Security Advisory on Outpost Firewall software

It has been discovered that a 3rd party firewall – Outpost by Agnitum will not protect a system during startup/shutdown from unsolicited traffic for short period of time (some seconds). Fix is on the way as per the advisory but an item in their “What should I do?” got me tad curious – how an attack will not succeed in accessing a system during shutdown. They said “successful attack would almost immediately be terminated by Windows itself closing down”. IMHO, successful attack means successful ‘as in’ someone is ‘in’ and if the attack is malicious f.e. halt the shutdown (although I’m not sure yet if there’s such incident before), how a user will trust that Windows will terminate the attack?

Anyway, the said advisory was posted at Outpost support forum

Affected versions:
While this issue was discovered with Outpost 3.0, all earlier versions of Outpost should be assumed to be affected also.

Their advise:

Until this is fixed, the forum leaders would advise users to disconnect physically from the Internet (unplugging cables or network cards) before shutting down Windows. Running a complete system scan with an updated anti-virus scanner would also be a prudent step to check for any compromise.

Possible fix:
Outpost 3.0 build 558/438 (currently in beta) is supposed to fix this (and does appear to, from tests done so far). No date is available for when this will be publicly released.

Leave a Reply