March 26th, 2004 11:12 PM
1. Would it be possible for a attacker to gain complete control to a computer without the aid of a Trojan?
No firewall and no router
File sharing is disabled
Windows/IE completely updated
2. If it is possible because of a unknown Windows/IE flaw, would a firewall and or router help?
I am having a debate with someone saying it is possible and I say it is not possible.
Even with a Windows flaw, a firewall is integrated with Windows and it will be bypassed.
Any links provided will be greatly appreciated.
March 26th, 2004 11:25 PM
is social engineering out of the question?
if it's not, then i'd say there might be a way.
but as a programmer, i'd say it should not be included on the process.
March 26th, 2004 11:29 PM
No social engineering.
March 26th, 2004 11:47 PM
The answers to your questions can be found here at this site by using the search engine on the upper right hand area of the main page and also by using www.google.com. Just enter: securing my windows computer.
March 27th, 2004 12:00 AM
Thank you for the reply, but my question was not about "securing my windows computer".
March 27th, 2004 12:04 AM
....Then the answer to your question is yes.
Signature image is too tall!
March 27th, 2004 12:17 AM
Securing your windows computer is exactly what your questions are about. If you go and do just a little reading and studying you and your friend will not find yourself asking those questions.
The answers to your questions can be found here at this site by using the search engine on the upper right hand area of the main page and also by using www.google.com.
Just enter: securing my windows computer.
March 27th, 2004 12:22 AM
The version of Windows is an important consideration here. With windows 9x/ME, gaining complete control of the operating system is a bit more difficult because there are very few network services running on the system. Even so, it is still possible. Recent RPC exploits would allow an attacker to gain control over a system without using a trojan.
If Windows 2000/XP is your OS of choice then, yes it is very easy to get complete control of the system. It may be as simple as cracking a password to log into the telnet server with (if the telnet server is enabled of course). Password cracking can also be applied against Microsoft's terminal services. Once a password is found, it's as simple as making a Remote Desktop connection to the system. Besides this, attacking an unpatched windows server with a known exploit is trivial.
Lastly, an attacker may be creative enough to convince you (through an email or some other form of social engineering) to open your XP pro desktop for remote support, which also uses RDP (remote desktop protocol).
As for the integrated firewall, it must be enabled before any protection is afforded. If the firewall is enabled, then any exploits directed at network services on the system will be dropped. If an IE flaw is exploited, the attacker may be able to coax your system into downloading a backdoor (e.g. Netbus Pro), but the attacker still would not be able to connect to the backdoor due to the integrated firewall.
Hope that info is of some value.