From: "Geo" 

"Paul Ranson"  wrote in message
news:4328b57d{at}w3.nls.net...
> Encrypting the registry would just mean at a simplest level running the
> firewall configuration app and poking keystrokes at it rather than just
> editing the registry. Keeping it hidden isn't rocket science.

Poking keystrokes isn't as easy as it sounds when you are limited to
scripting via a PDF file or some other method. You are still thinking like
you have code running on the machine. The idea is you take what you can
get, usually that's some browser exploit or some control marked safe for
scripting but isn't, something along those lines. You exploit that to gain
more access.

The higher you can raise the bar for those initial steps, the tougher it is
to crack the machine. As you say, once you reach the point where you have
your exe running on the box, it's anything goes. But getting there is the
tough part. (or should be the tough part)

> Not running untrusted code would seem to be the first line of defence.

I agree, and active or javascript should be considered untrusted code.

> And
> having the firewall physically distinct a distant second.

No, not at all. Think of it like antivirus. Yes it's possible to defeat it
once you have code running, but that doesn't mean it doesn't help. The
tougher it is to defeat the firewall the better and that's really all I'm
saying.

Geo.

--- BBBS/NT v4.01 Flag-5