[18346] in bugtraq
Re: Advisory:Multiple Vulnerabilities in ZoneAlarm
daemon@ATHENA.MIT.EDU (Ian Bryant)
Tue Dec 26 11:48:53 2000
Mime-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Message-Id: <LNBBLPKFPLPJJNBNPFLKCEFPEDAA.ian@bryant-associates.co.uk>
Date: Sun, 24 Dec 2000 12:31:38 -0000
Reply-To: ian@bryant-associates.co.uk
From: Ian Bryant <ian@BRYANT-ASSOCIATES.CO.UK>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <977506814.3a4391fe12daf@webmail.cotse.com>
>> I don't agree. The window of opportunity is 1.) Very small and 2.)
>> Undetectable. The unreported port scans while they do not give
>> the user any warning or information, they also do not give the attacker
>> any information so I do not see where the harm is.
>
> Where there is a window there is a way.
>
> Including the NT permission structure.
>
> Very simple. It needs to be fixed.
>
> And as the advisory states: Multiple Vulnerabilities in ZoneAlarm
Whereas I agree it would be desirable for ZoneLabs to fix any notified
vulnerabilities, I share the view that in terms of RISK the issue is of
limited importance until an exploit can be devised that can take advantage
of the theoretical weakness.
To some extent the NT permissions issue is a red herring, as the main
community of use for this product is the home users, who will probably be
running one of Microsoft's "Consumer" operating systems (Win9x range - lest
we forget WinME is basically "Windows 4.4") which don't have any built in
security to speak of anyway.
In terms of overall risk, the 80:20 rule suggests products like ZoneAlarm,
even if flawed, are to be applauded, as at least it mitigates against the
ever growing risk to the rest of the internet community from inexperienced
home users with "always on" connections: this large and growing pool is a
very tempting target for Black Hat Hackers who want to set up DDOS zombies
....
Ian Bryant
Senior Partner (ICT)
Bryant Associates
--
mailto:ian@bryant-associates.co.uk
