BugTraq
Back to list
|
Post reply
Re: Bypassing ZoneAlarm (limited)
Jul 01 2003 01:39AM
Te Smith (tsmith zonelabs com)
In-Reply-To: <20030623061246.7134.qmail (at) www.securityfocus (dot) com [email concealed]>
The posting describes test results using older versions of Zone Labs?
ZoneAlarm and also erroneously attributes the problem to a flawed core
design.
Zone Labs? Advanced Program Control feature protects PCs from the
ShellExecute theoretical exploit. This feature is available in all Zone
Labs? advanced consumer security products, as well as Zone Labs?
enterprise security product, Integrity. Advanced Program Control protects
against this theoretical exploit and others which attempt to bypass the
firewall?s trusted application permissions.
Zone Labs recommends that users run Program Control at the
default ?medium? setting for about a week so that the software
will ?learn? each program that is used for Internet access. After a week,
configure Program Control at the high setting. At that point, users will
only be prompted with an Alert if there is a problem. As a result, users
get full protection against the ShellExecute theoretical exploit. Zone
Labs is always working on improving these and other features to make them
easy-to-use and intuitive for all users, no matter their skill level.
Zone Labs first introduced the Advanced Program Control feature in
November, 2002 with the release of ZoneAlarm Pro 3.5. Zone Labs added
this feature to Integrity at the same time and then added it to ZoneAlarm
Plus in February, 2003. Zone Labs recommends that all users keep their
security products up-to-date at all times.
We have continually hardened security in our free ZoneAlarm, as we do with
all our releases, but we do not include all advanced features in this
basic product.
More information can be found through our technical support FAQs.
Te Smith
Sr. Director, Corporate Communications
Zone Labs
tsmith (at) zonelabs (dot) com [email concealed]
[ reply ]
Privacy Statement
Copyright 2010, SecurityFocus
The posting describes test results using older versions of Zone Labs?
ZoneAlarm and also erroneously attributes the problem to a flawed core
design.
Zone Labs? Advanced Program Control feature protects PCs from the
ShellExecute theoretical exploit. This feature is available in all Zone
Labs? advanced consumer security products, as well as Zone Labs?
enterprise security product, Integrity. Advanced Program Control protects
against this theoretical exploit and others which attempt to bypass the
firewall?s trusted application permissions.
Zone Labs recommends that users run Program Control at the
default ?medium? setting for about a week so that the software
will ?learn? each program that is used for Internet access. After a week,
configure Program Control at the high setting. At that point, users will
only be prompted with an Alert if there is a problem. As a result, users
get full protection against the ShellExecute theoretical exploit. Zone
Labs is always working on improving these and other features to make them
easy-to-use and intuitive for all users, no matter their skill level.
Zone Labs first introduced the Advanced Program Control feature in
November, 2002 with the release of ZoneAlarm Pro 3.5. Zone Labs added
this feature to Integrity at the same time and then added it to ZoneAlarm
Plus in February, 2003. Zone Labs recommends that all users keep their
security products up-to-date at all times.
We have continually hardened security in our free ZoneAlarm, as we do with
all our releases, but we do not include all advanced features in this
basic product.
More information can be found through our technical support FAQs.
Te Smith
Sr. Director, Corporate Communications
Zone Labs
tsmith (at) zonelabs (dot) com [email concealed]
[ reply ]