Is that tooleaky tool for real.

Can zonealarm stop it somehow without blocking internet explorer. Um so it seems zonealarm is a pos if this simple ass program and go right through it.

:(

oh here is the link if u dont know what i'm talking about

/http://tooleaky.zensoft.com/

cya,
Will

-{ Quote: " quoting: war59312 link=board=23;threadid=5222;start=0#34014 date=1038767627]
Is that tooleaky tool for real.

Can zonealarm stop it somehow without blocking internet explorer. Um so it seems zonealarm is a pos if this simple ass program and go right through it.

:(

oh here is the link if u dont know what i'm talking about

http://tooleaky.zensoft.com/

cya,
Will
" }-

ZoneAlarm Pro can block this exploit with its component protection feature.

I do not believe the free version of ZoneAlarm has this feature, however.

Regards,

-Javacool

Yeap sure does. :)

Does plus block this as well?

cya,
Will

PS: Just wondering because i dont need the cookie and ad blocking stuff with pro.

Zone Alarm Plus and Pro are the same as far as Firewall and Program Component capabilities go. ZA Pro only adds the Privacy features (filtering active content, cookies, etc.) I run Plus because I also do not need the Privacy features to be inside my firewall, but I do want program controls. Note, that a brand new version of ZAP, (ZoneAlarm Pro with Web Filtering Bundle 3.5.132), was just released and has even more web filtering and privacy related capabilities, specifically "by program", which may well defeat tooleaky. I haven't tested this yet myself.

tooleaky can get by any ZA (any version) if you have IE set to be allowed full Internet access without asking in ZA. When you run tooleaky, it simply fires up a new IE program session in a hidden window. If you have IE allowed in ZA, tooleaky will get out successfully.

tooleaky does not make use of trusted program replacement or dll injection like some other leak tests. It is actually exploiting the ability of one program on Windows to send commands and read data back from another window. The source code is provided at the tooleaky link and it's a pretty simple program.

Now, tooleaky is just a proof of concept test. It is very limited in what it can do, but it does point out that Windows has a seriously flawed design as far as some security goes. (Is that actually news to anyone? ;) ) I don't know what real-world malware might attempt to use this type of exploit in the wild, but, it certainly is possible.

Some more of my general thoughts on tooleaky... -{ Quote: "It is of course an interesting demo of what a program can do on your system - of course, you must download and run the program to give it this power in the first place. Standard safe computing practices would protect you from real world malware designed like this.

Looking at the source code in tooleaky.cpp, it really is only acting as a command scripting program - passing specific commands to IE in this case. But, in the real world of malware, it could be designed to ride on top of other programs that are allowed out through your firewall.

Does this make your firewall "a joke" like they say in the tooleaky pop-up? Well, what about all those other programs that disable virus checkers and firewalls? (I think they are called trojans or viruses. I think I've read about them here abouts ;) ). We don't expect the firewall to be a 100% solution against them, either, so we run AV/AT.

Personally, I'm not really worked up about tooleaky's proof of concept. Old news, so to speak.

My solution is to have ZA set to require IE to ask for access, versus hard coding in access permissions. It is not that difficult to answer a ZA prompt once at the beginning of a browser session. The question happens once when you first start the session, and doesn't come up again even if you're on for hours. Extra windows that share the same IE process (pop-ups, or those created by ^N - opening in a New window) - these don't ask since its the process, not the window that was granted the first access. I prefer making IE ask." }-

Anyone interested in understanding the specific security issues underlying tooleaky's proof of concept should try it out on their system.

Hey,
Yea I'm running the latest build of Zone Alarm Pro. The 3.5 version.

Yea it blocks it only if you have "Enabled Advanced Program Control" on.

So is that included with Plus.

I'm just trying to make a descision to which one I should use.

I dont need the extra over head you know.

Thanks,
Will

-{ Quote: "So is that included with Plus." }-

Well, so far we don't know. The brand new (release version) of ZAP 3.5 just came out. As yet, they have not released a new ZA+, so we won't know until they do just what features will carry over. I'd hope that some of advanced program control would go into Plus from Pro, but, obviously they'll want to maintain the differential between Plus and Pro to get people to pay more for Pro.

Hopefully, Zone Labs will make this all clear soon.

oh ok i thought it was already released for some reason :P

oh well guess i'll wait and see :)

thanks,
will