Sneaky Prevx

[StevieO]

Sir,

In ZA all my Apps are configured to Always ask me for permission for access to the internet. So how does Prevx manage to sneak out data after detecting something new, or a potentially FP ?

Malware could quite easily make use of this technique surely ! So how to only allow the good guys like Prevx, and block the bad ?

Concerned in Tunbridge Wells.

[Cudni]

are you sure you have not allowed Prevx, and whatever .exe it uses, access to the net?

[StevieO]

Hi, yes i've just rechecked for you, and, Everything in ZA is set with a ? or X

[Cudni]

if you click block all network traffic can Prevx connect?

[StevieO]

No, just tried by double clicking on a new file.

[StevieO]

Just thought, it might be using FF to sneak out ? Going to log off and close all browsers and try. I'll be back.

[StevieO]

No it wasn't that, so

[Cudni]

in ZA amongst the apps allowed out there will be a prevx component

[StevieO]

Not that i can see, have a look

[Cudni]

what happens if you block that prevx entry?

[StevieO]

It doesn't get out when i block all 4, but then ....

Jeepers creepers, would you belive it ? All i did was change 1 thing as in the screenie, and out it goes with NO warning. What's up with that

Not good at all, and makes me now wonder about what else could escape, or has !

Well i'm looking forward to an answer from someone at Prevx ASAP, not that it's possibly their fault of course. But if they need data out and peoples FW's block it, then it won't reach them. But it shouldn't surrupticiously bypass a FW, if that's what it's doing !

I'm all ears, i mean eyes.

Cudni Thanx for your input.

S

[Cudni]

it would interesting to hear what ZA has to say and why is there no prompt for connection (could be a bug)

[PrevxHelp]

That's weird indeed We aren't using anything strange to connect out... if you ask someone at ZL, you can tell them that Prevx uses the 'cURL' library to connect out.

[Page42]

Just curious, StevieO... you're using Online Armor Firewall and ZoneAlarm together?

[StevieO]

Cudni

Quite honestly i doubt if ZA would even respond, as i'm using v5.5.062.000 on XP.

PrevxHelp

OK that's good to hear. Not sure exactly what 'cURL' library is, so i'll look it up.

Page42

Actually no, that entry must be from a previous OA version i tried, and i'm using the free version not Premium, so i don't know why it shows that ?

Thanx all

[HKEY1952]

In the background ZoneAlarm silently uses the Application Layer Gateway Service for communications to bypass its Firewall.
With ZoneAlarm the Firewall Rules are superficial because ZoneAlarm does as it wants when it comes to communications.
One can create an Block Rule and ZoneAlarm will find away around the block through the Application Layer Gateway Service.
The TrueVector Service patches the Windows Kernel far too deep for my comfort.

HKEY1952

[Airflow]

Quote:

But it shouldn't surrupticiously bypass a FW,

lol, what did you expect?

[StevieO]

HKEY1952

Really, sheesh, how about that, the barstewards !

After you wrote that i X'd all the lines in ZA for ALG, which didn't seem to prevent any problems to anything. But now i'm trying out the FW in OA, so i'll see what does, or doesn't !

Thanx for the Very helpful insight.

Airflow

Err, not that lol.


S

[fax]

Quote:

Originally Posted by HKEY1952

In the background ZoneAlarm silently uses the Application Layer Gateway Service for communications to bypass its Firewall. HKEY1952

LOL what a crap, ZA does not need alg.exe, it filters all communication via vsmon.exe, the firewall driver cannot be blocked via ZA. ZA cannot block itself (you can however turn off all the features that communicate out).

Every year a new conspiracy theory on ZA. Must be like MS BS secret code... ZA was tested here by Stem and others and there was NO leaks OUT, stop posting BS!!

On the other issue... well XP was not even there with version 5.5... sooo you can draw your own conclusions. Have you tried any more recent versions?

Fax

[HKEY1952]

Quote:

Originally Posted by fax

LOL what a crap, ZA does not need alg.exe, it filters all communication via vsmon.exe, the firewall driver cannot be blocked via ZA. ZA cannot block itself (you can however turn off all the features that communicate out).

Every year a new conspiracy theory on ZA. Must be like MS BS secret code... ZA was tested here by Stem and others and there was NO leaks OUT, stop posting BS!!

On the other issue... well XP was not even there with version 5.5... sooo you can draw your own conclusions. Have you tried any more recent versions?

Fax

No one is talking about blocking ZoneAlarm or blocking the firewall driver, why don't you get your FAX straight before you Post.
Also, the ZoneAlarm Forum tactics of defending ZoneAlarm do not work over here at the Wilders Security Forums.
It is an FAX that the Application Layer Gateway Service can be used to bypass Firewalls.
ZoneAlarm is currently only surviving on past reputation, and that reputation is rapidly decaying.
Perhaps I sentenced it wrong in my first Post, it should have read:
The ZoneAlarm vsmon.exe uses the Application Layer Gateway Service in its communications to bypass its Firewall.
You know for an FAX that most of the ZoneAlarm Rules, especially the Expert Rules are ignored by ZoneAlarm and most of the Rules are superficial.
Trying to setup Custom Rules or Expert Rules always corrupts ZoneAlarm and the ZoneAlarm user receives the famous ZoneAlarm Forum remedy:
You have corrupted your installation of ZoneAlarm, you need to Reset ZoneAlarm. Now that's BS.


HKEY1952

[fax]

Quote:

Originally Posted by HKEY1952

The ZoneAlarm vsmon.exe uses the Application Layer Gateway Service in its communications to bypass its Firewall. HKEY1952

ehu? LoL What are you talking about?
ZA using ALG to avoid itself? It does not need to.
It will use its own/MS services to connects out! May be you should put some FACTS on the table. Because otherwise it looks like you have been smoking something strange

No comment on the rest of the post... already gives the reader a clear flavour on your ZA feelings

Fax