1st july....bugs in zonealarm

Discussion in 'other firewalls' started by ned kelly, Jul 1, 2006.

Thread Status:
Not open for further replies.
  1. ned kelly

    ned kelly Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    14
    Wasnt that guy going to post the first of the so called bugs in zonealarm on the 1st of july( damn! ive forgotten his name) He asked zonealarm for money and he was going to tell them about the bugs! anyone remember his name? matousek! that was it...
     
  2. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Hey yeah that`s right. I forgot all about that. I guess we`ll hear something soon...one way or the other. :)
     
  3. matousec

    matousec Registered Member

    Joined:
    May 17, 2006
    Posts:
    32
  4. beetlejuice69

    beetlejuice69 Registered Member

    Joined:
    Mar 16, 2005
    Posts:
    780
    Thanks for the update.
     
  5. ned kelly

    ned kelly Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    14
    Thankyou very much matoucec for that info on link. Zonelarm have lost so much credibility since the 4.5 series of firewalls, that nothing surprises me anymore with zonealarm...
     
  6. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Yep! So true! :(

    (I read the link).:rolleyes:
     
  7. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
  8. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    Well according to Matousec, ZA still holds first place in their tests so far when compared to Kerio and Norton Personal Firewall. So that means ZA still has better security credibility than Kerio and Symantec.
     
  9. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    matousec,
    After having waited for your highly touted discovery of multiple serious "vulnerabilities" within the Zone Labs' Zone Alarm firewall, I must say that my original suspicion of you seems to be supported by the above "So called bug," not refuted.

    The link you provide that contains an explanation of a long awaited explanation of your allegations seems to indicate that you classify the "exploit" as serious because of the following two reasons. One, the user is given an "arbitrary" alert. Two, the system crashes upon "exploit." The "arbitrary" alert seems anything but serious. You classify it as serious because, according to you, regardless of the users response the system crashes if the "exploit" is triggered. How does a system crash comprimise the system? Albeit, an undesirable event, but I fail to see how the system's security is breached by the initiation of a BSOD.
     
  10. matousec

    matousec Registered Member

    Joined:
    May 17, 2006
    Posts:
    32
    Hello Dallen,
    it is easy to answer.

    If you read our definitions properly you will find that it fits exactly definitions

    for example Serious bugs:

    Serious bugs
    We have only four classes of Bug risk. One level lower are minor bugs. Read our definition to see that this bug is worse. One level higher are critical bugs. Again, this bug is not critical. We can have tens of classes but instead we have also Bug character which is connected to bug risk. And character of this bug is system crash. Yes, we have not published the most critical bug in ZoneAlarm because we still communicate with Zone Labs.
     
  11. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I've looked at you site & your reviews & boy you do certainly see the glass half empty, just for curiousity since you feel no firewall is good what do you recommend?
     
  12. matousec

    matousec Registered Member

    Joined:
    May 17, 2006
    Posts:
    32
    The opposite is true. We still hope that products we will review in future will be better. Why do you think we feel that no firewall is good? We know that ZoneAlarm, Kerio and Norton are not good firewalls. From these three ZoneAlarm is the best choice. There is nothing about other firewalls because we simply do not know much about them before we review them.

    Personally I believe that at least one in Top 10 will be good.
     
  13. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    your sounding like my wife alot of fluff but didn't answer the question. You seem like a smart guy so you probably have a firewall so what is it that you run?, I'm curious to see your reply & with a real answer...
     
  14. matousec

    matousec Registered Member

    Joined:
    May 17, 2006
    Posts:
    32
    You should ask this directly. :)
    Ok, I use no personal firewall. I use WIPFW which is packet filter only. I do not use any antivirus too. But I think using no personal firewall is not a good solution for people who are not security experts. Common users can not recognize suspicious binary in hex editor when they download it. They trust personal firewall or antivirus in this. I just use hex editor because of system performance. But can I recommend this to common users? No! This is why I have started with this project. If you visit for example links page on our website you will find that we want to bring useful information about personal firewalls and the most important information - about products' security - comes with reviews. If you want me to recommend you personal firewall, please wait until some firewall gains less than 2000 penalty and then choose one from them.
     
  15. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    matousec,
    I have reviewed your site and read many of your posts. We've even exchanged private messages on this subject. You seem quite intelligent, very knowledgeable about the topic of firewalls, and even pollite and friendly. By making the above claim, I feel that you loose a lot of respect and credibility because you have not substantiated your claims. You have made serious, I mean serious claims, and backed them up with nearly nothing. Let's be honest with one another here.

    You are claiming that three of the top firewalls on the market available for home users are "not good firewalls." Recently, I'ver reviewed many of the top Anti-Virus softwares on the market and I know a lot about computers and computer security (I'm definately not an expert, but I know considerably more than the "average user"). What do you think the response would be if I claimed, "I've looked at BitDefender, Kaspersky, NOD32, Norton AV, and F-Secure and they all are inadequate anti-virus protection because I've tested them?"

    When users rightfully got upset about my unfounded claims and demanded to know why I was making such ridiculous assertions, I simply said "They all have serious problems." Finally after users demanded an explanation, I tell them that "F-Secure showed me that it scanned the fewest files, therefore it may have missed a virus, Kaspersky wouldn't run therefore it doesn't protect, NOD32 listed a bunch of files that it couldn't scan therefore it could miss viruses, and BitDefender and Norton are just bad."

    People will look at me and probably say, "Wow, this guy sounds smart, he says he's tested all of the major AVs on the market, but his conclusions do not seem to be supported by his evidence." Given that my claims are so serious, I think people would come to the conclusion that I do not know what I am talking about. It seems that's what is going on here with your claims.
     
    Last edited: Jul 9, 2006
  16. matousec

    matousec Registered Member

    Joined:
    May 17, 2006
    Posts:
    32
    dallen,

    I think it is just matter of time. You will be able to see more bugs soon. And about loosing the credibility ... I do not think so. We are talking to ZoneLabs seriously and we are close to make a deal. They have already expressed that they are interested in our help. I know that there was no how for you to know this before. We are just waiting until the deal is ready before talking about it. Hence it may look as you say. However, the reality is different and it is just matter of time. Be patient, I think you will change your mind sooner or later.
     
  17. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    matousec,
    I hope that you are correct. Zone Alarm is my favorite firewall. The main reason that I have issue with your statement that it is not a good firewall is that I see two possibilities:

    One, you are wrong and your claims are not serious. In which case, Zone Alarm is not as bad as you say it is.

    Two, you are correct and your claims are legitimate. In which case, Zone Alarm is still not bad because you are going to help improve it.

    Either case, Zone Alarm is going to be OK.;)

    Obviously, there are other possibilities, like you are wrong and Zone Alarm still has major flaws. Or, you are right and Zone Alarm does not accept your offer to help. Nevertheless, I respect the fact that you have withstood some harsh criticism from me and maintained your politeness.
     
  18. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I guess what Dallen is saying is instead of 50 cent words why not 10 cents worth of facts, bottom line it's still all a bunch of crap & sorry no sale, you can't prove anything with words but no facts...you can call it whiskey but it still tastes like soda pop...
     
  19. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    larryb52,
    You said in half a sentence what I tried to say in more than a paragraph.
     
  20. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Well im just glad that if there are these serious bugs that render the firewalls you list as useless,that you are taking,to these firewall vendors and not just selling the means on how to get round thier software defences ,to any tom dick and harry for money (which is what my initial thoughts had me believe).Although you list many bugs i guess the majority of users would have no problems with the software and only programmers or talented hackers might exploit the weaknesses?.I cant help wondering though why all these exploits havent been uncovered yet by za users or hackers or by ZA developers but your organization has uncovered them relativly easily if i understand your website correctly.Either your team is a lot more talented than many (including myself) believed or the bugs are "much ado about nothing" ?
    ellison
     
  21. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    ellison64,
    I am thinking along the same lines that you are. Let's face the facts here. matousec is trying to make money. How much money would a firewall company like Zone Labs be willing to pay for his information? Unless I am missing something, and I very well might be, I cannot see how the work that matousec seems to be doing could be justified by what I would think would be relatively little money in return. If matousec is as tallented as he claims and has a "team" of equally tallented individuals, why are they not developing their own software, making a name for themselves, and making some real money?
     
  22. larryb52

    larryb52 Registered Member

    Joined:
    Feb 16, 2006
    Posts:
    1,126
    I found it interesting that he doesn't use a firewall so you can't question what he's using. Also of note is the lack of fact as in when you do these steps than ZA shutsdown or when you go shields up it's shows a weaknesses in this area. The statements are general in nature & not to the point for the average user. Also of note is anyone's security setup is the completeness of the components, it's just not the firewall that protects the computer but the AV, process guards, etc,
     
  23. ellison64

    ellison64 Registered Member

    Joined:
    Oct 5, 2003
    Posts:
    2,499
    Well if he and his team are as good as the claims made ,then it would certainly be very interesting if they developed software too.Time will surely tell ;)
    ellison
     
  24. dallen

    dallen Registered Member

    Joined:
    May 11, 2003
    Posts:
    824
    Location:
    United States
    matousec

    Where is matousec? What is going on with his claims? Last I heard, Zone Labs was working with him and his team; however, we continue to be without an update. I have neither seen proof of the validity of his claims, nor an update to Zone Alarm. Hmmmm. What are we to make of this?
     
  25. ned kelly

    ned kelly Registered Member

    Joined:
    Sep 28, 2005
    Posts:
    14
    Matousec, why do I have to continuely remind you to honor your earlier statement to release a zonealarm bug on the 1st of each month as you have stated. If for some reason you have decided to reneg on your statement, please post the reason why.
    PS: Dont mouth off! If you cant back it up mate?


    well maybe im a little early, but it is the 1/8/06 in australia...:rolleyes:
     
Loading...
Thread Status:
Not open for further replies.