Hi all, I use ZoneAlarm Pro, with OSFirewall enabled. Internet Explorer has only Internet access but if IE wants to run (or communicate with) another application ZoneAlarm asks me if I want it... Let's imagine: Internet Explorer has new security flaw and possible exploit can cause buffer overflow that can cause running another process. Can ZoneAlarm protect me against this?
Hi, If your question is "does ZA prevents Buffer Overflows?", the answer is NO (this not the rule of a firewall, but of H/IPS or specialized products. For a protection of IE, there's Spywall: ( http://www.trlokom.com/product/spywall.php? ) which prevents: -infections (BHO and other spywares) -and attacks (phishing, browser hijacking etc). If we take a look at the Data Sheet (pdf), Spywall claims a protection against most buffer overflow attacks which targets the browser (and as effective could be this protection, that should be considered as limited). A simple strategy to avoid IE problems: 1. deny access (Windows programs configuration) to IE (the majority of internet users surf with IE, that's why it is more targeted and attacked), 2.choose and use an alternative browser (mozilla/firefox or OPERA), 3.do not enable the option "default browser" for this alternative browser, 4.do not create "allow/permit" rule in your firewall for the browser, but just "allow/permit" once/now (...) Regards
ZAP's Operating System FW certainly protected me a few days ago. I clicked a link to a site, whilst using I.E. with the Internet Zone slider set to 'Medium', and was immediately hit by the .wmf exploit. Fortunately my AV intercepted that, but I also got a pop-up from ZAP informing me that I.E. was attempting to launch Rundll.exe which I blocked. I'm not sure what might have happened if I'd allowed I.E. to spawn Rundll.exe (apart from another pop-up from PG! ) but I don't suppose it would have led to a happy outcome for someone lacking this protection.
That's what I have done. ZoneAlarm always asks if I want to allow or deny it. So I do think i should be protected