Window Firewall under fire

I started the morning with a quick glance at the blog headlines. Donna’s Security Flash has a headline “Windows Firewall has a backdoor”. Donna is a MVP, I would assume based in security based on the name of the blog.
The blog entry contains a link to discussion on bugtraq. It seems someone has reported that if they add a new key to HKEY_LOCAL_MACHINE/SYSTEM/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/AuthorizedApplications/List they can “circumvent” the firewall. I have no doubt that this will be picked up by the usual Microsoft hating press eg, and The Register. Of course reading bugtraq would require real work. They likely wont pick up the story until after it appears in Slashdot.
Others quickly replied to debunk this story. “This is not a backdoor or vulnerability. The default permissions on this key are Full Control for SYSTEM and Administrators and Read for Users. The Administrator should be able to configure the firewall to allow programs to connect outbound.”
Another reply from a Pivx employee “having an exception list is not a back door”. Basically any time you run code as administrator there is no limit to the damage that you can do. This is true with any software.
He went on to say that there was a Blackhat 2004 Briefings in Las Vegas where Eugene Tsyrklevich had a presentation called “Attacking Host Intrusion Prevention Systems” in which he demonstrated on-stage how to completely circumvent McAfee Entercept, a behavioral host based protection product which tries to limit the actions of malicious code once it is already running on the machine.