Home > Articles > Windows Bug Allows Repeat Invasions

Windows Bug Allows Repeat Invasions

Plus: Fix Windows Update glitches, avoid a fake Google site, and close router holes.

Say you've just recovered from a serious worm attack. You've run your antivirus and adware/malware removal utilities, installed the latest patches, even double-checked to make sure your security and privacy settings are set at high. You're good, right? Maybe not.

Microsoft recently released a Security Advisory (along with an update to Windows XP Service Pack 2 containing the fix) warning about an "unexpected behavior" in Windows Firewall that could let a clever attacker who had broken into your PC leave a back door to the Web unlocked for next time. Only PCs running either XP with SP2 or Windows Server 2003 are susceptible.

Hackers sometimes get into a PC by taking advantage of the ports that Windows uses to talk with the world. Literally thousands of ports are available, but Windows Firewall automatically blocks most of them to protect you.

You can let programs connect to your PC through specific ports by entering those ports as exceptions in the firewall's user interface (found in Windows' Control Panel). The user interface also lists these exceptions so that you can see what ports are enabled on your system. Information about the ports is stored within the Windows Registry.

Recently, someone figured out that if you insert port exceptions directly into the Registry and give them "malformed" names, the firewall's user interface won't be able to display them and you'd never know the port was open. Fortunately, no exploits of this vulnerability have been reported yet.

The Security Advisory also explains how you can determine if any sneaky exceptions already lurk on your PC. To get the update, which makes invisible entries visible in Windows Firewall, click here.

Panda Software identified a new worm that redirects your search requests to a phony Google site. The P2load.A worm masquerades as a free Star Wars game. After you run the file, your attempts to point your browser to Google actually take you to a fake site with different paid advertisers.

The worm alters your start page, changes your Internet Explorer search options, and infects your PC with various adware programs. It spreads through peer-to-peer file sharing apps, such as Imesh and Shareaza. Click here for directions on identifying whether your PC's been infected and wiping the imposter off your system.

Stuart J. Johnston

Stuart J. Johnston is a contributing editor for PC World.



Subscribe to PC World Magazine