It isn’t quite that extreme, but an all out attack on a seperate firewall can bring the firewall machine to a stillstand or perhaps crash it. Your work machine (behind the firewall/in the bunker) doesn’t “feel” it, and goes right on working - although you can’t go outside/connect to the internet anymore.
An all out attack on a personal firewall could bring your work machine to its knees and possibly crash it. That could lose you whatever you’ve been working on or just make working extremely slow - analogous to the bruises the fellows get whose bulletproof vest stops a slug. Its better than the alternative, but it still isn’t all that whoopy.
Hmm. Ambiguous again. The alternative being, naturally, no bunker/seperate firewall and no vest/personal firewall - stark naked /having no firewall at all.
About.com reports a flaw in ZoneAlarm 4.0 for which ZoneLabs was originally planning to release a patch only to purchasers of the pro version, not the downloaders of the free version. Fearing bad PR, ZoneLabs recanted and offered a patch for the free version as well.
If you read your own cite amore ac studio you’ll see it isn’t a ZoneAlarm flaw but a basic Windows functionality that no firewall would have a defence against that allows a browser to access the 'net by default.
As this: http://www.spywareinfo.com/articles/zonelabs/exploit_hoax.php
article rightly states, “This should never have been considered to be a ZoneAlarm problem. As a matter of fact, this shouldn’t be considered to be a firewall problem at all. If you have an application stealing your passwords and trying to send them to a remote server, you should be looking your antivirus maker in the eye and asking why his software didn’t catch the trojan.”
If, as you say, no firewall can defend against this Windows vulnerability, then how can Zone Labs claim to be releasing a patch that does exactly that?
You’re right that it’s not a flaw in Zone Alarm. I just rephrased the title of the page when naming the link, forgetting that the title incorrectly reflects the gist of the article.
You raise a good point, apparently there is a defense against it at the firewall level. Perhaps it simply ignores previous settings to blindly allow browser access and prompts the user again if the browser is accessing the 'net via the ShellExecute function.
I still think this is more appropriately taken care of via a virus checker, though.
Maybe there is a defense against it at the firewall level, or maybe Zone Labs is just engaging in PR damage control. A company selling a product is not the most disinterested of observers.
While I’m not familiar with the exploit in question, the SpywareInfo article suggests that Microsoft itself has released a patch for this Windows/IE vulnerability, rendering the virus checker unneccessary, at least with respect to this particular security hole.
I can’t even think of a good way it can be patched at the OS level; it’s really just IE (or whatever browser) accessing the internet, which it has permission to do.
Well there is one…I have it right now and trend micro house call cant even see it. I seemed to be getting suspiciously high levels of network activity showing while I was doping so I installed ZA and 20 seconds later it just shut down without warning.
Rebooted, ZA comes up I engaged the internet lock…20-30 sec later -ipoof- ZA goes away.
During the time when ZA is up network traffic drops to almost nothing, as soon as it dies…it goes right back up.
Myria, ditto on the gibsons. www.Grc.com Great site.
He reccomended the tiny personal firewall. (about 3mb) I use it on my puter running 2000, really detailed. Perhaps your IP provides one? Ask.