Quote:
Originally Posted by malch
And yes, it would be very simple to use RegExp matching for whitelisted programs. That would however defeat the purpose since of the firewall because malware would (indeed already does) attempt to disguise itself by using filenames that match the names of legitimate executables but installing itself in a different folder.
|
Well, if the "malware" is at the point where it can install itself to an arbitrary location on your system, it may as well disable/reconfigure the software firewall to not get into its way. Also a software firewall can be bypassed in various ways by a malicious application, e.g. by calling a "trusted" application (e.g. your web-browser) in the background and let it do the communication for you. Furthermore I doubt any malware would try to hide itself as "lamexp_something.exe" - it would rather pick a popular application that is more likely to be installed on the machine. But if a RegExp-based exception rule isn't feasible, you may still use a Hash-based one. The included Wget binary is rarely updated, so the Hash won't change...