I recently allowed a tech from a VOIP voice router company to remotely take over my
computer in order to try and fix a router problem. I was amazed at how quickly
he manipulated things within my computer and router, but I have been thinking,
although I gave permission, which was only protocol from his company to ask
for, how easy it must be for a pro hacker to do the very same without any
permission. Then I’m thinking how good was my firewall, etc. It didn’t even seem
to have a clue as to what was going on; I would have thought that I might have
needed to shut down my firewall for him to get access to my computer, but no,
it was just too easy. I wonder what your thoughts are on this. I’m using Windows 7
Home Premium 64 bit.
This is a wonderful example of how even the best, most securely protected
computers can still get infected.
No, I’m not saying that you got infected. Chances are what you allowed was above
board and without malicious intent.
But understanding how it happened (that your firewall wasn’t involved) is
pretty key to understanding how malware can still spread.
You invite it in.
Vampire at the door
When your computer is behind a firewall – including your router acting as a firewall – malware becomes much like the mythical vampire: it can come to your door, but it cannot enter until you actually invite it in.
That, by itself, stops a lot of malware from ever reaching your machine. There are active botnets and infected machines on the internet that are tirelessly searching for unprotected machines; upon finding one, they will gain entry and install malware.
With your firewall in place, that won’t happen.
Because you won’t invite them in.
That remote access was probably by your invite
Most remote access – including what you described – is not initiated by the remote technician.
Chances are the technician first had you run a program on your computer or visit a website that installed some software on your machine. That software then initiated the connection from your machine to that of the technician. Essentially, that invited him in. Once the connection was established, the software on his computer could use it to remotely access yours.
Because the connection was an outgoing connection, established from your computer to his and not the other way around, your firewall was OK with it. The firewall might not even be paying attention to outbound connections.
In this case, the connection was established for a legitimate purpose.
Sadly, it’s not always legitimate.
Inviting in malware
Hopefully, you can see now that while a firewall protects you from one class of malicious software, it cannot protect you from everything.
Specifically, it cannot protect you from malicious software that you explicitly invite on to your machine.
What do those “invitations” look like?
Email you download that contains malicious attachments. When you download email, your computer requests it – meaning it’s an outgoing connection to your email server that invites it to deliver email to your machine. Once on your machine, running or opening a malicious attachment can in turn infect your machine.
Web pages that you visit that contain malicious content. When you visit a web page, your computer requests the contents of that page – meaning it makes an outgoing connection to the web server and requests that it download the contents of the page to your computer, so that it can be displayed. Malicious web pages can then cause malware to be installed, often by establishing their own outgoing connection to their own servers where they “invite” the download of spyware and/or viruses.
While a firewall’s primary purpose is to block uninvited guests, software firewalls (including Windows’ own) will often monitor outgoing connections as well.
In other words, some firewalls can keep an eye on those outgoing invitations.
Now, I’m not a huge fan of outgoing firewalls, but there are many who disagree with me. My take is that by the time the outgoing firewall has something to catch, it’s too late – malware already has its hooks into your machine, making that outgoing request. The outgoing firewall can prevent things from getting worse, but the fact is there’s already something going on.
I prefer to focus on prevention; before there’s ever a chance to make those malicious requests, you should be aware of how visiting malicious sites and opening malicious attachments are basically inviting malware on to your machine.