Just when you thought your computer wasn’t listening to you, it turns out Vista is listening to you, that mp3 file someone just emailed you, and even a malicious website with recorded audio.
The SANS Internet Storm Center posted this article regarding Vista and its speech/voice system. Apparently, an attacker can record Vista voice commands, save it to a file, play it back on a target system, and thereby take control of a Vista computer by means of these voice commands.
Arrigo from SANS summarizes this type of attack:
The best picture in my mind of this attack vector is a large trading
room, in the middle of the night, and one computer shouting out loud
"start listening", "start", "internet explorer", "download <some
tinyurl>", etc.
ZDNet writer George Ou even describes how a malicious website (or person — think Myspace audio tracks) could abuse this.
We are looking into an OSFirewall protection that would alert the user if someone (or better yet, something) attempts to enable the Voice Recognition system. By using OSFirewall, we can prevent this type of attack from both known and unknown malware.
I don’t expect this type of attack to become real common, despite the fact it requires no real technical skill, but rather, a clear and commanding speaking voice.
When are you guys gonna get a Vista version of ZA ?
Yes, when are the vista version coming out?
I’m starting to think about Norton instead, but I dont wont to. Please, give us a hint, is it days, months, years (?) away?
And when can we buy the Z100G ZoneAlarm Wireless Router in europe (sweden)?
Regarding Vista version:
As a software manufacturer, we are very concerned with having a Vista version and have placed a very significant amount of resources toward getting it completed. Obviously, the longer we don’t have it, the more sales we stand to lose. So, be assured we are working furiously to get it built.
That said, because ZoneAlarm operates at such a low level within the operating system — much lower than other similar security software — we have some more significant challenges. While we would want a Vista version ASAP, we also need to ensure we maintain the level of protection and security we’ve worked so hard to create with OSFirewall, Program Control, SmartDefense Adviser, etc. And, while it’s not ideal, we are confident our grassroots users will wait for something complete rather than something that is first.
The Beta version will be ready soon and you can sign up to receive updates at this URL:
http://www.zonealarm.com/store/content/catalog/products/vista.jsp
Vista’s only been in development for what, 5 years or so ?
a beta version has been available for the last year, 2 years or so…
it came out at the end of Jan…
you guys really dropped the ball on this one about getting ready for Vista…
oh wait, what’s that on the package ? It says ZoneAlarm Vista Ready on that little stick on label… that’s why I bought the new retail version… and guess what? It’s not !!!
you should be ashamed… really ashamed…
This is an urgent request for a Vista version of Zone Alarm with AV. I have used Zone Alarm Firewall / AV for the last 4 years, and I have been very pleased with it. I have recommended Zone Alarm to my clients and I support many PC’s running Zone Alarm (due to my recommendation).
I’m now in a position that I need to run Vista (I have a dual boot system). I’m left with no alternative than to move over to a compatible anti virus solution (Windows Live – OneCare).
Due to the fact that I have paid for a year’s download / upgrades, I’m very disappointed that a compatible version has not been made available for the launch of Vista. I’m in the software industry (applications developer) and I have been aware of Vista (Longhorn) for over 2 years. I must run Vista to ensure that any application I developer is compatible.
You should at the very least, make a statement as to the expected date a compatible version will be available, and why it has taken this long.
Does anybody other than myself remember reading that Microsoft was being sued by Norton and I believe ZoneLabs because MS had not released the API’s and other pertenent data required for these programs to access the lower levels of the OS Kernel. That access is why ZA does so well at catching the junk that is thrown at users. Also OneCare just got blasted for being the only antivirus application, out of 17, to FAIL the testing of an independant lab (http://news.bbc.co.uk/1/hi/technology/6418965.stm ). As ‘TheSwed” said I will wait to up grade to Vista till the programs I depend on for my peace of mind are ready. I will not fault any third party vendor when MS has made an OS that is not compatable with aprox 50% of the mainstream software available on the store shelf today. That sounds like poor development on their part, or a deliberate attempt to push 3rd party software out. Also with the possibility of a new OS in two or three years I may just skip Vista altogether and stay with XP and ZA. I have had NO security issues in five years!!!, and one of my PCs is online 24/7.
Cheers Don,
After having a look at how OneCare performed (the link does not work, just search http://www.bbc.co.uk for OneCare) I decided not to go for OneCare and wait for ZoneAlarm. To be fair, I only complain because ZA is so good. In 4 years no virus/hacker has ever got pass it.
Before I got a router (with HW firewall), I was hit with a repeated hacking attack. ZA blocked every attempt.
My problem now is, as a programmer, I need to test everything on Vista. So now I only test against Vista on my office PC.
One thing I still think Checkpoint should do is put a statement on the home page stating when they expect it to be available. And if this was because MS held up the kernel info, then tell us. I for one would be giving them hell on their blog sites.
@Don:
You are right on the money with your assumptions about Vista and the kernel mode code we use to protect our customers.
Also, I wanted to point out the AV-Comparatives report the BBC article is based on:
http://www.av-comparatives.org/index.html?http://www.av-comparatives.org/seiten/overview.html
While OneCare failed, our AV engine (KAV) was awarded the highest certification — ADVANCED+.
I just got a new computer guess what windows vista, I hate it, my lexmark scanner i just bought last year wont work with it , my digital camera doesnt work with it , eathlink internet procetion center that i pay for vista doesn’t support it , I think microsoft really goofed this time I want my window xp back a very unhappy camper
Too bad no one knows about not opening attachments from people they don’t know…
let’s just not tell them, k?
Is there a vista compatible Zone Alarm internet security out yet?? please