[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <e92364c304082115093307fd25@mail.gmail.com>
From: jftucker at gmail.com (James Tucker)
Subject: Unsecure file permission of ZoneAlarm pro.
> >>Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely,
> Isn't it supposed to store logs ? My english knowledge is probably too poor.
The folder name would suggest that. I raised an eyebrow when I saw that too.
> >>EVERYONE: Full
This means that anyone / anything which can access / see this folder
can CHANGE anything about that folder (including permissions) without
being stopped by the file system.
> As everybody knows, windows * is a single user system
Not true, windows NT is a multi user kernel, although you only have a
single client access license and as such you can log on one at a time
to windows xp. Windows * Server is different, typically you get 5
CAL's straight away (although licensing all changed again in 2k3 and I
have not yet learnt the changes).
> only install zonealarm, no other software, especially no software using
> this directory for storing any kind of information. As I understand the
What?
> zap answer: Kidding with file permissions is not an issue on any os...
> unless, maybe, if you wish to use your system.
File permissions are VERY important to security, even with very high
vigilance in all other areas you can be fully "rooted" (exploited /
attacked) if your file permissions are set wrong in the wrong place.
THE POINT:
Providing ZA includes this folder in its integrity checks (I have yet
to have the time to start on this project, and so I cannot verify that
it does, although the messages in this thread indicate that this
folder contains not logs, but configs -_^ ) then ALL YOU NEED TO DO,
is to change the folder permissions to EVERYONE: DENY, and NTFS will
not EVER allow you to recover this folder. ZA will thus never operate
properly on this machine again. In order to restore the file
permissions you will need a third party NTFS driver (in short, this
would be very very bad).
Powered by blists - more mailing lists