Results 1 to 10 of 10

Thread: Zone Alarm's vulnerabilities questions!

  1. #1
    monster_z Guest

    Default Zone Alarm's vulnerabilities questions!

    What are weakpoints of Zone Alarm?

    Also,here on the website I'll give you,it says when they tested all firewalls,Zone Alarm was the best-but Zone Alarm Pro has one big flaw:
    On the website(http://personal-firewall-software-re...ro-review.html) it says that the only test ZoneAlarm Pro failed was the refer test.

    Referrer test-When you visit a website, your browser relays information about the previous webpage you visited. Your visit can also reveal what region you are in, what operating system you use and information about your browser.

    Can Zone Alarm Pro protect(and which version can protect computer from referrer) computer from this and how?

    Is because of the fact that the second best firewall(on the website I gave you) can protect computer from referrer,better than Zone Alarm or not?

    Will newer/upcoming versions Zone Alarm Pro be able to block even referrer?

    Big thanks!

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Pro
    Software Version:6.5

  2. #2
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: Zone Alarm's vulnerabilities questions!


    <blockquote><hr>Monster-Z wrote:
    What are weakpoints of Zone Alarm?
    <hr></blockquote>

    Its biggest weakness is that it runs on top of Windows.

    Windows is NOT a trusted operating system and you CANNOT build a trusted program on an untrusted base. This is the same as trying to build the worlds safest building on a foundation of quicksand.

  3. #3
    monster_z Guest

    Default Re: Zone Alarm's vulnerabilities questions!


    <blockquote><hr>FrereOP wrote:

    <blockquote><hr>Monster-Z wrote:
    What are weakpoints of Zone Alarm?
    <hr></blockquote>

    Its biggest weakness is that it runs on top of Windows.

    Windows is NOT a trusted operating system and you CANNOT build a trusted program on an untrusted base. This is the same as trying to build the worlds safest building on a foundation of quicksand.
    <hr></blockquote>



    1.On the following website:
    http://personal-firewall-software-re...ro-review.html it says that Zone Alarm passed all the tests,except the referrer test?
    Is that true?
    Is there any way for Zone Alarm to pass this test?
    And is it true that Zone Alarm has passed all other kinds of tests?

    2.For example,the website above also says that second-seeded Firewall Pro has passed ALL of the tests...,hmm...
    Also,I have Zone Alarm Internet Security Suite v6.5.722.000-did this version pass all the tests,including the referrer test?

    3.Also,I found an intresting advice how to get read of the referrer test-please,if anyone can confirm iif that's ok:
    In Zone Alarm click 'privacy', then under 'cookie control' click 'custom' and uncheck the box that says, 'remove private header information'. After clicking 'apply', Zone Alarm allows the referer to be passed by my browser.
    Will this allow me to pass the referrer test?

    4.Also,in Zone Alarm Version 4 blocks referrer information and certain types of cookies that are needed to verify your access to many of its information providers. Fortunately,Zone Alarm Pro provides a mechanism to alter this
    setting and permit library access. Follow these steps in Zone Alarm Pro for library access:

    Basic Method (fewer steps but a broader modification of the firewall)

    Open Zone Alarm Pro
    Click "Privacy" from the options of the left.
    Select the "Cookie Control" tab.
    Click "Custom."
    Make sure the box labeled "Block Persistent Cookies" is not checked.
    Make sure the box labeled "Block Third Party Cookies" is not checked.
    Make sure the box labeled "Remove Private Header Information" is not checked.

    Will this allow me to pass any of the tests,INCLUDING THE REFERRER TEST?
    Thanks for all of the answers you can get!
    Big thanks,again!

  4. #4
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zone Alarm's vulnerabilities questions!

    Hello!

    Question 1
    Yes The ZA does good with many tests and does fail the referer test. There is not a possibility of ZA passing the referer test until it's designers correct this issue. See this well respected site for an independent testing,

    http://www.firewallleaktester.com/tests.php

    Question 2.
    The ZA firewall in the Security Suite is the very same as in the ZA Pro. No difference in it's abilities.

    Question 3.

    Cookies settings in the ZA Privacy or in the browser itself will not stop referer. It has to do more with the browser itself and how info is passed on from the previous sites to the present site.

    http://en.wikipedia.org/wiki/Referer


    http://www.answers.com/topic/referer


    Okay do not click links and use not javascripts and ActiveX is one way to pass referer threats. If it can be perceived that way, since most of the browsing it do not pose a real threat and does allow for a smoother transitions when browsing.

