Page 3 of 3 FirstFirst 123
Results 21 to 26 of 26

Thread: Dangerous!!please help...

  1. #21
    jarvis Guest

    Default Re: A case study

    It would be the Trust level if anything, however even programs with a trust level of Super are not allowed to modify ZA.

  2. #22
    f_kawashima Guest

    Default Re: A case study

    I applogize for my long absence.

    The major reason could be caused by a Winlogon vulnerability for Local Security Authority SubSystem (LSA Shell Export Version), specifically when interacting with security implementations for the NTFS file system on Windows XPs SP1 and SP2. Other Windows platforms could be affected as well. I found this vulnerability that differs from the one that Microsoft has fixed with the recent security patches. Some discrepancy in kernel routines may trigger some serious problems on installation or runtime with security related applications.

    Here are some case-studies I experienced over monthes (I tested the system with/without ZA Pro installed):

    -- Lsass.exe, the export version for Japanese localized version of Windows XP runs into Buffer Overflow at all times. Security Accounts Manager (SAM) might also go something wrong.

    For example:

    lsass.exe:856 QueryValue HKLM\SECURITY\Policy\SecDesc\(Default) BUFFER OVERFLOW
    Threads/Stack
    5. LSASRV.dll!LsarQueryInformationPolicy+0x2ef
    6. LSASRV.dll!LsarQueryInformationPolicy+0x3ae
    7. LSASRV.dll!LsarQueryInformationPolicy+0x4db


    -- Local Security Policy and Application (e.g. Userenv--registry hive misbehavior) on Event Viewer quite often report inconsistencies that appear to make a compromise with logical assertions.

    For example, SE_AUDITID_PRIVILEGED_SERVICE for Security Event Log component fails in privilege use.


    -- STOP UNKNOWN_HARD_ERRORs (e.g. 0xc0000218/c000021a), INITIALIZATION_FAILED or BSOD issues during or after ZoneAlarm installation may occur unexpectedly.


    -- Nevertheless 'chkdsk' diagnosis reports no incidents, the Windows Logon system reports insufficient or false-positive incidents-- the incidence ratio: 80/100%.

    For example:

    Date: 07/13/06
    Time: 09:17:19
    Source: Winlogon
    Event ID: 1001

    Checking file system on C:
    The type of the file system is NTFS.
    A disk check has been scheduled.
    Windows will now check the disk.
    Cleaning up minor inconsistencies on the drive.


    Date: 07/13/06
    Time: 07:58:35
    Source: Winlogon
    Event ID: 1001

    Checking file system on C:
    The type of the file system is NTFS.
    A disk check has been scheduled.
    Windows will now check the disk.
    Cleaning up 25 unused index entries from index $SII of file 0x9.
    Cleaning up 25 unused index entries from index $SDH of file 0x9.
    Cleaning up 25 unused security descriptors.

    ---
    Last but not least, I could succeed to install 'zapSetup_65_737_000_en.exe' without pre-installing of 'zapSetup_61_744_001_en.exe' which is for my renewal 1 year's contract, and the application runtime.

    Message Edited by F_Kawashima on 09-26-200610:57 PM

    Operating System:Windows XP Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  3. #23
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: A hypothesis

    I never knew the Windows XP OS would work on a FAT, instead of NTFS.

    Oldsod
    Best regards.
    oldsod

  4. #24
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: A case study

    Windows XP OS is constantly doing buffer overflows and has many mini crashes. The OS is designed to continue and cary on with it's own recovery.

    Occasionally the software carried by the platform can cause buffer overflows, but the usual main reason is still the platform itself and not the software that is being carried.

    The install of the ZAPro without renewing the subscription is very possible. I have done it myself and could easily get a monthly update for both the spyware scanner and the program itself. But it is not worth the extra work and time. Cheaper in time and effort just to buy the software.

    Best regards.

    Oldsod
    Best regards.
    oldsod

  5. #25
    zaswing Guest

    Default Re: A hypothesis

    It's a jungle out there for anyone willing to understand
    http://support.microsoft.com/kb/306559

  6. #26
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: A hypothesis

    How many users have FAT instead of NTFS for the Windows XP? Do you or the poster of the original thread? Multiple boots can be done with different file systems. I am doing it right now-Windows XP is NTFS and the Ubuntu is a FAT.

    Oldsod
    Best regards.
    oldsod

Page 3 of 3 FirstFirst 123

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •