Results 1 to 7 of 7

Thread: Security weakness in design of Zone Alarm Internet Security Suite (7.0.302)'s Anti-virus settings.

  1. #1
    wstern Guest

    Default Security weakness in design of Zone Alarm Internet Security Suite (7.0.302)'s Anti-virus settings.

    Hi,

    I wish to report a weakness in design of Zone Alarm Internet Security Suite (7.0.302)'s Anti-virus settings.
    I hope Zone Labs will fix this weakness and issue an automatic update to the program after reading this.

    The weakness is in the way Zone Alarm handles "Exception lists" for the Kaspersky Anti-virus.

    When you do a scan of your c: drive, and Kaspersky notes its a possible virus, but you wish to add
    the particular file to Zone Alarm Suite's exception list, the Zone Alarm suite incorrectly adds the
    virus name to the exception list, instead of the file name that caused the false positive.

    The security weakness here is that:

    You want Zone Alarm to ignore a particular file you have.
    Zone Alarm will instead ignore all files in the future that have this virus.
    This is unacceptable and very insecure - so you really can't add anything to the virus exception list,
    because you would then be giving any future files of that virus freedom to run on your computer.

    The solution would be for Zone Alarm's virus exception list to allow you to enter exceptions
    by file names, not virus names.

    The same weakness also exist's for Zone Alarm's Spyware Exception list.

    Zone Labs - if you are monitoring this forum, please kindly fix this security weakness in your 7.0.302 suite
    as soon as possible, and offer it as an automatic update.

    Thank you,

    William Sternbach

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Internet Security Suite
    Software Version:7.0

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Security weakness in design of Zone Alarm Internet Security Suite

    Hi!there is no way to exclude files/folders from the "on access" scan, you can exclude files and folders only for "on demand" scan (by delesecting them) in the advanced options of the Antivirus/antispyware (i.e. "scan targets").Exclusion in ZA are by threads, it is by design. In fact in the list of exclusions you do not find file/folders but the name of the virus/spyware. Indeed your are right, it would be nice to have an exclusion option forfiles and folders. This is not a weakness in ZA, it is more a missing feature. You can suggest it to the ZA technical support (here: www.zonelabs.com/tsform).What it the thread that you want to exclude? If it is a "false positive" you can inform ZA about it in order to be corrected in the next signature.For AV false positivesyou candirectly inform kaspersky(newvirus at kaspersky dot com), subject "false positives" and attach the password protected file (include password in the e-mail). For AS false positives you can inform ZA at the following address: http://www.zonealarm.com/store/conte...are_report.jspCheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    wstern Guest

    Default Re: Security weakness in design of Zone Alarm Internet Security Suite

    Hello,
    Several of the threats I wanted to put in the exclusion list were of the: "not-a-virus" category(such as legitatimate programs which do VNC remote controlling of workstations, or some utilitiesfrom www.sysinternals.com and www.cygwin.com.
    Putting these files in the exception list would allow me to get clean "On demand" scans, without havingto go through the long list of legitamate programs.
    I wish Zone Alarm would allow exclusions based on file name,instead of virus name.
    I'm aware of the Scan Targets feature - its very handy, but as you say it doesn't apply to on-access scans.
    I appreciate your response.
    I will report this "add a new feature request" to Zone Alarm using the URL you provided.
    Thanks again,
    Bill

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Security weakness in design of Zone Alarm Internet Security Suite

    You're welcome..Yep I know, sysinternals are flagged by Kaspersky... Notwithstanding that a "on access exclude" files/folders feature would be nice, adding "not a virus" to the exclusion list is not a major securityissue (IMO). Allvirus/spyware/adware families will be still detected by the AV...These are the "not-a-virus" categories detected by the KAV engine:not-a-virus: AdWarenot-a-virus: Porn-Dialer
    not-a-virus: Porn-Downloader
    not-a-virus: Porn-Toolnot-a-virus: Tool
    not-a-virus: Client-IRC
    not-a-virus: Dialer
    not-a-virus: Downloader
    not-a-virus: Monitor
    not-a-virus: PSWTool
    not-a-virus: RemoteAdmin
    not-a-virus: Server-FTP
    not-a-virus: Server-Proxy
    not-a-virus: Server-Telnet
    not-a-virus: Server-Web
    not-a-virus: RiskTool
    not-a-virus: NetTool
    not-a-virus: Client-P2P
    not-a-virus: Client-SMTP
    not-a-virus: AdTool
    not-a-virus: FraudToolCheers,Fax<xml:namespace prefix = o ns = "urn:schemas-microsoft-comfficeffice" ><o></o>

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    a_l Guest

    Default Re: Security weakness in design of Zone Alarm Internet Security Suite

    Hi Fax

    Do you know why sysinternals are showing as threats. Maybe they are! I use them so this has me interested. WhatsRunning seems to do a better job now that I think about it.

    Regards

    Adrian

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Security weakness in design of Zone Alarm Internet Security Suite

    Hi!nothing wrong with sysinternal tools per se, but they may be used by third party applicationsto monitor your system or to kill specific services/executables.That is why they are flagged as "not a virus" riskware... Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    a_l Guest

    Default Re: Security weakness in design of Zone Alarm Internet Security Suite

    Many thanks Fax, hadn't even thought of that kind of misuse.
    Adrian

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •