zonealarm vs pc aduit

[Bethrezen]

GRRRR im very anoyed at the people at zone labs because yet again iv been able to by pass zonealarm there saposeadley inpregnable firewall i like it wasnt even there i downloaded this lil applcation pc aduit to test to see if i was vrunable and yet again zonealarn has let me down it didnt even know that there was anythin sus goin on what is the use of havin a firewall if it can be bypassed so easley though admitadley it is the free version im using so ya cant expect the same protection but that could at least close loop holes like this and too leakey fire trap etc

here is the link http://www.isa-llc.com/downloads/audit.php

can some others test this on difrent firewalls to see if it is able to bypass them to i just want to know if its just zonealarm or if its able to get round other firewalls to

[root]

PC Audit is nothing more than smoke and mirrors to get you to buy their product.
I could have you download all kind of files and have you execute them and blast right thru any firewall you had, since you would be working with me.
I'm not a big ZA fan, but it's better than that.

[Bethrezen]

hi root

ok you might have a point about pc aduit but how am i ment to tell the difrence between a genuine problem and smoke and mirrors and what about vunrabilitys like too leakiy and firetrap etc thay are real vunrabilitys that have not been fixed yet and that was my mager gripe i just dont like fact that loop holes like that have been fixed in the comerical version and not in the free version

is there a fire wall that is as good or better than zone alarm that is still as easy to use see havin no experance with rule based fire walls i dont think id beable to config it properaly

[Paul Wilders]

Hi Bethrezen,

It all comes down to voluntary downloading/executing executables here. And doing so (or not!) is one's own individual choice. It's in essence a human vulnerability, rather than a software vulnerability.

regards,

paul

[root]

Hi Bethrezen. I happen to think there are several firewalls better than zoneAlarm. Most of them are really not that hard to install and use.
I know most people find Outpost easy to use out of the box. If you need help with it, it has excellent support at the Agnitum Outpost forum.
I also think Look N Stop is a good firewall, and there is a ready made ruleset for it that requires minimal tweaking.
I used Sygate before I switched to Outpost, and it is easy to use.
Here's the deal from my point of view. A firewall can be a simple thing like ZA and protect you fairly well. Not being highly configurable limits your ability to protect against various situations that will probably be different with each user.
A really good firewall will not only be a wall, but will have the barbed wire strung across the top and a moat at the base.
There's no getting around the fact the more effort you put into your security, the better the protection you are going to have.
As for the first part of your question, how to tell whether a vulnerability test is of concern or not. I usually wait a few days, check what's being said on different boards about it, check with the Register, Sans, maybe a couple of other places and see what the opinion is. If it is a major concern, it is going to be talked about all over the place.
Of course, you can always ask here.

[JacK]

Quote:

quoting: Forum Admin link=board=9;threadid=2088;start=0#14991 date=1025375151]
Hi Bethrezen,

It all comes down to voluntary downloading/executing executables here. And doing so (or not!) is one's own individual choice. It's in essence a human vulnerability, rather than a software vulnerability.

regards,

paul

Hi Paul,

Yes and no

Let's say PCAudit is a trojan which glue (sorry for my bad English) to IE or Explorer to phone home unnoticed (no masquerading) and that you run it willingly for test purpose, like any leaktest (there are a lot).
But it could be a "real trojan" which could install itself behind you back like other trojans without you beeing aware of it.

It REALLY send information to PCAudit, it's no childish script which allow you to see (and only you) your C:\

I am not aware of such a trojan till now but it surely will exist in one day or one year

AFAIK, only SSM prevents the leak.
I think any standalone firewall would leak if the test is run with IE open, some would prevent the leak if IE is closed and Explorer access to the W3 deny.

It's indeed rather a Windows vunerability and not a FW vulnerability, I don't care who is culprit but I bugged Max (SSM) till the leak was prevented :-D

You know I can make a really nuisance of myself for security products' developpers when I think it 's necessary
http://smilies.sofrayt.com/1/s/diablo.gif


JacK

[Paul Wilders]

JacK,

Grin..like this discussion

Quote:

But it could be a "real trojan" which could install itself behind you back like other trojans without you beeing aware of it.

mmm.."behind my back"? Apart from nasties running parallel/beneath the Windows stack, how should this happen, while sufficient counter measures are installed?

Quote:

I am not aware of such a trojan till now but it surely will exist in one day or one year

I will not disagree; could well be. Question is, if sec apps will keep up with this (leaving the Windows O/S aside - at least the kernell is a vulnerable issue).

Quote:

AFAIK, only SSM prevents the leak.

As soon as SSM is bug-free it might indeed be a solution. TDS4 will have some interesting defense as well in this regard - I'll leave it up to DCS to provide more info.

Quote:

It's indeed rather a Windows vunerability and not a FW vulnerability

Seems we do agree after all!

Quote:

I don't care who is culprit but I bugged Max (SSM) till the leak was prevented

Well, IMHO it's a necessaty to at least know who's to blame in order to tackle the issue. Push Max some more; SSM indeed seems to be a promise - but needs to be ironed out. I'm convinced you'll be the one (partly) helping out with this!

Quote:

You know I can make a really nuisance of myself for security products' developpers when I think it 's necessary

..just one of your qualities

regards,

paul

[JacK]

But it could be a "real trojan" which could install itself behind you back like other trojans without you beeing aware of it.


mmm.."behind my back"? Apart from nasties running parallel/beneath the Windows stack, how should this happen, while sufficient counter measures are installed?

lool : I was no thinking behind "your" back but lambda user's back.

You know how few people have a good knowledge about security issues

Nite,

JacK

[Paul Wilders]

A la prochaine, et bonne nuit, JacK

salutations,

paul

[JacK]

Goeie nacht en beste groeten, paul

Tot ziens,

JacK

[Paul Wilders]

I love multi-language threads!

(Good night, see you soon..)

regards,

paul