    Question 4

    No, the private headers are not related to referer. The best way to pass a referer test with any firewall (including the windows firewall) is simply turn off the java and javascripts in the browser. The Opera browser has a feature to disable refer and it does not use any inherent ActiveX. Have you ever tried any refer tests with the Opera browser or with just javascripts and java disabled in the browser? Perhaps if being traced by less than respectable sites is a major concern, then perhaps, try this approach instead. So maybe use the Opera browser, disable the referer, java and javascripts and your web browsing will become more secure. To prevent the pc from accepting the bad cookies, just disable first, temp and third party cookies as well.

    Oldsod

    Message Edited by Oldsod on 07-16-2006 05:13 AM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.5
    Best regards.
    oldsod

  5. #5
    jarvis Guest

    Default Re: Zone Alarm's vulnerabilities questions!

    Actually Remove Private Headers IS supposed to block the referer header, as well as censor some of the other browser headers.

    In some previous versions, it only removed the referrer header when your browser crossed between domains e.g. if you clicked on a search result in Google and went to another site, it would block it. It would not remove it when browsing between pages in the same site, so as not to interfere with some sites that require the referrer header to track what page you came from.

    Unfortuately, PCFlank's test told everyone that ZA was failing to remove the referrer header. THis was because it did not require the browser to cross domains. GRC's Shields UP! browser headers check correctly showed that the referrer was being removed, because GRC has a separate server for shields up! so the browser was moving from one to the other.

    After lots of users complained about the result of PCFlank's test, ZA was changed so that with the Remove Private Header setting, it removes the referrer header always, which might interfere with site navigation.



    The referrer header is distinct from Java/Javascript/ActiveX code that reports your local IP or other details to a remote site, and yes, the best way to stop THESE "tricks" is to disable mobile code (Java/Javascript/ActiveX).

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zone Alarm's vulnerabilities questions!

    Thank Guru Jarvis, for correcting the answer.

    Your answer seems remote from the topic of tcp/ip of windows.
    Oldsod
    Best regards.
    oldsod

  7. #7
    monster_z Guest

    Default Re: Zone Alarm's vulnerabilities questions!


    <blockquote><hr>jarvis wrote:
    Actually Remove Private Headers IS supposed to block the referer header, as well as censor some of the other browser headers.

    In some previous versions, it only removed the referrer header when your browser crossed between domains e.g. if you clicked on a search result in Google and went to another site, it would block it. It would not remove it when browsing between pages in the same site, so as not to interfere with some sites that require the referrer header to track what page you came from.

    Unfortuately, PCFlank's test told everyone that ZA was failing to remove the referrer header. THis was because it did not require the browser to cross domains. GRC's Shields UP! browser headers check correctly showed that the referrer was being removed, because GRC has a separate server for shields up! so the browser was moving from one to the other.

    After lots of users complained about the result of PCFlank's test, ZA was changed so that with the Remove Private Header setting, it removes the referrer header always, which might interfere with site navigation.



    The referrer header is distinct from Java/Javascript/ActiveX code that reports your local IP or other details to a remote site, and yes, the best way to stop THESE &quot;tricks&quot; is to disable mobile code (Java/Javascript/ActiveX).
    <hr></blockquote>



    1.I have a question:So,if I turn on &quot;Remove private header information&quot; icon,than Zone Alarm will block ALL referrers-including the referrers when browsing between pages in the same site???

    2.If I TURN ON &quot;Remove private header information&quot; icon to block all referrers and if I TURN OFF Java/Javascript/ActiveX,will Zone Alarm still block ALL referrers?

    3.I still have questions about is it possible for Trojans,spywares,hijackers and etc. to completely terminate Zone Alarm ?
    According to these &quot;kill tests&quot; on website http://www.firewallleaktester.com/te...n_overview.php and http://www.firewallleaktester.com/termination.php Zone Alarm is one the fourth place...
    Could you comment this?
    How reliable are these kill tests and leak tests???
    Big thanks!

  8. #8
    jarvis Guest

    Default Re: Zone Alarm's vulnerabilities questions!

    1.I have a question:So,if I turn on "Remove private header information" icon,than Zone Alarm will block ALL referrers-including the referrers when browsing between pages in the same site???

    As far as I know, yes. I haven't tested this recently

    2.If I TURN ON "Remove private header information" icon to block all referrers and if I TURN OFF Java/Javascript/ActiveX,will Zone Alarm still block ALL referrers?

    It will still block the referrer because it is a http header that ZA can strip off all http requests (unless the URL specifies a non-standard port using the :12345 on the end of the domain where 12345 is the port to use. I think ZA checks both port 80 and 8080 for http connections but probably not all 65535 possible ports!

    If you allow javascript there MAY be other ways for a site to communicate it's identity to another site it links to, but I doubt the site that is the destination of the link could have any special way of doing it.


