Discussion in 'other firewalls' started by POS, Nov 8, 2005.
My Zonealarm free has failed against tooleaky? Why? DoesZA PRO fails?
Have just upgranded to ZA PRO, and continues to fail to toolleaky!!
Maybe you have to upgrade to the Internet Security Suite. ?
Ok, I´ve turned aplicattion control to high level, and ZA stopped toolleaky... But I think it´s a job that a good firewall, with or without aplicattion control, should do.
My Zonealarm free passes that one and 99% of all others.
If you set up ZA to prompt you to Allow/Deny and DON'T select Remember for anything, and click DENY, then it WILL pass that test as in my Screen Shot.
If you also install something like the Excellent and Free Winsonar as i have, then Any EXE test etc won't even be allowed to launch, unless you allow it.
. . .
Winsonar 2005 XP Freeware Edition is a program specifically designed for process monitoring and system protection from unknown processes.
Winsonar 2005 XP is a Freeware program and is provided without any limitation at no charge to the user. If you find this program fast, convenient and useful, a little donation to the UNICEF or to your National Red Cross is encouraged by the author.
. . .
No ZAPRO does not fail! Suspicious Behaviour Alert is displayed and tooleaky is blocked...
And I have yet to see a leaktest passing ZA 6....(same as Outpost lol )
Edit: With default settings
Does anyone know if 4.5.094 free version and also 4.5.094 pro pass these test?
I don´t know why, but my ZA does not even ask for me to allow or deny Toolleaky
NOD32 has detected firehole as a virus...
Well, I was too optimist.... here you have....
Not yet checked if true...
Removed link-TOS violation--Ron
I have two suggestions for you:
1) Run through the recommendations in the last bulleted points on the Zonelabs page at:
2) Register on the Zonelabs user forum, at http://forums.zonelabs.com/zonelabs
and ask any question you like there.
not sure what was wrong in that link but probably the answer would be 'read the TOS'...
May be this link from 'securityfocus' will be more acceptable? Feel free to remove...
That's fine. Some of the sites that discover vulnerabilities in software do some good. Unfortunately, some of those sites also have what would be classified as malware on them.
Hi fax and All,
I've just tried this " New " test and here are my results.
This is what the website says about the test.
. . .
. . .
This test is a slightly different implimentation of the earlier one, the DDE vulnerability, we looked at and experimented with here which was allowed.
Malicious code could trick ZoneAlarm firewall
WinSonar thankfully DID block it for me again as it always does with unknown EXE's. But then i allowed it through to see what would happen.
Same as before, with no IE running i get a prompt alert from ZA which i DENY. But with IE running it piggybacks on it to the test page and you see this.
. . .
Demo - Defeating Zone Labs Products Advance Program Control and Personal Firewall Based On Behavioral Based Analysis
. . .
I have Java Script etc disabled so it's not that !
The new test is osfwbypass-demo.exe = 25kb and the previous one is zabypass.exe = 26kb. Very similar GUI's but the new one fails to display correctly for me.
yes, I can confirm that this time Tr0y (a.k.a Debasis Mohanty) did his home work correctly as compared to the previous poor zabypass.exe PoC.
My free ZA does not fail Tooleaky .I don't get an alert but I get abox saying it did not connect and my connection is slow or similar words. Also PG asks if i want it to run. However there are several firewall tests ZA free did fail, but again PG asked if I wanted it to run. I think the one s ZA failed used dll injection I do not really understand this
Does one need Winsonar if one has PG Free. Do they work the same way?
I loaded & tried ZA(Free) version 4.5.538.001 (the only version I keep around).
If it helps at all, given the same condition that IE must apply each time for permissions then I can confirm the above version of ZA produces the same result as StevieO's screenshot in post #5.
Just to confirm that as expected PG picked up on the .exe and had to be instructed to let it go for the sake of the test.
Which version are you using?
Yes, that's true. It can be a little annoying at times, though. Like when you go to open a program that Winsonar hasn't seen before and it kills it immediately. At first you wonder what's wrong, but then you remember than Winsonar is running.
Okay, now I have to ask, why that particular version? Does it have something the other versions lack?
does ZA pro pass the wallbreaker test?
i have nvidia firewall, but it doesnt pass it, doesnt even ask me for permission for anything.
4.5.538 was a popular one for quite a while when version 5.x first came out. There were a lot of problems with 5.0 initially, and some preferred to stick with trusty old 4.5 even later when the problems were resolved. 4.5 also didn't have the AV monitoring which many felt was useless.
Separate names with a comma.