Page 1 of 4 123 ... LastLast
Results 1 to 10 of 37
  1. #1
    Newbie
    Join Date
    Dec 2008
    Posts
    8

    Exclamation .DLLs filtering. Warning! everyone Read this

    I tried a firewall from sygate at one time and liked it very much, but to my dissmay I turned on the "prevent .DLLs filter" and was surprised to find a .DLL file being sent to microsofts "software piracy hotline". I did a capture of this file to find it had all my machine info, software, serial numbers of my components, date stamp, ip addresses, etc everything in this one .DLL file. I also discovered some sites will not allow browsing unless I allowed there .DLL files to be run and stored on my PC.

    My question is this.... Can you please incorporate this .DLL filter somehow in future versions? I suspect that many people do know just how much private information is passing without our knowledge. A firewall that allows this to happen is NOT a secure firewall.....

    And YES Symantic bought out sygate and shelved this product.. it was the only firewall I know of that had this feature so if you could That would be fantastico... btw I really like UT nice... Lets hear it.....
    Last edited by dudley_dowrong; 12-06-2008 at 12:22 AM. Reason: spelling

  2. #2
    Master Untangler
    Join Date
    Aug 2008
    Posts
    970

    Default

    Thanks for the heads up. Yeah, the amount of "snooping" that software companies get away with these days is crazy. Maybe it's due to less than 1% of people reading the license agreements?

    First off I just want to say that Untangle does filter ".dll" using their webfilter. It only stops the transfer of ".dll" files. A DLL's filter per say (the way you are describing it) would be difficult to filter at a gateway. This is because the gateway doesn't know the kind of application that is trying to communicate over the network. It just knows that xx.xx.xx.xx IP address is trying to communicate to public xx.xx.xx.xx IP address over port xx. Beyond that the layer 7 features of Untangle read the packets and look for application patterns for further filtering.

    You can use Untangle to protect you from this stuff though. You would have a to take a careful approach, but you could essentially block everything outbound except "known good ports". Then under those ports you could use the layer 7 filtering to narrow downt he applications allowed. This would essentially give you what you are looking for. Warning though, this could make a lot of things stop working on your network. Proceed slowly.

  3. #3
    Untangle Junkie dmorris's Avatar
    Join Date
    Nov 2006
    Location
    San Carlos, CA
    Posts
    17,747

    Default

    Yeah, I would just go into web filter and disable the download of .dll files entirely. I can't think of many uses where downloading .dll files over the web is used...
    Attention: Support and help on the Untangle Forums is provided by volunteers and community members like yourself.
    If you need Untangle support please call or email support@untangle.com

  4. #4
    Newbie
    Join Date
    Dec 2008
    Posts
    8

    Default .DLLs filtering

    REPLY:
    How about this... providing a .DLL capture, then log them so they can be examined later if needed, here's why, for instance I was trying to get MSNs site to load, but I would not allow their DLL updates to be passed to my pc RESULT: most of their content would not load, but by allowing their DLL updates theit site would work just fine!

    so.... if DLLs could be at least LOGGED both IN and OUT, we could look at them later and see just whats going out into the public domain and into our hard drives, I believe allowing any DLL transfers is dangerous IN and OUT and UT must allow DLLs otherwise many sites would not load properly if at all, so I think your wrong by saying that it blocks DLLs, and if Im not mistaken port filtering would not prevent this since apps that require transfer of these files such as websites would be allowed to do so anyway. I also believe the wrong files can be destructive to a pc if they go unchecked, as they are now. Also by at least logging these files we could remove them later if needed, and perhaps someone could write an app that would do so for us.

    If anybody out their thinks these transfers are not taking place now, find a copy of SYGATE firewall and just see how many DLLs are being stored on your hard drives you will be amazed.. Can you say.... MALWARE!!!!

    Prove to me Im wrong or better yet Right! .......... anyway how bout it

  5. #5
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    Umm....

    You do know what a DLL is? right? What you are describing doesn't happen....

    DLLs are a piece of compiled software. Windows has hundreds of them, and just about all other software has 10-20 per install.

