Results 1 to 2 of 2

Thread: Bypassing ZoneAlarm (limited)

  1. #1
    Senior Member therenegade's Avatar
    Join Date
    Apr 2003
    Posts
    400

    Bypassing ZoneAlarm (limited)

    This caught my eye on Bugtraq:



    The posting describes test results using older versions of Zone Labs
    ZoneAlarm and also erroneously attributes the problem to a flawed core
    design.

    Zone Labs Advanced Program Control feature protects PCs from the
    ShellExecute theoretical exploit. This feature is available in all Zone
    Labs advanced consumer security products, as well as Zone Labs
    enterprise security product, Integrity. Advanced Program Control protects
    against this theoretical exploit and others which attempt to bypass the
    firewall's trusted application permissions.

    Zone Labs recommends that users run Program Control at the
    default medium setting for about a week so that the software
    will learn each program that is used for Internet access. After a week,
    configure Program Control at the high setting. At that point, users will
    only be prompted with an Alert if there is a problem. As a result, users
    get full protection against the ShellExecute theoretical exploit. Zone
    Labs is always working on improving these and other features to make them
    easy-to-use and intuitive for all users, no matter their skill level.

    Zone Labs first introduced the Advanced Program Control feature in
    November, 2002 with the release of ZoneAlarm Pro 3.5. Zone Labs added
    this feature to Integrity at the same time and then added it to ZoneAlarm
    Plus in February, 2003. Zone Labs recommends that all users keep their
    security products up-to-date at all times.

    We have continually hardened security in our free ZoneAlarm, as we do with
    all our releases, but we do not include all advanced features in this
    basic product.

    More information can be found through our technical support FAQs.

    Te Smith
    Sr. Director, Corporate Communications
    Zone Labs
    tsmith_at_zonelabs.com
    A simple google brought up this:

    http://castlecops.com/postlite134369-.html


    Affected Products:

    ZoneAlarm free versions lack the "Advanced Program Control" feature and are therefore unable to prevent this bypass technique.
    Now,I was wondering..how ethical is it if you ask your customers to upgrade to ZAPro from ZA free because they dont provide the 'Advanced Program Control' to their ZA free users?Has anyone seen cases similar to these?And why on earth haven't they got rid of a two year old exploit?Also,I must admit to seeing little sense in 'setting ZA to it's medium security settings and letting it see which programs access the net for a week'.Any thought people?
    Btw,I realise that the Bugtraq link's dated 2003,the one from castle cops is only a few days old though,so I thought I'd just post and see.

  2. #2
    Senior Member
    Join Date
    Jun 2003
    Posts
    188
    This whole thing about ZA by debasis sucks, the point is it is easy to bypass software firewalls
    by running code inside a trusted process and i am really amazed why this is considered a vulnerability.
    take a look

    http://www.securiteam.com/windowsntf...UP0F0UGUO.html

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •