Results 1 to 2 of 2

Thread: Improving ZA Security Manually?

  1. #1
    johncholmes Guest

    Default Improving ZA Security Manually?

    Hello all, including mods:
    Is there a FAQ or a step-by-step where it is described which expert rules could be created to improve ZA default security, even on default highest.
    For example a few vulnerability of ZAIS 8.059 allow manipulation and do not seem to protect
    1. How do you protect an unknown program from low-level (direct) disk access? (ZA failed this test)2. How do you specify certain directions to protect from writing (system32 can be written to by any program)
    How do you force ZA to protect various, important registry keys that can be manipulated?
    1. Protect the Services key in registry to malware cannot install itself as a service (very very bad).
    ZA fails this.
    2. Protect winlogonnotify key so malware isnt started at startup (not protected by default)
    3. protect UIhost key in registry so lononui is not overwritten with malware.
    4. protect ServiceDll key to avoid having malicious dll launched with SVCHOST at start.
    5. Protect StartupPrograms registry key to avoid malware launching at startup.
    Other protections need to be addressed:
    1. Missing *.sys driver in registry, malware can rename itself as referenced driver and gain low level access -- not protected in ZA
    2. Driver Overwrite protection.
    ZA is not able to protect drivers in windows, such as "beep.sys" from being overwritten by a malicious driver, and then load itself as device driver (ZA cannot do this or does not validate drivers loaded)
    3. Protect driver path, so driver path of already existing driver is not redirected using service control manager (ZA does not protect)
    1, 2 and 3 are common rootkit techniques that ZA does not protect again.
    It only protects against driver loading through device driver API with call.
    help?. Protect trusted processes running in meory so threads cannot be stolen from them and manipulated

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: Improving ZA Security Manually?

    Hi!

    it would be good to send your suggestion to ZA staff directly... they are not monitoring this board.
    The best is to install the latest beta (www.zonealarm.com/beta) and use the feedback form to report to ZA developers your findings.

    Your list sound a bit strange... for example, OS firewall protects the startup keys.
    I guess this is based on test suite recently released by a competing firewall producer. That obviously is designed to show how good is their product as compared to others

    Note that you should test your system with real malware and not just with tests also note that ZA is not designed to pass leak test but to protect your system from real malware.

    Anyway each test can give different results depending on how it is used, for example, see here: http://www.matousec.com/projects/fir...ge/results.php

    ZASS provides a good balance between protection and user friendliness, otherwise you will pass your day answering to pop-ups about system or programs wanting to do X or Y as it happen in leak test proof software. If that is what you want than you simply switch to these leak test proof solutions.

    At the end of the day the most important thing is that you feel secured even if in reality you are not.

    Hope this helps

    Cheers,
    Fax

    Message Edited by fax on 11-26-2008 11:50 AM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •