Author Topic: Malicious code could trick ZoneAlarm firewall  (Read 3957 times)

0 Members and 1 Guest are viewing this topic.

Offline Corrine

  • The Mystical Rose
  • Administrator
  • Hero Member
  • *****
  • Posts: 19600
  • "Stronger than the past, united in our goal."
    • View Profile
    • Security Garden
Malicious code could trick ZoneAlarm firewall
« on: October 08, 2005, 10:05:11 PM »
By Joris Evers
Staff Writer, CNET
Published: September 30, 2005, 2:09 PM PDT

Malicious code masquerading as a trusted application could trick a ZoneAlarm firewall into letting it connect to the Internet, security experts have warned.

The issue affects the popular free ZoneAlarm firewall and default installations of version 5.5 and earlier of the paid product, maker Zone Labs said in a security advisory on Thursday. Default installations of the Check Point Integrity Client are also affected, but the paid ZoneAlarm 6.0 products, released in July, are not, Zone Labs said.

"If successfully exploited, a malicious program may be able to access the network via a trusted program," Zone Labs, which is part of Check Point Software, said in its advisory. If the malicious program attempted a direct connection to the Internet, it would be blocked by the firewall.

An example of the technique was published earlier this week by security researcher Debasis Mohanty. The method uses a Windows mechanism for linking applications, according to Mohanty, who also said the problem may exist in other firewall products.

An attacker could trick the firewall by linking a keystroke logger or other malicious program to another application--Internet Explorer, for example. When the keystroke logger subsequently sends its captured data out, the firewall would see IE, not the spyware, accessing the Internet and allow the connection.

However, Zone Labs has not seen any malicious software that actually uses this trick, said John LaCour, director of security services at the software maker. "It is a theoretical attack that we don't see used in the real world," he said. Zone Labs rates the issue "low risk."

Zone Labs has no current plans to update its free firewall product to protect against this issue, the company said. Its paid products offer protection against the problem because of additional technology, called an operating system firewall, that is not part of the free network firewall, LaCour said.

"The network firewall is doing its job. This issue involves how different applications on a system interact, and that is not a function of a network firewall; it is a function of an OS firewall," LaCour said. "If a user wants to have a higher level of protection, then we have a product available to do that."

Users of the paid ZoneAlarm 5.5 products and Check Point Integrity Client versions 6.0 and 5.5 can protect themselves by enabling the "Advanced Program Control" feature, Zone Labs said.


Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.


  • Guest
Re: Malicious code could trick ZoneAlarm firewall
« Reply #1 on: October 09, 2005, 04:36:29 AM »
LaCour said. "If a user wants to have a higher level of protection, then we have a product available to do that."

So do i,
  :mrgreen: it's long since been discontinued, still available & 100% free and goes by the name of KERIO 2.15!

Locks XP Pro tight as a submarine.

Thanks Corrine for that heads up, i realize plenty of users are very dependent on ZA and have placed their systems trust into Zone Labs efforts, and for good reason, it is held up well and still does for many.
I simply couldn't resist after reading that comment quoted by Mr LaCour.  :D