Spyware, Viruses, & Security forum

General discussion

Windows Firewall Has A Backdoor?

by Lit'l Sasquatch / February 22, 2005 10:50 PM PST

was just poking around with the Windows Firewall on my system. When I went to look at the exceptions, I was confronted with an entry that I couldn't recognize, rk.exe. Rk.exe was allowed full access to and from my computer. I did a quick search for rk.exe on the internet and came across ProcessLibrary's website which stated the following about rk.exe: rk.exe is a process that belongs to a software from RelevantKnowledge. The software monitors how you use the Internet as well as displays various surveys in popup windows. This process should be removed to protect your personal privacy.

Well, I actually have never seen any activity from rk.exe on my system, and infact, the file doesn't even exist. I must have cleaned it out with a spyware remover like, AdAware or Webroot's Spysweeper. The point of the matter is that this entry has found it's way into my Windows Internet Connection Firewall Exceptions list without my knowledge. And as it turns out, isn't that hard to do.

As long as the person currently logged into the computer has Administrative privileges, an application can easily add an entry into the HKEY_LOCAL_MACHINE/SYSTEM/Services/.../FirewallPolicy/StandardProfile/AuthorizedApplications/List/ key that will allow any application full rights to and from the computer without the user's interaction or knowledge.


Discussion is locked
You are posting a reply to: Windows Firewall Has A Backdoor?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Windows Firewall Has A Backdoor?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
It gets worse...
by michaelmross / March 24, 2005 7:06 PM PST

When I remove rk.exe, it breaks my Windows Firewall/Internet Connection Sharing (ICS) service - and I can't acquire an IP address.
Also, I found there's an interdepency with another malware, I think it's newdot~6.dll. If you remove the registry entries for that one, it errors out rk.exe, which breaks your connectivity. Both exploit rundll32.exe, incidentally.

Collapse -
Ho-Hum -- Another Neophyte Conspiracy Theorist
by pmchefalo / March 24, 2005 10:01 PM PST

If you are logged in with a priviliged account on ANY operating system, you can perform any task that account has rights to perform -- erase data, add data, add programs, erase programs, set program options, etc. It all depends on your privilege level.

A FIREwall must have some way of letting traffic through it, or it would be an AIRTIGHTwall and the computer served by it would be useless. Priviliged accounts then must be able to make changes to a firewall, either removing or adding ports to its monitoring function.

So if a program is run by some one with privileges, programs will do what they do -- change the configuration of the computer -- add data, change options, etc. And if you're not completely careful about the code you run -- you will ruin the computer setup, software-wise.

In Windows NT, 2000 and XP, all versions, there are several predefined privilege sets (called security groups) and the opportunity to create user accounts with additional granualarity. Everyone who uses one of those operating systems has some set of capabilities to change the computer. The owner of such a machine has the capability to restrict (or not) its users from the rights to change the machine. PCs used at home typically default to every user having full capability, while corporate machine typically default to everyone having limited capability. Howver, it is not rocket science to change from one scenario to the other.

Popular Forums
Computer Newbies 10,686 discussions
Computer Help 54,365 discussions
Laptops 21,181 discussions
Networking & Wireless 16,313 discussions
Phones 17,137 discussions
Security 31,287 discussions
TVs & Home Theaters 22,101 discussions
Windows 7 8,164 discussions
Windows 10 2,657 discussions


We are giving away 'Black Panther' swag!

Four lucky readers will be taking home *Marvel*ous "Black Panther" prizes, including magazines autographed by the King of Wakanda himself! Giveaway ends Feb. 25, 2018.