    They aren't transferred over the net, they are executable via the rundll.exe command line within windows. They are nothing more than a blip of code!

    Untangle can't stop anything from running on your client. You can however, control the internet access any program on a client has with the Untangle software in the gateway.

    If your concern is about the anonymous information stored by a remote web server then I humbly suggest you stop using the internet. Just by opening the browser you're telling the web server what web client you're using, what your IP address is, What OS you're using... and several other things.

    This isn't malware, it's required for the Internet to function.

    I can agree that blocking the ability for DLLs to be downloaded in the mime filter isn't a half bad idea. I can't think of any reason to allow the direct transmission of the files. They are always packaged with something.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  6. #6
    Newbie
    Join Date
    Dec 2008
    Posts
    8

    Default DLLs

    sky-knight:You do know what a DLL is? right? What you are describing doesn't happen....

    I do know what a .DLL file is and if I recall back when I was using sygates firewall years ago, I remember the pages of websites would not load correctly unless I permitted the DLL updates to my hard drive. this was especially with MSNs site, when I allowed them in then it would show the rest of its webpage,

    I found the DLL on my hard drive that MSN updated, it was from MSN.com. Since It was so problematic, unless I allowed this to happen I gave up using this firewall, so there is DLL injection when viewing some websites,

    I dont know how many sites do this but my main concern was having this happen and no one seems to "know" anything about it except Sygate,

    so if they SYGATE had this feature, then it must have been important don't you think? I don't use pirated software but I do CARE when something like this happens and especially if it alters my pc in anyway without knowing what is being done, and if I should be concerned or not especially with some of these rogue sites that are out there, better to be aware of this in case there is a problem with this type of practice. Like I said it was years ago with xp pro and now that I think about it I will try it out again and update you to this problem. Maybe its nothing but if Sygate had this feature then I would like to hear from someone out there who is familiar with this program and see what the ramifications could be, or perhaps its nothing at all. NOT!

    I was just wondering why we are paranoid of cookie injections and not DLL mods. or injections, I just thought you guys might want to look into this with an open mind and see if this could be a security threat or even a potential problem, especially if it was designed to be malicious.

    To log these would do no harm and who knows maybe it would encourage virus and malware developers to look into it and create a program to monitor it and help educate us who don't "know" anything about this practice reguarding these DLLs

    If I'm wrong prove me... if I'm right then help me.

    look at things with an open mind..... said the brain surgeon....

  7. #7
    Master Untangler Evil_Bert's Avatar
    Join Date
    Nov 2007
    Location
    Sydney, Australia
    Posts
    119

    Default

    I can browse MSN.com and any other site using a Linux client - no DLL's anywhere - and I don't have any problems.

    I've neither heard of nor seen a DLL file transmitted in the way you describe.

    But, if it's happening with your system, could you please attach the captured DLL so we can have a look?
    There are many alternate universes, but only this one has beer.

  8. #8
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    I think dudly is confusing ActiveX vulnerabilities with a file transfer...

    What you are describing is only possible when a programming API is used on the client to access the local file system. This vulnerability was problematic back with Classic ASP and the older Java runtimes. All of the confusion it spawned is still present today with the knee-jerk disabling of JavaScript.

    You are very incorrect here, and using lots of terminology incorrectly. What you are worried about is technically still possible. But the feature you're asking for is untenable.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

  9. #9
    Master Untangler
    Join Date
    Aug 2008
    Posts
    970

    Default

    I don't have ANY dll's on my system (Apple MAC OS X). I can browse all those sites without issue.

  10. #10
    Untangle Ninja sky-knight's Avatar
    Join Date
    Apr 2008
    Location
    Phoenix, AZ
    Posts
    25,095

    Default

    Actually far you do have dlls... not by filename but every application in that system uses dynamically linked assets. So yeah, you have dlls.
    Rob Sandling, BS:SWE, MCP
    NexgenAppliances.com
    Phone: 866-794-8879 x201
    Email: support@nexgenappliances.com

Page 1 of 4 123 ... LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

SEO by vBSEO 3.6.0 PL2