From: "Paul Ranson" 

Encrypting the registry would just mean at a simplest level running the
firewall configuration app and poking keystrokes at it rather than just
editing the registry. Keeping it hidden isn't rocket science.

Not running untrusted code would seem to be the first line of defence. And
having the firewall physically distinct a distant second. I don't see that
any local firewall significantly adds to my security, it just may alert me
to unauthorised activity. But then my router's firewall log does that.

Paul

"Geo."  wrote in message
news:432857bf$1{at}w3.nls.net...
> You are missing the point, step one is to get your evil.exe code onto my
> machine and run it.
>
> I don't have to have code executing on your machine to change your
> firewall.
> A simple javascript included in a pdf file and emailed to you or posted to
> a
> newsgroup should be enough to disable your firewall fire up tftp and
> download your evil.exe code and run it. (I don't really know if I can do
> all
> that in javascript but I'm just trying to describe a technique that's been
> used by countless hackers)
>
> Your firewall is useless against an attack where the firewall needs to be
> diabled before the evil.exe can be downloaded and run.
>
> Something as simple as encrypting the registry key data would prevent this
> or at least make it infinitely more difficult.
>
> Security is not an absolute, it's a shade of grey and the idea is to have
> your grey more white than black.. this sillyness definitely moves you
> towards black.
>
> Geo.

--- BBBS/NT v4.01 Flag-5