| Forum Home | ||||
| Press F1 | ||||
| Thread ID: 42732 | 2004-02-20 21:42:00 | NEWS: Zone Alarm Flaw found | Big John (551) | Press F1 |
| Post ID | Timestamp | Content | User | ||
| 216950 | 2004-02-20 21:42:00 | Zone Labs has alerted users that several versions of its personal firewall products are vulnerable to a buffer overflow attack conducted via e-mail that could leave supposedly-protected systems open to malicious code assaults, the company said. The affected editions include the 4.0 versions of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro; ZoneAlarm Pro 4.5; and Zone Labs Integrity Client 4.0 and 4.5. "If successfully exploited, a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code's privileges," ZoneAlarm said Wednesday in the alert posted on its Web site. |
Big John (551) | ||
| 216951 | 2004-02-20 22:16:00 | Only applies if you are running a mail server. (smtp) " NOTE: According to the vendor, only a small percentage of users are affected, since this is an untypical setup as servers shouldn't be protected with the client security products. " |
Pheonix (280) | ||
| 216952 | 2004-02-20 22:56:00 | Anyone serious about security doesn't use ZA anyway. | PoWa (203) | ||
| 216953 | 2004-02-20 23:27:00 | > Only applies if you are running a mail server. (smtp) > > > " NOTE: According to the vendor, only a small > percentage of users are affected, since this is an > untypical setup as servers shouldn't be protected > with the client security products. " Small % may run into thousands depending on how many users there are. Firewalls are suppose to be just that. They are suppose to block attacks. Obviously this is a problem so as I see many references to ZoneAlarm here I thought I wuld take the good nature and point it out so those that do run it can update. |
Big John (551) | ||
| 216954 | 2004-02-20 23:38:00 | Powa, while it is not as good as a firmware/hardware firewall, it is amoungst the best of the software firewalls. One of the few that stood up to a drDOS attack, and didn't collapse. For the average user, it is ideal. In fact, if they had it when the MSblaster worm came on the scene, there would have been no infections. And just now there is another similar one out there that the firewall will stop. As for my previous post, just pointing out that the average user doesn't use their PC's as mail servers, so they don't need to panic. |
Pheonix (280) | ||
| 216955 | 2004-02-20 23:45:00 | > Anyone serious about security doesn't use ZA anyway. ^^ **sigh** |
stu140103 (137) | ||
| 216956 | 2004-02-21 00:31:00 | Anyone serious about security doesn't connect to the Internet. :D | Graham L (2) | ||
| 216957 | 2004-02-21 01:37:00 | > Anyone serious about security doesn't use ZA anyway. Not to mention that it is a hugely flawed piece of software - it is full of bugs, it forgets it's settings, corrupts the TCP/IP stack regularly when uninstalled. I'd be doing well to do a shift where I don't have to deal with at least one ZA related problem. Realistically for the average user using dial-up internet and e-mail a firewall is overkill - it's purely paranoia, poorly informed security zealots or "friends that know all about computers" that strongarm people into installing them, usually for completely the wrong reasons. Common answers to the "Why have you got ZoneAlarm" question: "It'll stop me getting viruses" "Because hackers will get my credit card and my internet banking" "Stops spam" "No idea I think the kids got it" "My friend that knows all about computers put it on, says it's good" </rant > |
whiskeytangofoxtrot (438) | ||
| 216958 | 2004-02-21 02:58:00 | An interesting article about firewalls and spam is here (www.usatoday.com) that you might find entertaining. | Gorela (901) | ||
| 1 | |||||