I have an important security question regarding ZoneAlarm.
When installed in Windows XP, the ZoneAlarm version I have been using creates at least three folders that I know of:
- C:\Program Files\Zone Labs\ZoneAlarm
- C:\Windows\Internet Logs
My question is, what kind of NTFS permissions can I set for these folders for maximum security, without breaking ZoneAlarm while logged in as a limited user?
I have done auditing, and by default (as installed) only the Program Files\Zone Labs folder has secure NTFS permissions, where only admins and power users can write in the folder and limited users can only read (this is how it should be in the Windows XP security model). The other folders under the Windows folder, Internet Logs and system32\ZoneLabs have very insecure NTFS permissions by default, giving everyone full control and full write access. I guess I don't need to explain to anyone why this is insecure.
I would like to change the permissions to these folders so that limited users cannot write there, and would like to hear from those more experienced with ZoneAlarm, whether that would cause problems, and possible suggestions on what kind of permissions would be safe to use there, without being blatantly insecure like the defaults.
My current guess is that system32\ZoneLabs could be given permissions that enable admins/power users full control and users only read rights without causing any problems for ZA functionality, since ZoneAlarm doesn't seem to write anything in this folder and vsmon.exe will be loaded by the system/admin accounts that have full control anyway, so there should be no need for limited users to have write access.
Internet Logs folder I think will be troublesome, because ZA keeps writing logs in there.
So, any suggestions from the ZA experts? Thank you!
Operating System:Windows XP Pro
Product Name:ZoneAlarm (Free)