I have been using ZAP and was alarmed ;D that it may not be doing the job according to wilders.
I was thinking of switching to TINY due to the time of day controls but have put that on hold.

Apparently only LookNStop actually prevents non-microsoft type packets??? from travelling through the firewall.

Has there been any discussion on this issue??
Will ZAP 3.o address both time of day and the above type of packets supposed vulnerability??

Thanks

Not a ZAP user, but the reports I've seen are that 3.0 does stop outbound leak testers. You may want to check out Sygate Pro, along with LnS.

Anav,

{QUOTE-> I was thinking of switching to TINY due to the time of day controls but have put that on hold. <-QUOTE}

The quite soon to be released new Tiny PF v3.0 should take care of the problems you described.

Indeed LooknStop has it fixed (actually, the first one who managed to do so), and ZA PRO should have this fixed as well, same goes for Sygate Pro.

regards.

paul

Please note, the following is a joke, and is not intended to be taken seriously:

Check out the link below for the only, 100% secure firewall...

http://web.ranum.com/pubs/a1fwall/


Enjoy! *;D

I dissagree, the computer has to then be taken in to the <insert remote location here ei: desert, mountains, ocean> and buries in an unmarked and deep hole. notice the long /lat from your gps, but don't write it down, just remenber it. Then come back and get it when you need it again

{QUOTE-> I dissagree, the computer has to then be taken in to the <insert remote location here ei: desert, mountains, ocean> and buries in an unmarked and deep hole. notice the long /lat from your gps, but don't write it down, just remenber it. Then come back and get it when you need it again <-QUOTE}

LOL!

I'd rather lock the computer in some sort of safe that would not be penetrable my any force known to man, and could only be opened with my fingerprint, face-scan, iris-scan, 100 number long alphanumeric combination.

...And THEN bury it in <some remote location>.


Enjoy! *;D

Watch out for those Charlies Angels, I think they could still get you.........

T Barb

Here's the official response from ZoneLabs on this problem (from the BugTraq archive, here: http://online.securityfocus.com/archive/1/244192.

{QUOTE->
In-Reply-To: <3C0E54A9.18978.24B88E9@localhost>

In reply to Message-ID:
<3C0E54A9.18978.24B88E9@localhost>

Tom contacted us a couple of weeks ago with the
information that certain packet drivers can bypass the
low-level firewall that is part of our ZoneAlarm and
ZoneAlarm Pro drivers. Upon investigation we
confirmed the problem and we are testing a fix.

It turned out that a bug in Windows NDIS layer allows
a packet driver to bypass any personal firewall or
similar product. In order to exploit the bug, malicious
code would have to break through two levels of
protection in our software - our inbound firewall
protection and/or our MailSafe feature that blocks
potentially dangerous attachments. In addition, a
malicious application would need administrative
privileges under Windows NT, 2000 and XP. To date,
there have been no reports of actual exploits of this
potential vulnerability and we are working on a fix and
expect to have another build for testing next week.

After providing Tom with a test version of ZoneAlarm
Pro that sealed this vulnerability to confirm the fix, he
was then disappointed that his LaBrea@Home
application would not work any more. LaBrea@Home
is a honey pot application that attempts to frustrate
hackers by initially responding to a scan but then not
continue "the conversation". The theory is that a
hacker would waste time in his/her scan but would
ultimately be unsuccessful in the attempt. *We'd
recommend that a honeypot application be put on a
separate machine and not be protected by a firewall.
*
If used by security specialists, *honeypot applications
have their legitimacy, but we firmly advise against this
approach for most users because honey pots do
(and are designed to) attract subsequent attacks.
ZoneAlarm and ZoneAlarm Pro will block
indiscriminate outbound traffic to untrusted
computers by applications that attempt to bypass the
normal TCP/IP stack and therefore we don't expect
that LaBrea@Home and our products will work
together. It is possible to configure ZoneAlarm and
ZoneAlarm Pro for this setup but we don't
recommend it for the reasons listed above.

Tom contention that we block any outbound traffic
issued by drivers other then the regular TCP/IP driver
is simply wrong. *For example, most VPN drivers do
just that in one way or the other. However we require
that such drivers only communicate with the trusted
computers as defined by the local zone in ZoneAlarm
and ZoneAlarm Pro.

Tom further complains that he doesn't get an alert for
every single blocked packet. This is as designed.
ZoneAlarm and ZoneAlarm Pro have been carefully
designed to eliminate unnecessary alerts. This
includes:
1) Only issue one alert for any hack attempt even if
the attempt consists of multiple packets.
2) Reduce alerts by "Internet background noise".
3) Repress alerts if issuing an alert might lead to a
DoS situation because processing the alerts start to
take up too much CPU time.

This behavior is consistent with most professional
firewalls - personal or otherwise. In addition,
ZoneAlarm Pro allows the user to customize many of
the alert settings.


Te Smith
Director, Corporate Communications
Zone Labs Inc.
1060 Howard St.
San Francisco, CA *94103
415-341-8233 (v)
415-341-8399 (f)
831-462-5317 (Santa Cruz)
tsmith@zonelabs.com


<-QUOTE}

Hope this helps answer some of your questions, Anav.


Enjoy! ;D

As for this moment, there's - as far as I know - just one official software firewall release available coping with this issue: LooknStop.

No doubt, in the near future many (now Beta) firewalls will release their official release coping with this as well.

regards.

paul

{QUOTE-> As for this moment, there's - as far as I know - just one official software firewall release available coping with this issue: LooknStop.

No doubt, in the near future many (now Beta) firewalls will release their official release coping with this as well.

regards.

paul <-QUOTE}

Probably, as the latest ZoneAlarm Pro 3.0 beta seems to be fairly near a RC release (in the opinion of a couple people on these forums - not officially though).

I uninstalled Zone Alarm. *Best decision I have made. *Zone Alarm has more holes then swiss cheese. *

{QUOTE-> I uninstalled Zone Alarm. *Best decision I have made. *Zone Alarm has more holes then swiss cheese. *

<-QUOTE}
Such as?

{QUOTE-> I uninstalled Zone Alarm. *Best decision I have made. *Zone Alarm has more holes then swiss cheese. *

<-QUOTE}

I have not found any major problems with ZoneAlarm (in fact, I have it on all of my computers) - there were a couple minor cosmetic issues with the interface, but that has all been fixed now in 3.0.

Personally, I fell nothing can live up to the number of holes in swiss cheese - except for an unprotected computer on cable internet with file sharing on with no password (running Windows 95 with no patches) - THEN maybe we can talk about things in relation to swiss cheese *:)

"except for an unprotected computer on cable internet with file sharing on with no password (running Windows 95 with no patches) - THEN maybe we can talk about things in relation to swiss cheese"
Now that's a scary thought.
And what's worse, there's probably thousands of computers all over the world in just that condition. *:o

Hi root,

{QUOTE-> And what's worse, there's probably thousands of computers all over the world in just that condition. <-QUOTE}

I'll bet probably millions... ::)

regards.

paul *

{QUOTE->
I'll bet probably millions... ::)
<-QUOTE}

1 billion...going once...going twice...

{QUOTE-> 1 billion...going once...going twice... <-QUOTE}

Final bid: 1,5 billion. Don't bother; that's final *8)

regards.

paul