ZoneAlarm Question
Page 1 of 2 12 LastLast
Results 1 to 10 of 16

Thread: ZoneAlarm Question

  1. #1
    Junior Member
    Join Date
    Aug 2001
    Posts
    17

    ZoneAlarm Question

    Ok I hope that this doesn't turn into a this product sucks, use this one, or a You shouldnt use Outlook debate... This is just a question that I was wondering if anyone had thought about or run into.



    Here is the scenario:

    I have ZoneAlarm Pro Loaded

    I am using Outlook 2000 as my mail client

    I have MS Word 2000 set as my default email editor

    I receive an email with a hyperlink

    I click on the hyperlink, ZoneAlarm Pro prompts me to let MS Word access the Internet

    I click yes and remember this answer

    Latter I receive a document as an attachment that is infected with a macro virus mass-mailer (for sake of this question lets assume that the virus is new and my anti-virus definitions will not catch it)

    Since I have already told ZoneAlarm to always allow MS Word to access the Internet will it allow the virus/trojan/whatever to access the Internet and send out multiple copies of it self?

    Any comments are welcome.
    Share on Google+

  2. #2
    Senior Member
    Join Date
    Sep 2001
    Posts
    800
    It shouldn't because that trojan should be leaving as a different program. Unless it uses your Word 2000 to leave. Or if it uses your Outlook program to send the mail then it might get past.
    Hope this helps
    [gloworange]\"A hacker is someone who has a passion for technology, someone who is possessed by a desire to figure out how things work.\" [/gloworange]
    Share on Google+

  3. #3
    Senior Member
    Join Date
    Oct 2001
    Posts
    146
    um maybe my reasoning or understanding was all lost with my last test, but i don't know what the quesion is.

    -havanger
    Share on Google+

  4. #4
    Junior Member
    Join Date
    Aug 2001
    Posts
    17
    Havenger-

    Sorry if I was not clear the basic question is:

    if ZoneAlarm is set to always allow MS Word to access the Internet will it allow a macro virus/trojan/whatever in MS Word to access the Internet thus defeating the blocking of un-solicited outbound traffic?

    Thanks
    Share on Google+

  5. #5
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    If the macro virus was entirely Word-based, yes. The thing is, though, (as far as I know) you really can't do much on the internet with Word Macros. If somebody really wanted to do something malicious, they would have to have an external program (ex visual basic script) do it which ZoneAlarm would then prompt for.

    As far as emails, though, yes - a Word macro could start shooting off emails and if they sent them through Outlook, then you wouldn't be alerted.
    \"If you torture the data enough, it will confess.\" --Ronald Coase
    Share on Google+

  6. #6
    Senior Member
    Join Date
    Oct 2001
    Posts
    175

    Macro Virii

    BOFH

    The answer to your question is, Yes it will be able to access the internet and mail copies of itself (Assuming you have Outlook as always being a to connect). Remember that Office products (Excel, Word, Outlook, Etc) are all interconnected and intergrate Visual Basic for Applications (VBA) therefore a macro virus could have ALMOST the same capabilities as a Visual Basic Program.

    Now in regards to Zone Alarm Firewall:
    Lets say you have Word , Outlook and Internet Explorer as always being connected...

    The the virus could not only propagate itself through email (Courtesy of Outlook) , but it could also have the capabilities of downloading and executing a file from the internet (Courtesy of IE), as well as several other things such as editing the registry, etc, etc.. The possibilites are endless with VBA.

    To top this off...If the virus creator anticipated a user having Zone Alarm...they could check to see if it was installed ; and then delete or corrupt it...

    At that point it could use FTP (Courtesy of DOS) and download and upload files...

    All with a macro....

    I hope this has helped to answer your question!

    Personal Note: Honestly, I would not use Outlook or Outlook Express for an email client, for the simple fact that almost 95% of the email-propagating virii/worms target Outlook Users
    Simon Templer

    \"Your work is to discover your world and then with all your heart give yourself to it. \"
    -The Buddha
    Share on Google+

  7. #7
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    The the virus could not only propagate itself through email (Courtesy of Outlook) , but it could also have the capabilities of downloading and executing a file from the internet (Courtesy of IE), as well as several other things such as editing the registry, etc, etc.. The possibilites are endless with VBA
    If I were to create a VB script to use IE to download a file from the internet, would not an IE window pop up? That is, from my experience with VBA (which is not all that much), you cannot easily hide an external program you are executing (IE). Granted, you could minimize it, but most people would probably catch that.
    \"If you torture the data enough, it will confess.\" --Ronald Coase
    Share on Google+

  8. #8
    Senior Member
    Join Date
    Oct 2001
    Posts
    175

    Brief Explanation

    Ok.. First

    If I were to create a VB script to use IE to download a file from the internet...
    VB Script and VB programming are not the same...VB Script is exactly as its name implies...a "scripting language" although yes, VB Script is based on Visual Basic.. VB Script uses the Windows Scripting Host to execute VBS files. Visual Basic Source is actually compiled to create applications.

    Office uses VBA which uses the syntax of the Visual Basic Programming language.

    Second..The Ability to Hide Shelled Programs.

    If you wanted to run an application "hidden", then this can be achieved by taking advantage of the "vbHide" keyword.

    Example:
    Shell "[whatever]", vbHide

    This would "shell" "whatever" and it would be hidden from the user's view...

    Unfortunetly..if you try to download a file using vbHide..you will recieve a File Download Dialog Box...But you will not see IE

    There is a way to download a file from the internet..without prompting or recieving a File Download Dialog Box...However I am afraid to post the source... for fear that someone will be tempted to misuse it.

    Oddly enough when I was testing the code...I found that Zone Alarm gave me no warning... It did NOT give any alerts (even for Word) I even disallowed internet to M$ Word, and the file was still downloaded to my hard drive without warning...

    Interesting isn't it... All from a Word Macro
    Simon Templer

    \"Your work is to discover your world and then with all your heart give yourself to it. \"
    -The Buddha
    Share on Google+

  9. #9
    Senior Member
    Join Date
    Aug 2001
    Posts
    170

    Arrow

    VB Script and VB programming are not the same
    Sorry about that - I have to get out of the habit of classifying VB and VBA under just "VB". Thanks for pointing that out.

    Definately interesting how everything could be piped through IE without ZoneAlarm knowing. Goes to show you still absolutely need antivirus, firewall, and always keep the antivirus up to date. Even then you have to make sure you are careful what you run.
    \"If you torture the data enough, it will confess.\" --Ronald Coase
    Share on Google+

  10. #10
    Senior Member
    Join Date
    Oct 2001
    Posts
    175
    No Need To Apologize

    It is interesting how Zone Alarm didn't pick up on the file download...

    I think I'm going to test it with Tiny Personal Firewall and see if it is detected.
    Simon Templer

    \"Your work is to discover your world and then with all your heart give yourself to it. \"
    -The Buddha
    Share on Google+

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides