Spyware allows penetration beyond Zonealarm
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Spyware allows penetration beyond Zonealarm

  1. #1

    Spyware allows penetration beyond Zonealarm

    It would seem that a certain form of spyware new to the scene is able to force zonealarm (free and pro) to accept it's outgoing connection. I have always spoken against using Zone Alarm due to not only it's limited ability without payment (or piracy, shame on you) but it's childishly simple ways of getting around the inbound filtersHere is yet another case in point.. While it is already in spybot, I wanted to bring this to the forfront attention because of how incredibly hard it is to get rid of, prevent, and detect.

    From spybot description notification
    Product: ClientMan
    Threat: Malware/Possibly spyware


    Functionality
    Unknown

    Description
    Unknown how it gets onto a computer, or what the exact damage it does is, but it is surely bad, as it automatically forces ZoneAlarm to accept it's connect, without giving the user a choice.
    From symatec
    Spyware.ClientMan is a spyware application that submits various Internet usage information to a server, including email and instant messaging details. It also submits personal information, such as IP address, browser used, and user details retrieved from other installed applications on the system.
    ---------
    For the sake of network security, get rid of zonealarm and migrate to different firewall. I personally recommend kerio because of the amount of indepth functionality it has (and a built in IDS, come on.. beat that) while others recommend symatec.

    More information on the spyware:
    http://www.doxdesk.com/parasite/ClientMan.html
    http://securityresponse.symantec.com...clientman.html
    http://www.pestpatrol.com/PestInfo/c/clientman.asp
    http://www.spysweeper.com/removing-clientman.html

  2. #2
    Banned
    Join Date
    Jul 2003
    Posts
    374
    pooh sun tzu, I am using Norton Internet Security Professional 2004 and
    Sygate Personal Firewall. Do you think that this is adequate protection from
    this threat? Does it only affect Zonealarm? What signs/ traces does this leave
    behind to determine if you have been affected?

    Thanks TidaL.....

  3. #3
    I've seen many reports across google of it being allowed past the Norton Firewall, but sygate seems to pick up on the threat and notify you. Sygate should be safe, but keep an eye on that Norton program, lest it get infected.

    To see what files to keep an eye out for, read the links provided above

  4. #4
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    pooh sun tzu : bowing down to your more complete knowledge of this area than me would you recomned that I migrate then from using Outpost (free edition) to the same free personnal edition of kerio?

    v_Ln

  5. #5
    bowing down to your more complete knowledge of this area than me
    That is incorrect. And the first peice of advice I can give is for you to never do that again. I am like you, still learning and will continue learning. I am like everyone else here, a student. I value your insight and advice as much as the next person, so I ask you to please never put yourself below anyone here

    On other news, I say give kerio free edition a shot. It may seem difficult to use at first but it's like the difference between windows and linux. Just a different way of thinking about it. If you end up enjoying it and finding that extra power/control to your liking, then so be it. If not, you will at least have experienced a new firewall.

  6. #6
    Senior Member
    Join Date
    Oct 2002
    Posts
    4,055
    I just recently downloaded Outpost Agnitium and so far I'm pretty impressed. A wee bit different than most firewall's to me and it sorta puzzled me at first, but it's working quite well.
    Space For Rent.. =]

  7. #7
    Macht Nicht Aus moxnix's Avatar
    Join Date
    May 2002
    Location
    Huson Mt.
    Posts
    1,752
    I have or am in the process of trying most all of the free firewalls. Of the ones I have tried, I believe that kerio is the best so far, although I am just starting to try out the outpost one, and it seems (so far) to be a very good one.
    I think that the IDS function of kerio does give it a slight edge though.
    \"Life should NOT be a journey to the grave with the intention of arriving safely in an attractive and well preserved body, but rather to skid in sideways, Champagne in one hand - strawberries in the other, body thoroughly used up, totally worn out and screaming WOO HOO - What a Ride!\"
    Author Unknown

  8. #8
    I am currently using NIS because it came with a free subsciption with my mobo. When it comes to free firewalls, kerio is outstanding. Although I am 0/2 with successful installations of it. Both times Kerio interfered with more than it should have. It gave me horrible program startup problems on a ME and XP machine, even when it was disabled. But when it would work, everything about kerio's configurability rocked, and I wish I could use it.

    Does IPtables exist for windows?

  9. #9
    Flash M0nkey
    Join Date
    Sep 2001
    Posts
    3,447
    That is incorrect. And the first peice of advice I can give is for you to never do that again. I am like you, still learning and will continue learning. I am like everyone else here, a student. I value your insight and advice as much as the next person, so I ask you to please never put yourself below anyone here
    am not putting myself below anyone - just saying that you have more experience in this area than me - which i feel to be quite accurate....now if we were taling webdesign (esp flash) things may be different - i think anyways

    v_Ln

  10. #10
    Banned
    Join Date
    Aug 2001
    Location
    Yes
    Posts
    4,424
    I have Outpost Pro installed on my laptop, and Kerio on our desktop.
    The problem with Outpost (although it's not really a problem) is that the free version is still at Version 1.0. while the Pro version is at Version 2.1. I've been using Outpost since the very first beta was released, and it's always been my choice since then. The free version is limited, and if you really want to compare Kerio with Outpost, you should compare both the paying versions.
    Comparing the fully-functional version of Kerio (Kerio is fully functional for the first 30 days, after that you'll loose the content filtering capabilites) with Outpost Free version isn't really fair
    Note that the Pro version of Outpost is free for 30 days as well.

    BTW: Agnitum is making the same unfair comparison by comparing their Pro version to the Kerio personal (limited) version here. It's still a good chart, though.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •