lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20030701013932.6546.qmail@www.securityfocus.com>
Date: 1 Jul 2003 01:39:32 -0000
From: Te Smith <tsmith@...elabs.com>
To: bugtraq@...urityfocus.com
Subject: Re: Bypassing ZoneAlarm (limited)


In-Reply-To: <20030623061246.7134.qmail@....securityfocus.com>

The posting describes test results using older versions of Zone Labs’ 
ZoneAlarm and also erroneously attributes the problem to a flawed core 
design.  

Zone Labs’ Advanced Program Control feature protects PCs from the 
ShellExecute theoretical exploit.  This feature is available in all Zone 
Labs’ advanced consumer security products, as well as Zone Labs’ 
enterprise security product, Integrity.  Advanced Program Control protects 
against this theoretical exploit and others which attempt to bypass the 
firewall’s trusted application permissions.  

Zone Labs recommends that users run Program Control at the 
default ‘medium’ setting for about a week so that the software 
will ‘learn’ each program that is used for Internet access.  After a week, 
configure Program Control at the high setting.  At that point, users will 
only be prompted with an Alert if there is a problem.  As a result, users 
get full protection against the ShellExecute theoretical exploit.  Zone 
Labs is always working on improving these and other features to make them 
easy-to-use and intuitive for all users, no matter their skill level.

Zone Labs first introduced the Advanced Program Control feature in 
November, 2002 with the release of ZoneAlarm Pro 3.5.  Zone Labs added 
this feature to Integrity at the same time and then added it to ZoneAlarm 
Plus in February, 2003.    Zone Labs recommends that all users keep their 
security products up-to-date at all times.   

We have continually hardened security in our free ZoneAlarm, as we do with 
all our releases, but we do not include all advanced features in this 
basic product.

More information can be found through our technical support FAQs. 

Te Smith
Sr. Director, Corporate Communications
Zone Labs
tsmith@...elabs.com






Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