ZA Pro Protection ByPass

Discussion in 'other firewalls' started by Rasheed187, Feb 28, 2006.

Thread Status:
Not open for further replies.
  1. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
  2. metallicakid15

    metallicakid15 Registered Member

    Joined:
    Dec 6, 2005
    Posts:
    454
    so earlier version not affected or what>?
     
  3. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    This has already been mentioned in November last year(the Wilders related post is here somewhere too if you search) as shown by these Secunia Advisory:
    http://secunia.com/advisories/17450/

    As you can see from the Secunai advisory, "Secunia does not normally regard this kind of security bypass in personal firewalls as a vulnerability. However, Secunia has decided to write about this particular issue because Zone Labs is marketing the product as being able to stop this kind of attack via the "Advanced Program Control" functionality".

    Any other software firewalls (not only ZA) and older versions of ZA will also fail this test too unless the user has set their firewall to always ask for permission when their browsers are launched since this "so-called vulnerbility" relies on the way Windows handles the code. Secunia did not add this advisory to them because those firewalls did not contain a "OSFirewall"-like feature last time.

    Zone Labs has not mentioned anything regarding this and it may not take any action directly related to this since again this is not considered a software firewall vulnerbility.
     
    Last edited: Mar 1, 2006
  4. manzz

    manzz Registered Member

    Joined:
    Oct 6, 2005
    Posts:
    55
    hmmm, Well if Zonelabs is:-
    Then why
     
  5. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    I don't know since I don't work in Zone Labs but I am guessing its a limitation of what HIPS can monitor. Additionally since its not classified as a vulnerbility, there would not be alot of urgency in solving this problem. In my opinion, Zone Labs have more pressing matters such as fixing the bugs present in the version 6 series of ZA and getting the x64 version of ZA out which has already been delayed by 2 months.
     
  6. Rasheed187

    Rasheed187 Registered Member

    Joined:
    Jul 10, 2004
    Posts:
    8,026
    Location:
    The Netherlands
    Thanks for the feedback, hopefully this can be fixed in the future. But does anyone has an idea how to do this? Should a HIPS be able to stop it or should it be fixed in IE. o_O
     
  7. unhappy_viewer

    unhappy_viewer Registered Member

    Joined:
    Sep 16, 2005
    Posts:
    259
    So far in my observation, I hven't seen a HIPS from any manufacturer monitor javascript instructions. Its probably because so many websites use javascript such as banking websites etc. that if there was a HIPS that could monitor javascript, users will be getting alot of prompts when surfing. This can cause of of confusion and unecessary worry. Thats is why Secunia does not list this as a vulnerbility because directly using javascript is not harmful. Its the program that tries to initiate the script and bring people to malicious or phishing sites hat are. Technically it would then fall to antiviruses, anti-spyware or anti-trojan programs to 'brand' that program as malicious and include it in their definitions for cleaning.
     
Loading...
Thread Status:
Not open for further replies.