Helping people with computers... one answer at a time.
A firewall traditionally protects you from threats coming from the network. A technician's remote access session might well have been invited in.
I recently allowed a tech from a VOIP voice router company to remotely take over my computer in order to try and fix a router problem. I was amazed at how quickly he manipulated things within my computer and router, but I have been thinking, although I gave permission, which was only protocol from his company to ask for, how easy it must be for a pro hacker to do the very same without any permission. Then I'm thinking how good was my firewall, etc. It didn't even seem to have a clue as to what was going on; I would have thought that I might have needed to shut down my firewall for him to get access to my computer, but no, it was just too easy. I wonder what your thoughts are on this. I'm using Windows 7 Home Premium 64 bit.
This is a wonderful example of how even the best, most securely protected computers can still get infected.
No, I'm not saying that you got infected. Chances are what you allowed was above board and without malicious intent.
But understanding how it happened (that your firewall wasn't involved) is pretty key to understanding how malware can still spread.
You invite it in.
When your computer is behind a firewall - including your router acting as a firewall - malware becomes much like the mythical vampire: it can come to your door, but it cannot enter until you actually invite it in.
That, by itself, stops a lot of malware from ever reaching your machine. There are active botnets and infected machines on the internet that are tirelessly searching for unprotected machines; upon finding one, they will gain entry and install malware.
With your firewall in place, that won't happen.
Because you won't invite them in.
Most remote access - including what you described - is not initiated by the remote technician.
Chances are the technician first had you run a program on your computer or visit a website that installed some software on your machine. That software then initiated the connection from your machine to that of the technician. Essentially, that invited him in. Once the connection was established, the software on his computer could use it to remotely access yours.
Because the connection was an outgoing connection, established from your computer to his and not the other way around, your firewall was OK with it. The firewall might not even be paying attention to outbound connections.
In this case, the connection was established for a legitimate purpose.
Sadly, it's not always legitimate.
Hopefully, you can see now that while a firewall protects you from one class of malicious software, it cannot protect you from everything.
Specifically, it cannot protect you from malicious software that you explicitly invite on to your machine.
What do those "invitations" look like?
Email you download that contains malicious attachments. When you download email, your computer requests it - meaning it's an outgoing connection to your email server that invites it to deliver email to your machine. Once on your machine, running or opening a malicious attachment can in turn infect your machine.
Web pages that you visit that contain malicious content. When you visit a web page, your computer requests the contents of that page - meaning it makes an outgoing connection to the web server and requests that it download the contents of the page to your computer, so that it can be displayed. Malicious web pages can then cause malware to be installed, often by establishing their own outgoing connection to their own servers where they "invite" the download of spyware and/or viruses.
While a firewall's primary purpose is to block uninvited guests, software firewalls (including Windows' own) will often monitor outgoing connections as well.
In other words, some firewalls can keep an eye on those outgoing invitations.
Now, I'm not a huge fan of outgoing firewalls, but there are many who disagree with me. My take is that by the time the outgoing firewall has something to catch, it's too late - malware already has its hooks into your machine, making that outgoing request. The outgoing firewall can prevent things from getting worse, but the fact is there's already something going on.
I prefer to focus on prevention; before there's ever a chance to make those malicious requests, you should be aware of how visiting malicious sites and opening malicious attachments are basically inviting malware on to your machine.
Comments on this entry are closed.
If you have a question, start by using the search box up at the top of the page - there's a very good chance that your question has already been answered on Ask Leo!.
If you don't find your answer, head out to http://askleo.com/ask to ask your question.