Announcement

Collapse
No announcement yet.

Top firewalls easily pierced !

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Top firewalls easily pierced !

    read this eariier this week :
    Security analyst Steve Gibson has written and is giving away a simple Trojan horse capable of penetrating most major PC firewalls. The program, labeled LeakTest, identifies itself to firewalls by McAfee.com, Symantec, Sygate, and others as a "trusted" application, gaining virtually unrestricted access to a PC's Internet connection. The one major firewall maker that did not fail Gibson's test was ZoneAlarm. Other security companies are in the process of patching their programs.
    check out the full article at http://www.pcworld.com/news/article.asp?aid=36418


  • #2
    "The one major firewall maker that did not fail Gibson's test was ZoneAlarm."

    Wonder if Zone Labs has access to my PC ?


    [This message has been edited by Admiral (edited 14 December 2000).]

    Comment


    • #3
      No, these guys at GRC and Zone Zlzarm are the soul of civilization. The nice thing about ZoneAlarm is that for home users it is FREE! Even the pro version is only $40.00 USD.

      This is a fraction of the cost of some other big name firewalls that look cool but don't do much else.

      ZoneAlarm is handy for identifying spyware and other little suprise packages lying about in your computer. Check out www.grc.com and use his shields up applet for checking to see if you are protected!


      Hey, Donny! We got us a German who wants to die for his country... Oblige him. - Lt. Aldo Raine

      Comment


      • #4
        The problem with grc.com (Steve Gibson) and ZA is that they work in cooperation with the other as a synergistic union for the betterment of the other (and I have no doubts financially agreeable for each other).

        He has been pushing ZA from the get go. So how would anyother know how to resolve this within their own products if such info wasn't disclosed publicly?!

        Since this isn't an actual threat used by anyone (since unknown til now) why would these firewall software manufactures introduce a fix for a nonproblem/issue?

        This is typical BS comming out of Steve Gibson's mouth scaring the unknowledgable into thinking this is a real issue!

        To Steve Gibson, bite me you paranoia inciting freak! Errr

        Guys, don't buy into to his superfluous dribble!
        "Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss

        "Always do good. It will gratify some and astonish the rest." ~Mark Twain

        Comment


        • #5
          The poor bastard....
          I hope he knows the real thing from the usual mirror responses he will get from me and my frienda...I love batch files......

          Comment


          • #6
            Steve is a little strident. And I have no doubt he does development work for ZA.

            Steve also hates spyware, and he's right to loathe that crap: The ZA firewall detects it easily.

            All that aside, he makes a strong point: existing firewalls ASSUME certain .exes are "safe" even when they might not be. A couple of smart (and sick) virus writers named their virii after known "good" (i.e. assumed good) executables that easily went past the firewall.

            Assumptions are the rub.

            Now, what I'm really scared of is some bastard hacking into a firewall or anti-virus vendor's site an posting his or here latest "Virus Definition" for the world to download.

            Makes you wonder who's WRITING the virii, right?

            Hey, Donny! We got us a German who wants to die for his country... Oblige him. - Lt. Aldo Raine

            Comment


            • #7
              I appreciate Steve's work... or did, but his cashflow is beginning to show.

              I strongly suspect that he's "gone gold". I don't think he's yet compromised his principles/ideals, but it very much looks like he's begun to receive financial support from.... somewhere.

              Suddenly OptOut has become "LeakTest", and the plans to scan for and remove 'spyware' from the user's system is "wrong". Suddenly (after a 5-month absence), Steve wants to test a spyware's ability to penetrate your firewall.

              Errrrr... is it just me who's thinking, "Well, it can't penetrate my firewall if it's been removed from my system, can it?? So why don't we just stick with that, then??"

              Why? Because the top spyware makers noticed the increasing hits on Steve's site and... asked him nicely.... to take a new direction, most likely. After all, sponsored software has an important place in Internet economics.

              So, Steve has something of a hidden agenda these days, I think. And I don't think his 'findings' can be taken as gospel, though I agree with MultimediaMan that they do still make note of investigation/concern.

              And hey, Greebe... Microsoft itself offers updates for undiscovered problems, or have you forgotten that very urgent update for the Java engine that fixed a HUGE security hole that no one had found but MS?

              Yeah, right...

              --------------------
              Holly

              Comment


              • #8
                No Holly I haven't forgot, but then that wasn't an truely an unknown problem to the outside world and altho I did DL it and patch up IE, I normally use NS or as of late M18.
                "Be who you are and say what you feel, because those who mind don't matter, and those who matter don't mind." -- Dr. Seuss

                "Always do good. It will gratify some and astonish the rest." ~Mark Twain

                Comment


                • #9
                  In fairness, if you ever used Optout, it broke whatever it was that was running those evil .dll libraries. Sometimes, this made the uninstall utility useless, as it vainly tried to look for something that wasn't there.

                  Leaktest is actually a "safer" means (legally speaking) of calling the Spyfreaks out. Optout broke other software, like AOHell 5.0 did with IE and other browser utilities. AOHell got their asses sued off because of how their software interacted (More correctly: what it destroyed) with the system as a whole. Steve might have taken the hint, or a lawyer might have brought it up. In any case we might never know. But still, if the worst thing he did was join a security company, then I don't think we have much to worry about.

                  He still writes elegant code, and he still explains what he does, and he doesn't mind someone checking up on him. (Are you worried about him spying on you? If you are, then use a port sniffer and check it out for yourself, after all, this is what he did in the first place.)

                  As far as the spyware thing goes, he won, game set and match. Now, he may have had to back off for fear of legal harassment, but he did change the way software companies present this "free" stuff to us, and he did make sure that software that we paid for wasn't looking over our shoulder, too.

                  I imagine there will be legislation before too long regulating backchannel information gathering.




                  [This message has been edited by MultimediaMan (edited 15 December 2000).]
                  Hey, Donny! We got us a German who wants to die for his country... Oblige him. - Lt. Aldo Raine

                  Comment

                  Working...
                  X