Zone Alarm...

[Terr]

I recently got into problems with ZoneAlarm. But mainly, it just isn't complex enough for me. I want more control, because sometimes I have an application that I want only a certain IP on the net to get to... AFAIK you can't really do that with ZA, it's too simplistic.

[richtig]

Originally posted by Bad_N3wZ
I personally dont think very much of Zone Alarm. Thats just my opinion though and as you can see from the previous posts alot of people think very highly of it. I personally use Tiny Softwares free firewall and would recommend it to anyone. Once you get on-line test out your security at-


www.symantec.com

When last I tried, Symantec's security check was not able to see your IP behind a firewall/cache and checks out the firewall/cache instead of your own machine.

Sygate's scanner is much more clever:

scan.sygatetech.com

[dcongram]

Zone Alarm does work extremely well....BUT...if you do put it on a computer with a 'worm', (as I did) it allows the worm access to the internet. The computer had outdated AV software. Once we killed the worm, all was right with the world.

One difficulty with Zone Alarm we discovered was using it on the @home network. We had to reduce it to 'medium' to view some sites. Something to do with the @home proxy.

Black Ice Defender does get a lot of bad press. What some don't realize is you can set it to 'paranoid' for best firewall protection.

I did use 'grc.com' and 'hackerwhacker' to test both, and used my own IDS to confirm their results.

[destined 2 fail]

i really like zone alarm .it is easy to set up etc etc... like everyone has already stated several times already.....however, i found when used with AOL (uh oh here come the comments of "get a real isp" and so on) it would not let the buddylist open until zonealarm was shut off, and if i turned it back on .. i would get kicked offline. besides that, i really like zone alarm alot and i have no problems using it with my other isps..just out of curiosity i was wondering if anyone else has heard of this(or experienced it)

[the_g_nee]

Zonealarm was the first firewall i tried on my puter, though I could not get it set up correctly..... lol ..... Was experiencing problems with internet games. Hence I got Norton Personal Firewall, which I find is easy to use, and simple to set up, though one word of advice for the Norton F/W, dont allow it to set up automatic rule configuration, configure it so you set up the rules yourself - more control.

A thought for you, F/W dont log the trojans that make it through, good antivirus and regular scans are equally important.

[Ennis]

ZoneAlarm and ZoneAlarm Pro can be stopped from loading by creating a memory-resident Mutex (using a call to the CreateMutex API). Uninstalling\reinstalling ZoneAlarm in a different path has no effect.
The impact of this vulnerability is that a Trojan running on a victim's machine can prevent ZoneAlarm from loading, and thus leave the victim open for attack.

Zone Labs "ZoneAlarm" and "ZoneAlarm Pro" programs both use a Mutex - an event synchronization memory object - to determine if it has already loaded (to prevent loading a second instance of the firewall).
By design, ZoneAlarm\ZoneAlarm Pro has no way of determining which program actually set the Mutex, thus allowing a Trojan to use the Mutex and block both ZoneAlarm and ZoneAlarm Pro from loading.

Exploit:
A Trojan can easily set this Mutex ("Zone Alarm Mutex") with one simple call to the CreateMutex API (see msdn.microsoft.com for more information on Mutexes). ZoneAlarm and ZoneAlarm Pro are then prevented from loading as long as the Trojan is alive. If ZoneAlarm is running, all the Trojan has to do is terminate the processes of zonealarm.exe, vsmon.exe and minilog.exe first before creating the Mutex. Despite being services, vsmon.exe and minilog.exe can both be killed by any program by setting its local process token privileges to SeDebugPrivilege, giving it the power to kill any process/service.

Demonstration:
A harmless, simple, working executable to demonstrate the vulnerability, is available at:
http://www.diamondcs.com.au/alerts/zonemutx.exe (16kb).
While the demo program is running, you will not be able to load ZoneAlarm or ZoneAlarm Pro, and if it finds that ZoneAlarm\ZoneAlarm Pro is running, it will terminate the ZoneAlarm processes and services first using SeDebugPrivilege before stealing the ZoneAlarm Mutex. The demo also opens an echo server socket to listen on TCP 7, allowing you to test socket connectivity/data transfer (try telnetting to 127.0.0.1 on port 7 and saying hello).

it's a "resource hog"...running both BlackICE & NeoWatch together take less resources than running one ZoneAlarm

[laurasbestmate]

Hi there, I have used zone alarm and pro and would recommend them both. However my favorite firewall at the moment is outpost, developed by agnitum.

[ANTI-HACKERS]

HI i use Zone Alarm and i think it is great only one thing if your using it at the highest security setting it is way to sensitive. It was picking up all kinds of intercepted packets. Every minute i was getting a new popup. For Norton thats all i would ever use for AV protection i recemmend it to everybody






ANTI-HACKERS

[I am a cracker]

Zonealarm hahahaha you mean that spy program I recommend getting nortons internet security firewall 2002 or sonicWALL

[KorpDeath]

Originally posted by Simon Templer
Zone Alarm is GREAT! I never get on the net without using it.

Go use Tom Liston's program called Outbound. You'll see that ZA is swiss cheese..

You can find it at www.hackbusters.net

And then when you're done with that, hop on over to www. sygate.com and download their ver 5.0 of their personal firewall (cause it actually protects you).

Just tryin' to help.