-
October 17th, 2001, 02:05 AM
#41
I recently got into problems with ZoneAlarm. But mainly, it just isn't complex enough for me. I want more control, because sometimes I have an application that I want only a certain IP on the net to get to... AFAIK you can't really do that with ZA, it's too simplistic.
[HvC]Terr: L33T Technical Proficiency
-
January 15th, 2002, 07:12 AM
#42
Junior Member
Originally posted by Bad_N3wZ
I personally dont think very much of Zone Alarm. Thats just my opinion though and as you can see from the previous posts alot of people think very highly of it. I personally use Tiny Softwares free firewall and would recommend it to anyone. Once you get on-line test out your security at-
www.symantec.com
When last I tried, Symantec's security check was not able to see your IP behind a firewall/cache and checks out the firewall/cache instead of your own machine.
Sygate's scanner is much more clever:
scan.sygatetech.com
-
January 15th, 2002, 09:42 AM
#43
Zone Alarm
Zone Alarm does work extremely well....BUT...if you do put it on a computer with a 'worm', (as I did) it allows the worm access to the internet. The computer had outdated AV software. Once we killed the worm, all was right with the world.
One difficulty with Zone Alarm we discovered was using it on the @home network. We had to reduce it to 'medium' to view some sites. Something to do with the @home proxy.
Black Ice Defender does get a lot of bad press. What some don't realize is you can set it to 'paranoid' for best firewall protection.
I did use 'grc.com' and 'hackerwhacker' to test both, and used my own IDS to confirm their results.
-
January 15th, 2002, 10:30 AM
#44
Member
i really like zone alarm .it is easy to set up etc etc... like everyone has already stated several times already.....however, i found when used with AOL (uh oh here come the comments of "get a real isp" and so on) it would not let the buddylist open until zonealarm was shut off, and if i turned it back on .. i would get kicked offline. besides that, i really like zone alarm alot and i have no problems using it with my other isps..just out of curiosity i was wondering if anyone else has heard of this(or experienced it)
-
January 28th, 2002, 02:32 PM
#45
Zonealarm was the first firewall i tried on my puter, though I could not get it set up correctly..... lol ..... Was experiencing problems with internet games. Hence I got Norton Personal Firewall, which I find is easy to use, and simple to set up, though one word of advice for the Norton F/W, dont allow it to set up automatic rule configuration, configure it so you set up the rules yourself - more control.
A thought for you, F/W dont log the trojans that make it through, good antivirus and regular scans are equally important.
-
January 28th, 2002, 03:16 PM
#46
ZoneAlarm and ZoneAlarm Pro can be stopped from loading by creating a memory-resident Mutex (using a call to the CreateMutex API). Uninstalling\reinstalling ZoneAlarm in a different path has no effect.
The impact of this vulnerability is that a Trojan running on a victim's machine can prevent ZoneAlarm from loading, and thus leave the victim open for attack.
Zone Labs "ZoneAlarm" and "ZoneAlarm Pro" programs both use a Mutex - an event synchronization memory object - to determine if it has already loaded (to prevent loading a second instance of the firewall).
By design, ZoneAlarm\ZoneAlarm Pro has no way of determining which program actually set the Mutex, thus allowing a Trojan to use the Mutex and block both ZoneAlarm and ZoneAlarm Pro from loading.
Exploit:
A Trojan can easily set this Mutex ("Zone Alarm Mutex") with one simple call to the CreateMutex API (see msdn.microsoft.com for more information on Mutexes). ZoneAlarm and ZoneAlarm Pro are then prevented from loading as long as the Trojan is alive. If ZoneAlarm is running, all the Trojan has to do is terminate the processes of zonealarm.exe, vsmon.exe and minilog.exe first before creating the Mutex. Despite being services, vsmon.exe and minilog.exe can both be killed by any program by setting its local process token privileges to SeDebugPrivilege, giving it the power to kill any process/service.
Demonstration:
A harmless, simple, working executable to demonstrate the vulnerability, is available at:
http://www.diamondcs.com.au/alerts/zonemutx.exe (16kb).
While the demo program is running, you will not be able to load ZoneAlarm or ZoneAlarm Pro, and if it finds that ZoneAlarm\ZoneAlarm Pro is running, it will terminate the ZoneAlarm processes and services first using SeDebugPrivilege before stealing the ZoneAlarm Mutex. The demo also opens an echo server socket to listen on TCP 7, allowing you to test socket connectivity/data transfer (try telnetting to 127.0.0.1 on port 7 and saying hello).
it's a "resource hog"...running both BlackICE & NeoWatch together take less resources than running one ZoneAlarm
-
January 28th, 2002, 04:01 PM
#47
Junior Member
Best firewall?
Hi there, I have used zone alarm and pro and would recommend them both. However my favorite firewall at the moment is outpost, developed by agnitum.
-
January 28th, 2002, 06:25 PM
#48
-
January 28th, 2002, 06:28 PM
#49
Zonealarm hahahaha you mean that spy program I recommend getting nortons internet security firewall 2002 or sonicWALL
-
January 28th, 2002, 07:10 PM
#50
Originally posted by Simon Templer
Zone Alarm is GREAT! I never get on the net without using it.
Go use Tom Liston's program called Outbound. You'll see that ZA is swiss cheese..
You can find it at www.hackbusters.net
And then when you're done with that, hop on over to www. sygate.com and download their ver 5.0 of their personal firewall (cause it actually protects you).
Just tryin' to help.
Mankind have a great aversion to intellectual labor; but even supposing knowledge to be easily attainable, more people would be content to be ignorant than would take even a little trouble to acquire it.
- Samuel Johnson
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|