ZoneAlarm flaw isn't flaw in ZoneAlarm?

If you pay any attention to news about software or PC security, you've no doubt heard of a severe flaw discovered recently in the popular ZoneAlarm personal firewall. You may have heard that Zone Labs initially refused to fix this flaw in the free version of their software, saying that users would need to upgrade to the expensive Pro version to fix this issue. You may also have heard that Zone Labs has back pedaled and decided to address the issue after all.

Here is something that you may not have heard. Most of that is not true. Zone Labs is not telling people to upgrade to the pro version to fix this flaw. In fact, there is no flaw to be fixed.

This all started when someone posted a hypothetical password theft exploit to Bugtraq. In his hypothetical exploit, the person speaks of a rogue application running and stealing the user's passwords or credit card information.

Read rest of article: http://www.spywareinfoforum.com/articles/zonelabs/exploit_hoax.php

 

After whining by quite a few people, they are going to prevent the issue in the free version.

The issue is not ZA, its a windows exploit, in which a certain trojan would have to be installed at the same time. So the user lets a trojan on their system, and then it uses windows exploits. In no way is this a ZA bug, but so many clueless newbies complained, along with bad PR, they are going to add this feature to the free version.

Do you expect a packet filtering firewall to prevent a trojan the user let be installed by some means to run amok on the system with your windows files? NO, this is why I think the issue is so stupid.

 

im a free junky lol newbies bend them to are will mawhaaaaaaaaaaaaaa
doe i cant use winky eye need to allow active scripting lol

 

The issue of is it a firewall problem or is it a Windows problem came up with the first leak tests published. I have always felt it was basically a design flaw in Windows that allows most leaks to work the way they do. In seeing what M$ has come up with, in Longhorn, to make their OS safer, I'm beginning to wish MS would let the 3rd party vendors take care of such issues.

I still believe there are even more "leak tests" to be revealed yet, and it is my understanding that for a firewall type application to properly protect against such exploits, it is going to be necessary to use a sandbox type approach. If firewall vendors keep applying patch after patch to plug leak after leak, soon all the firewalls are going to be the same patched mess M$'s OSs are.

What is going on is the equivalent to Electronic Countermeasures warfare. The good guys come up with a new technique, and the bad guys come up with something to counter it. Then the good guys counter that, and it goes on and on.

SSM has demonstrated the fact that a sandbox approach to dealing with most of the leak tests did not take re-inventing the electron. Although it is not perfect, I think with a few more refinements, it will demonstrate that a sandbox can be run on a home computer with minimum hassle and maximum security. I personally think that the firewall vendors should take a serious look at sandboxing if they want to be competitive in the future.

Getting on the computer and surfing the net should be a fun experience, or a safe learning experience for those that use it for education. I wonder when people are going to get tired of playing this game of I can break down your security, ha ha. Frankly, I'm getting bored with the whole mess and I doubt very much if someone is going to take the time and the effort involved to try to compromise my computer, and if they do, what have they gained? If you don't keep sensitive information on your computer, then no one is going to get it by any exploit.

The best firewall has been and always will be the brain. Use it and the results should be favorable.

 

lol longhorn whats that blaze puts halo over his head lol

 

Is that the new windows operating system i see there?

must be the southern windows verstion.

hmmmm looks unsecure kinda heavy and bloated

it looks like its by itself means dosent get along with other programs

it must be made by microsoft lol

 

Longhorn