.15a PROBLEM Andrew Barkley reported following about Tiny Personal Firewall : The popup alert/dialogue jumps to the foreground, thus open to accept permit/deny input from the local console, even when the workstations are locked (ctl + alt + del). Thus an untrusted individual whom has local access to individuals workstations can scan a workstation/network, wait for the popup alert dialogue and enter \"permit\" on unattended (locked workstations) without the owners permission/knowledge, No need to first unlock (ctl + alt + del) Update (6 march 2002) ===================== elfs added : If we take a look to WinAPI help for, i.e. MessageBox, we see, that it has a flag (WindowsNT only), called MB_SERVICE_NOTIFICATION: (..) The caller is a service notifying the user of an event. The function displays a message box on the current active desktop, even if there is no user logged on to the computer (..) So we can write a small test program: ---[ test.c ]--- #include <windows> void main() { Sleep(3000); // Pause, to give you time to lock // the computer MessageBox( NULL, // HWND, should be NULL \"Who cares if we are locked?\", // Messagebox text \"Test\", // Messagebox caption MB_OK | MB_SERVICE_NOTIFICATION // Flags ); } and this gives a chance for almost any appl to communicate with user on WinNT, even if the computer is locked. SOLUTION Tom Geldner suggests : Unchecking \"Ask for action when no rule is found\" on the Advanced tab will effectively stop the popups. You can also force TPF to require a password for any activity.