Spyware allows penetration beyond Zonealarm

[pooh sun tzu]

It would seem that a certain form of spyware new to the scene is able to force zonealarm (free and pro) to accept it's outgoing connection. I have always spoken against using Zone Alarm due to not only it's limited ability without payment (or piracy, shame on you) but it's childishly simple ways of getting around the inbound filtersHere is yet another case in point.. While it is already in spybot, I wanted to bring this to the forfront attention because of how incredibly hard it is to get rid of, prevent, and detect.

From spybot description notification
Product: ClientMan
Threat: Malware/Possibly spyware


Functionality
Unknown

Description
Unknown how it gets onto a computer, or what the exact damage it does is, but it is surely bad, as it automatically forces ZoneAlarm to accept it's connect, without giving the user a choice.

From symatec
Spyware.ClientMan is a spyware application that submits various Internet usage information to a server, including email and instant messaging details. It also submits personal information, such as IP address, browser used, and user details retrieved from other installed applications on the system.

---------
For the sake of network security, get rid of zonealarm and migrate to different firewall. I personally recommend kerio because of the amount of indepth functionality it has (and a built in IDS, come on.. beat that) while others recommend symatec.

More information on the spyware:
http://www.doxdesk.com/parasite/ClientMan.html
http://securityresponse.symantec.com...clientman.html
http://www.pestpatrol.com/PestInfo/c/clientman.asp
http://www.spysweeper.com/removing-clientman.html

[TidaLphasE23]

pooh sun tzu, I am using Norton Internet Security Professional 2004 and
Sygate Personal Firewall. Do you think that this is adequate protection from
this threat? Does it only affect Zonealarm? What signs/ traces does this leave
behind to determine if you have been affected?

Thanks TidaL.....

[pooh sun tzu]

I've seen many reports across google of it being allowed past the Norton Firewall, but sygate seems to pick up on the threat and notify you. Sygate should be safe, but keep an eye on that Norton program, lest it get infected.

To see what files to keep an eye out for, read the links provided above

[valhallen]

pooh sun tzu : bowing down to your more complete knowledge of this area than me would you recomned that I migrate then from using Outpost (free edition) to the same free personnal edition of kerio?

v_Ln

[pooh sun tzu]

bowing down to your more complete knowledge of this area than me

That is incorrect. And the first peice of advice I can give is for you to never do that again. I am like you, still learning and will continue learning. I am like everyone else here, a student. I value your insight and advice as much as the next person, so I ask you to please never put yourself below anyone here

On other news, I say give kerio free edition a shot. It may seem difficult to use at first but it's like the difference between windows and linux. Just a different way of thinking about it. If you end up enjoying it and finding that extra power/control to your liking, then so be it. If not, you will at least have experienced a new firewall.

[Spyder32]

I just recently downloaded Outpost Agnitium and so far I'm pretty impressed. A wee bit different than most firewall's to me and it sorta puzzled me at first, but it's working quite well.

[moxnix]

I have or am in the process of trying most all of the free firewalls. Of the ones I have tried, I believe that kerio is the best so far, although I am just starting to try out the outpost one, and it seems (so far) to be a very good one.
I think that the IDS function of kerio does give it a slight edge though.

[Soda_Popinsky]

I am currently using NIS because it came with a free subsciption with my mobo. When it comes to free firewalls, kerio is outstanding. Although I am 0/2 with successful installations of it. Both times Kerio interfered with more than it should have. It gave me horrible program startup problems on a ME and XP machine, even when it was disabled. But when it would work, everything about kerio's configurability rocked, and I wish I could use it.

Does IPtables exist for windows?

[valhallen]

That is incorrect. And the first peice of advice I can give is for you to never do that again. I am like you, still learning and will continue learning. I am like everyone else here, a student. I value your insight and advice as much as the next person, so I ask you to please never put yourself below anyone here

am not putting myself below anyone - just saying that you have more experience in this area than me - which i feel to be quite accurate....now if we were taling webdesign (esp flash) things may be different - i think anyways

v_Ln

[Negative]

I have Outpost Pro installed on my laptop, and Kerio on our desktop.
The problem with Outpost (although it's not really a problem) is that the free version is still at Version 1.0. while the Pro version is at Version 2.1. I've been using Outpost since the very first beta was released, and it's always been my choice since then. The free version is limited, and if you really want to compare Kerio with Outpost, you should compare both the paying versions.
Comparing the fully-functional version of Kerio (Kerio is fully functional for the first 30 days, after that you'll loose the content filtering capabilites) with Outpost Free version isn't really fair
Note that the Pro version of Outpost is free for 30 days as well.

BTW: Agnitum is making the same unfair comparison by comparing their Pro version to the Kerio personal (limited) version here. It's still a good chart, though.