Can a firewall blocks the collection of data from a malware?

[Herofday]

If a firewall is blocking the connection of a malware, the malware may still collect information and send them to the hacker?

-Sorry for grammatical mistakes I'm not Native English speakers

 

[hjlbx]

If a firewall is blocking the connection of a malware, the malware may still collect information and send them to the hacker?

-Sorry for grammatical mistakes I'm not Native English speakers

If the firewall is blocking the malware, then generally yes, it is blocking communications to hacker.

However, even if you have a firewall installed, there is no guarantee that data theft will be blocked.

There are various techniques to bypass firewalls - for example - malware can use a trusted process such as Internet Explorer to communicate over the network. This is just one example; there are more. Some are quite advanced like use of XOR to bypass firewall. It is a broad topic and technically difficult to understand a lot of it.

The best way to prevent data loss is to not allow any suspicious\malicious process to execute on your system in the first place.

Of course, if you go to a phishing page - and submit data - then there's nothing that can prevent that. Nor will in-browser keylogger scripts be detected. Firewalls do not protect against these types of data loss.

Firewalls have a use in securing the system - but ultimately their protections are limited.

 

[Herofday]

In short, it really depends on the situation (how the firewall component was engineered and how good the malware is about security software awareness and the techniques it uses).

If you have a firewall component activated in a security product on your system, then it will be monitoring the traffic (usually both in-bound and out-bound (firewalls which monitor both in and out bound are also referred to as "two way firewalls")). This means that when a program either attempts to obtain information from the internet (connect to a host and retrieve information) or send information (connect and then attempt to send back) the firewall would be monitoring this activity. If a malware sample is attempting to make a connection which the firewall either automatically or due to the configuration decides to block, then this malicious process will become a failure at either obtaining or sending information.

However, in some cases it may be potentially possible for the malware sample to successfully obtain and send information, regardless of the original process being blocked. I wouldn't worry about something like this happening because most firewall components (from well-established vendors) these days are tested thoroughly, well-developed and fixed up on a regular basis.

If the firewall is blocking the malware, then generally yes, it is blocking communications to hacker.

However, even if you have a firewall installed, there is no guarantee that data theft will be blocked.

There are various techniques to bypass firewalls - for example - malware can use a trusted process such as Internet Explorer to communicate over the network. This is just one example; there are more. Some are quite advanced like use of XOR to bypass firewall. It is a broad topic and technically difficult to understand a lot of it.

The best way to prevent data loss is to not allow any suspicious\malicious process to execute on your system in the first place.

Of course, if you go to a phishing page - and submit data - then there's nothing that can prevent that. Nor will in-browser keylogger scripts be detected. Firewalls do not protect against these types of data loss.

Firewalls have a use in securing the system - but ultimately their protections are limited.

Ok, thanks for your time, I made clear my doubt