    3.I still have questions about is it possible for Trojans,spywares,hijackers and etc. to completely terminate Zone Alarm ?
    According to these "kill tests" on website http://www.firewallleaktester.com/te...n_overview.php and http://www.firewallleaktester.com/termination.php Zone Alarm is one the fourth place...
    Could you comment this?
    How reliable are these kill tests and leak tests???

    The results of the termination test is still not that bad - the orange + for a test means that either the attempt terminated zlclient.exe but vsmon.exe continued to run: you would be protected but without a GUI. Or it means that both the client and the service were terminated but the firewall driver (VSDATANT) "failed closed" so that all network connectivity was shut off - annoying but still wouldn't allow a connection out of the PC. Or it means that the attempt to kill ZA caused it to become unstable and consume large amounts of CPU, but still didn't fail.*

    *The above is my interpretation of the firewall leak test page you linked to.

    I can't comment on how effective leak tests and termination tests are. They are designed to check one particular attack on a firewall product, and you have to imagine that the test is actually malware that managed to download itself or dupe you into downloading and running it. Would it get past your usual conservative browsing habits? Or do you just click on everything you see? Of course not!

  9. #9
    monster_z Guest

    Default Re: Zone Alarm's vulnerabilities questions!


    <blockquote><hr>jarvis wrote:
    1.I have a question:So,if I turn on &quot;Remove private header information&quot; icon,than Zone Alarm will block ALL referrers-including the referrers when browsing between pages in the same site???

    As far as I know, yes. I haven't tested this recently

    2.If I TURN ON &quot;Remove private header information&quot; icon to block all referrers and if I TURN OFF Java/Javascript/ActiveX,will Zone Alarm still block ALL referrers?

    It will still block the referrer because it is a http header that ZA can strip off all http requests (unless the URL specifies a non-standard port using the :12345 on the end of the domain where 12345 is the port to use. I think ZA checks both port 80 and 8080 for http connections but probably not all 65535 possible ports!

    If you allow javascript there MAY be other ways for a site to communicate it's identity to another site it links to, but I doubt the site that is the destination of the link could have any special way of doing it.


    3.I still have questions about is it possible for Trojans,spywares,hijackers and etc. to completely terminate Zone Alarm ?
    According to these &quot;kill tests&quot; on website http://www.firewallleaktester.com/te...n_overview.php and http://www.firewallleaktester.com/termination.php Zone Alarm is one the fourth place...
    Could you comment this?
    How reliable are these kill tests and leak tests???

    The results of the termination test is still not that bad - the orange + for a test means that either the attempt terminated zlclient.exe but vsmon.exe continued to run: you would be protected but without a GUI. Or it means that both the client and the service were terminated but the firewall driver (VSDATANT) &quot;failed closed&quot; so that all network connectivity was shut off - annoying but still wouldn't allow a connection out of the PC. Or it means that the attempt to kill ZA caused it to become unstable and consume large amounts of CPU, but still didn't fail.*

    *The above is my interpretation of the firewall leak test page you linked to.

    I can't comment on how effective leak tests and termination tests are. They are designed to check one particular attack on a firewall product, and you have to imagine that the test is actually malware that managed to download itself or dupe you into downloading and running it. Would it get past your usual conservative browsing habits? Or do you just click on everything you see? Of course not!

    <hr></blockquote>


    Big thanks for the answer,guru Jarvis!
    Also,the answer you told is correct,because no matter it happens to the firewall,Windows will be still fully 100% protected-according to the results of www.firewallleaktester.com website.

    1.Also,to inform you that Zone Alarm Internet Security Suite(version 6.5.737.000) has passed all 17,now 18 leak tests-does it mean it passed that referrer test on www.pcflank.com website,it probably should since ZA has passed just about every leak test to this day-according to the newest report.
    I think if we go on PC flank's website today-I think the referrer test between websites should be easily passed.
    What do you think?

    2.Is Zone Alarm's greatest vulnerability that it doesn't have Stateful protection-like the newest version of **bleep** Firewall Pro has???

    3.I also need your opiniono you think this newest Zone Alarm's newest current version beats the newest current version of **bleep** Firewall Pro?

    Big thanks again,for your time and patience.

    I have some more questions,but I'll ask you next week,since this weekend,most likely I won't have time.
    Big thanks,again!

  10. #10
    jarvis Guest

    Default Re: Zone Alarm's vulnerabilities questions!

    Well initially it blocks you from even going to PCFlank.com with the site-blocking feature, so you have to un-block it.

    I ran the browser test there and za's privacy advisor popped up and said "Private headers blocked". And pcflank reported that the referrer information was not reported - PASSED.

    Can't comment on other firewalls - haven't used any others.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •