New Firewall Exploit- FireWar

Discussion in 'other firewalls' started by RL, Nov 20, 2002.

Thread Status:
Not open for further replies.
  1. RL

    RL Guest

  2. JacK

    JacK Registered Member

    Joined:
    Jun 20, 2002
    Posts:
    737
    Location:
    Belgium -Li?ge
    Hello,

    thx for the info.

    Don't know for File Checker.
    Running SystemSafetyMonitor, no problem locally.

    As for the remote test, not problem either with IE6SP1 nor Opera 6.05 if your security parameters Internet Zone about activeX are good :)

    Rgds,
     
  3. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Zone Labs Response

    Zone Labs response to the Firewar application

    The Firewar application is a "proof-of-concept" test utility that attempts to disable personal firewalls. It runs as an executable program or as an Active-X object. Some reports indicate that Firewar is capable of shutting down Zone Labs' software.

    Enterprise users need not concern themselves with these reports. Due to their multiple layers of protection, Zone Labs Integrity and ZoneAlarm Pro are completely unaffected by the application. Also, ZoneAlarm Pro offers an additional layer of protection with its Privacy features, which block Mobile Code such as Firewar's Active-X controls. Further, for users of POP email accounts, Integrity and ZoneAlarm Pro offer yet another layer of protection through Advanced MailSafe. MailSafe identifies and quarantines suspicious email attachments upon arrival, preventing the transmission of Firewar or any malicious software that would utilize its code.

    Home and small business users of our ZoneAlarm Pro and ZoneAlarm Plus products are also protected from this exploit, and do not need to worry about these reports. (Note that Firewar incorrectly identifies ZoneAlarm Pro and Plus as disabled. However, they remain secure and completely operational.)

    Against our free ZoneAlarm product, Firewar is sometimes able to interfere with its normal functioning. Zone Labs is examining further methods to eliminate the potential effects of this type of inference with our free product.

    We recommend that users always run an updated anti-virus product along with a Zone Labs product to maximize protection for their PCs.
     
  4. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    The FireWar ActiveX control is not signed. Thus, if you block unsigned ActiveX controls, you will block the ability of the demo page to install/run it.

    It is actually an ocx file, which could be easily installed and run by any application. :doubt:

    Regards,

    -Javacool
     
  5. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,331
    Location:
    Netherlands
    The program does not seem to recognize my firewall, although it is on it´s list: SPF 5.0 PRO
    What´s supposed to happen?

    Regards,

    Pieter
     
  6. javacool

    javacool BrightFort Moderator

    Joined:
    Feb 10, 2002
    Posts:
    3,997
    It is supposed to terminate your firewall. Sygate has not come forward with a press announcement about it (yet - to my knowledge) but it may only affect the free version of Sygate.

    Regards,

    -Javacool
     
  7. Scotcov

    Scotcov Guest

    Unbelievable! This is the first time I've been to a cracker's web site. It was professional, offering me a fine new software program, free for my personal use! Who are these people?! Are they all like that? It's too much to believe.
    Sure was glad to see Outpost block that activeX.
    Scotcov
     
Loading...
Thread Status:
Not open for further replies.