Question about Exploits

Discussion in 'other firewalls' started by fosius, Feb 22, 2006.

Thread Status:
Not open for further replies.
  1. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    Hi all,
    I use ZoneAlarm Pro, with OSFirewall enabled. Internet Explorer has only Internet access but if IE wants to run (or communicate with) another application ZoneAlarm asks me if I want it... Let's imagine: Internet Explorer has new security flaw and possible exploit can cause buffer overflow that can cause running another process. Can ZoneAlarm protect me against this?
     
  2. kareldjag

    kareldjag Registered Member

    Joined:
    Nov 13, 2004
    Posts:
    622
    Location:
    PARIS AND ITS SUBURBS
    Hi,

    If your question is "does ZA prevents Buffer Overflows?", the answer is NO (this not the rule of a firewall, but of H/IPS or specialized products.

    For a protection of IE, there's Spywall:

    ( http://www.trlokom.com/product/spywall.php? ) which prevents:

    -infections (BHO and other spywares)
    -and attacks (phishing, browser hijacking etc).

    If we take a look at the Data Sheet (pdf), Spywall claims a protection against most buffer overflow attacks which targets the browser (and as effective could be this protection, that should be considered as limited).

    A simple strategy to avoid IE problems:

    1. deny access (Windows programs configuration) to IE (the majority of internet users surf with IE, that's why it is more targeted and attacked),
    2.choose and use an alternative browser (mozilla/firefox or OPERA),
    3.do not enable the option "default browser" for this alternative browser,
    4.do not create "allow/permit" rule in your firewall for the browser, but just "allow/permit" once/now (...)

    Regards
     
  3. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    ZAP's Operating System FW certainly protected me a few days ago.:D

    I clicked a link to a site, whilst using I.E. with the Internet Zone slider set to 'Medium', and was immediately hit by the .wmf exploit. Fortunately my AV intercepted that, but I also got a pop-up from ZAP informing me that I.E. was attempting to launch Rundll.exe which I blocked.

    I'm not sure what might have happened if I'd allowed I.E. to spawn Rundll.exe (apart from another pop-up from PG!:D ) but I don't suppose it would have led to a happy outcome for someone lacking this protection.:rolleyes:
     
  4. fosius

    fosius Registered Member

    Joined:
    Oct 14, 2004
    Posts:
    479
    Location:
    Partizanske, Slovakia
    That's what I have done. ZoneAlarm always asks if I want to allow or deny it. So I do think i should be protected:)
     
Loading...
Similar Threads
  1. ttomm1946
    Replies:
    0
    Views:
    517
Thread Status:
Not open for further replies.