Log in

View Full Version : How to protect against OLE automation leak?


Goonerr
16-01-2008, 07:08 PM
Just found this utility on the net. uses a system called OLE automation of application control to check how your firewall handles the situation where one program attempts to manage the behavior of another program, which your firewall has been set to trust.

You can download it here to try it out http://www.pcflank.com/pcflankleaktest.htm

im running updated zone alarm with the settings all set correctly yet it fails, anyone have any insight into this and how to GET PROTECTED?

Elexin
16-01-2008, 07:59 PM
Before I read this post I had no idea what an OLE automation leak was.
I tried to read it. My brain then switched off, so I still don't x_x

What exactly are you wanting to do? :?

Goonerr
16-01-2008, 10:49 PM
well....

Leak tests are programs that are used to check how a firewall protects the host system from attempts by malware to steal data. These tests simulate attacks that are designed to circumvent firewall protection. Essentially, leak tests evaluate to what extent your firewall allows illegitimate outgoing data transmissions. These tests don't cause damage; they simply point out weaknesses in firewall software.

since zone alarm doesnt stop this form of leak, which can be a danger to anyones private information, I was just asking if anybody had information on this?

ive tested this leak on my own computer with a hardware firewall and zone alarm with max security settings enabled and the leak is still able to transmit data to a web server, This DATA can be anything, such as your credit card details, home address or website passwords.

Kinshara
17-01-2008, 12:26 AM
OLE is one of those things Microsoft added many years ago, intending to make programming easier; unfortunately it didn't do as well at that as it did provide attack vectors for malicious programs.

As far as a firewall goes... I would expect this test to fail; the firewall is just there to filter network traffic, not detect whether a program is being hijacked. If you have a program abusing other programs via this method, your machine is already compromised.

http://www.securiteam.com/windowsntfocus/5TP0G1FMAI.html will give you a few tips on how to avoid problems with it, but it's basically just a matter of being careful about which programs you run (and not using IE).

Goonerr
17-01-2008, 09:29 AM
OLE is one of those things Microsoft added many years ago, intending to make programming easier; unfortunately it didn't do as well at that as it did provide attack vectors for malicious programs.

As far as a firewall goes... I would expect this test to fail; the firewall is just there to filter network traffic, not detect whether a program is being hijacked. If you have a program abusing other programs via this method, your machine is already compromised.

http://www.securiteam.com/windowsntfocus/5TP0G1FMAI.html will give you a few tips on how to avoid problems with it, but it's basically just a matter of being careful about which programs you run (and not using IE).

Thanks, sounds like one of those great services which microsoft provides :)

Oogie
17-01-2008, 11:44 AM
Off topic slightly, why do I get the feeling you are at Uni and getting us to do your coursework? :P

Vegelus
17-01-2008, 01:01 PM
That's why?
http://shadowsongeurope.com/forum/showthread.php?t=19912
:P

Goonerr
17-01-2008, 01:18 PM
acctually. im at home but i am studying, since i installed my wireless network for my laptop i did a few security checks on my system and found this flaw. so i thought id post here to see if anyone else knew about it.