Malicious code could trick ZoneAlarm firewall

Discussion in 'other firewalls' started by ronjor, Sep 30, 2005.

Thread Status:
Not open for further replies.
  1. -----

    ----- Guest

    Yes, but most people are not only to dual boot just to handle leak tests :)



    It's not a very complete defense and is more security by obscurity but it works against leak tests PoC that makes assumptions about system setups.(default browsers for example, common locations and file names for browsers etc ) More advanced attacks would be cleverer than that using clever methods to discover which are trusted apps rather than merely guessing , but that's another battle.
     
  2. BILL G

    BILL G Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    80
    Location:
    MN USA
    First I would like to Thank WILDERS & Forum Members for all the Verygood Advise & Info. I have read here. I have used ZAP &ZAF for over 4yrs. I do not need or want the extra features of ZAP. I am using ZAF Version 5.5.094.000 . I run FIREFOX & T BIRD so I very seldom use IE . In ZA Program Control for IE I have 4 Red Xs. I ran the Test and got a POP-UP saying Blocked. I changed the Settings in Access Trusted & Internet to ?-? and ran the Test again. I got a POP-UP from ZA to ALLOW or DENY . A few seconds later I got a POP-UP saying Blocked . It looks like MY Copy of ZAF Passed OK.
     
  3. StevieO

    StevieO Guest

    Hi BILL G,

    I'm with you as i don't need or want the extra "features" of ZAP or any other FW either ! I want a FW to FW, end of !

    Interesting results you got there. I have my IE set up as you describe, Settings in Access Trusted & Internet to ? + ? The others to X + X.

    Did you have an instance of IE open when you tried the test ? If not it might be an idea to try it again and see what happens. If you go back up and read my earlier post you will see my experiences, with and without !


    StevieO
     
  4. BILL G

    BILL G Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    80
    Location:
    MN USA
    Stevie
    I ran Test#1 with IE Closed and Test#2 IE Open, I reran test again O or C has no effect.
    TEST#2
    IE Open about blank on ADD. Bar
    XXXX BLOCKED
    ?XXX BLOCKED
    ??XX ZA Alert IE trying to Access IP 127.00.1 Port3189 PU Blocked
    V?XX ZA Alert+ POP-UP Blocked
    VVXX No ZA Alert No POP-UP Nothing in ZA Program LOG orIE ADD.ba
    r . I found a FX window with Surfer Test Page on it.

    The KEY seems Allowing IE Internet Access or NOT
    As long as IE Allows itself to be Used by the BAD GUYS it has a Problem.
    That is why I use FIREFOX & T-BIRD
     
  5. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    stevieO brought my attention to this thread - i've been thinking how to stop piggie backing trojans with kerio 2.1.5 as it performed very poorly in the leaktests. i tried the surfer test and it sailed straight thru - also other tests use IE and/or the default browser. i don't use IE except on rare occasions - so i decided to switch off the rule for IE in Kerio. i also made it my default browser - now anything wanting to use IE or the default (IE) throws up a Kerio alert and all i need to do is reply deny. Not foolproof i'm sure but a big improvement on the gaping hole i had before.
     
  6. ronjor

    ronjor Global Moderator

    Joined:
    Jul 21, 2003
    Posts:
    163,052
    Location:
    Texas
    ZoneAlarm Personal Firewall Program Control Feature Bypass

    Secunia does not normally regard this kind of security bypass in personal firewalls as a vulnerability. However, Secunia has decided to write about this particular issue because Zone Labs is marketing the product as being able to stop this kind of attack via the "Advanced Program Control" functionality.

    Not critical
    Impact: Security Bypass
    Where: Local system
    Solution Status: Unpatched

    Secunia
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.