From: "Geo." 

You are missing the point, step one is to get your evil.exe code onto my
machine and run it.

I don't have to have code executing on your machine to change your
firewall. A simple javascript included in a pdf file and emailed to you or
posted to a newsgroup should be enough to disable your firewall fire up
tftp and download your evil.exe code and run it. (I don't really know if I
can do all that in javascript but I'm just trying to describe a technique
that's been used by countless hackers)

Your firewall is useless against an attack where the firewall needs to be
diabled before the evil.exe can be downloaded and run.

Something as simple as encrypting the registry key data would prevent this
or at least make it infinitely more difficult.

Security is not an absolute, it's a shade of grey and the idea is to have
your grey more white than black.. this sillyness definitely moves you
towards black.

Geo.

"Paul Ranson"  wrote in message
news:43281226{at}w3.nls.net...
> I think you're living in a dream world. I own your machine. I can turn
your
> firewall off or reconfigure it, just like you can. I can disable a warning
> message because I own your machine. I can do anything because I own your
> machine. This is just another example of a wannabe trolling a mailing
list.
>
> More to the point anything bad I want to do with your machine and the
> network I can do with ports you already have open, so why do I care about
> the firewall and making myself obvious by generating traffic on unusual
> ports?
>
> Paul

--- BBBS/NT v4.01 Flag-5