Results 1 to 9 of 9

Thread: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)

  1. #1
    riceorony Guest

    Default Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)

    Hello everyone.

    Recently, Adobe released an urgent message finally declaring that there is a javascript exploit running around unhindered. Most Security Suites will handle this issue no problem (I believe).

    What happens is that you might be surfing and then a random empty PDF file will open in another window (whether you're using Firefox or Internet Explorer). Then it basically tries to crash the program and them initiate the download of malicious trojans.

    About a month ago this exploit reached my computer (and a quick google will show that many other users have gotten the same thing through the rotating AD banners on some sites, including other computer forums, etc.)

    http://forums.zonelabs.com/zonelabs/...d=55077#M55077

    However, the PDF file opened up in another browser when I was using ZA-FF.

    Does ZAFF protect us from this?

    Operating System:Windows Vista Ultimate
    Product Name:ZoneAlarm ForceField

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)

    <BLOCKQUOTE><HR>riceorony wrote:
    However, the PDF file opened up in another browser when I was using ZA-FF.

    <HR>

    </BLOCKQUOTE>Yes, ZAFF is there also in the new browser...
    <BLOCKQUOTE><HR>riceorony wrote:
    Does ZAFF protect us from this? <HR></BLOCKQUOTE>You should ask ZA directly, as you know they are not monitoring this board.ZAlabs has discussed Adobe vulnerability here: http://www.zonealarm.com/blog/index....re-of-the-same and yes, ZAFF will protect from this...Cheers,Fax



    Message Edited by fax on 03-04-2009 11:49 PM
    Last edited by Forum-Moderator; August 1st, 2012 at 01:46 PM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    riceorony Guest

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)

    Thanks Fax,

    you're super quick at replies.
    Your name should really be Fast.

    Best,
    riceorony

  4. #4
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)

    You're welcome!Cheers,Faxst

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  5. #5
    lalittle Guest

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)

    Do you know if it's necessary to &quot;clear virtual data&quot; in order to be protected from this exploit?
    One of the things that I'm still a bit fuzzy on is if these exploits can still operate from inside of the
    FF &quot;bubble&quot;
    until it's actually &quot;cleared.&quot;
    I read in the FF documentation that known malware is not allowed to stay in the virtual cache, but what about unknown malware?

    Could FF potentially allow something like this to run until the
    data is cleared, or perhaps
    for the current browsing session?
    Thanks,
    Larry

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)

    Hi!yesyes.... you are pestering the board with this question... Of course unknown malware will be kept isolated in the sandbox but it may be active. So it is good to empty the virtual data from time to time. Differently from other sanbox tools ForceField have pro-active protection like keylogger/screen grabber jamming and encryption of cacheto minimise any damage for this kind of situations. Moreover malware that is not allowed to install on your 'real' system is likely to cause little to no damage.Cheers,Fax

    Message Edited by fax on 03-05-2009 08:32 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7
    lalittle Guest

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)


    <blockquote><hr>fax wrote:
    Hi!yesyes.... you are pestering the board with this question...
    <hr></blockquote>Thanks for being patient with me -- I'm simply trying to get a better understanding of things, so I'm asking some detailed questions.

    <blockquote><hr>Of course unknown malware will be kept isolated in the sandbox but it may be active. So it is good to empty the virtual data from time to time.
    <hr></blockquote>Note that the answer you provided above (thank you for this)
    is actually pretty important -- i.e. that clearing the virtual data is sometimes needed to keep malware from being &quot;active.&quot;
    This is something that less experienced users like myself would not necessarily understand, particularly when you read the ZAX help pop-up which says:
    &quot;Zonealarm Forcefield automatically clears your virtual file system of any harmful files that could self-execute.
    Other files are left behind.
    Clearing virtual data will clear those leftover files.&quot;
    The way I read this, it seemed like clearing the virtual files was simply a &quot;maintenance&quot; procedure rather than a &quot;security&quot; procedure.
    I did not know that clearing the virtual files was part of keeping &quot;unknown malware&quot; from being active.
    I only asked because it &quot;seemed&quot; like this might be an issue, so I'm glad I asked.
    Thanks again,
    Larry

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,291

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)


    <BLOCKQUOTE><HR>lalittle wrote:

    <BLOCKQUOTE>The way I read this, it seemed like clearing the virtual files was simply a "maintenance" procedure rather than a "security" procedure. </BLOCKQUOTE>
    <HR></BLOCKQUOTE>It is manly mantainance procedure, since the large majority of malware will be not functional. I have just highlighthed the worst case scenario... since apparently you like that Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9
    lalittle Guest

    Default Re: Does ZAFF protect against the new Adobe reader exploit? (e.g. Javascript exploits)


    <blockquote><hr>fax wrote:

    I have just highlighthed the worst case scenario... since apparently you like that
    <hr></blockquote>When it comes to discussions about security, worst case scenarios are what it's all about.
    Larry

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •