The tooleaky tool. Real?

Discussion in 'other firewalls' started by war59312, Dec 1, 2002.

Thread Status:
Not open for further replies.
  1. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    Is that tooleaky tool for real.

    Can zonealarm stop it somehow without blocking internet explorer. Um so it seems zonealarm is a pos if this simple ass program and go right through it.

    :(

    oh here is the link if u dont know what i'm talking about

    /http://tooleaky.zensoft.com/

    cya,
    Will
     
  2. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,995
    ZoneAlarm Pro can block this exploit with its component protection feature.

    I do not believe the free version of ZoneAlarm has this feature, however.

    Regards,

    -Javacool
     
  3. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    Yeap sure does. :)

    Does plus block this as well?

    cya,
    Will

    PS: Just wondering because i dont need the cookie and ad blocking stuff with pro.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,840
    Location:
    New England
    Zone Alarm Plus and Pro are the same as far as Firewall and Program Component capabilities go. ZA Pro only adds the Privacy features (filtering active content, cookies, etc.) I run Plus because I also do not need the Privacy features to be inside my firewall, but I do want program controls. Note, that a brand new version of ZAP, (ZoneAlarm Pro with Web Filtering Bundle 3.5.132), was just released and has even more web filtering and privacy related capabilities, specifically "by program", which may well defeat tooleaky. I haven't tested this yet myself.

    tooleaky can get by any ZA (any version) if you have IE set to be allowed full Internet access without asking in ZA. When you run tooleaky, it simply fires up a new IE program session in a hidden window. If you have IE allowed in ZA, tooleaky will get out successfully.

    tooleaky does not make use of trusted program replacement or dll injection like some other leak tests. It is actually exploiting the ability of one program on Windows to send commands and read data back from another window. The source code is provided at the tooleaky link and it's a pretty simple program.

    Now, tooleaky is just a proof of concept test. It is very limited in what it can do, but it does point out that Windows has a seriously flawed design as far as some security goes. (Is that actually news to anyone? ;) ) I don't know what real-world malware might attempt to use this type of exploit in the wild, but, it certainly is possible.

    Some more of my general thoughts on tooleaky...
    Anyone interested in understanding the specific security issues underlying tooleaky's proof of concept should try it out on their system.
     
  5. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    Hey,
    Yea I'm running the latest build of Zone Alarm Pro. The 3.5 version.

    Yea it blocks it only if you have "Enabled Advanced Program Control" on.

    So is that included with Plus.

    I'm just trying to make a descision to which one I should use.

    I dont need the extra over head you know.

    Thanks,
    Will
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,840
    Location:
    New England
    Well, so far we don't know. The brand new (release version) of ZAP 3.5 just came out. As yet, they have not released a new ZA+, so we won't know until they do just what features will carry over. I'd hope that some of advanced program control would go into Plus from Pro, but, obviously they'll want to maintain the differential between Plus and Pro to get people to pay more for Pro.

    Hopefully, Zone Labs will make this all clear soon.
     
  7. war59312

    war59312 Registered Member

    Joined:
    Nov 30, 2002
    Posts:
    72
    Location:
    U.S.A
    oh ok i thought it was already released for some reason :p

    oh well guess i'll wait and see :)

    thanks,
    will
     
Thread Status:
Not open for further replies.