Zone Labs jumps on new Windows security API, but do we need more?

TalkBack 31 of 79:: Next »; « Previous

Thread View
Flat View

easy: you compromise the firewall, from the outside, no need to even attempt it from the inside, just take it out from the outside. Software is software, and can be exploited, and firewall software is no exception. Remember the deal with BlackIce a few months back, where there was a worm that exploited a buffer overflow in the software for the firewall and basically ended up with system level access to the computer, effectively trashing the installation and require the user to reinstall windows to get the PC up and running again? You could do a similar thing causing an overflow which would in turn "crash" the program, preventing it from being able to pop up its warning. Then in the overflow space, you can get code to run which effectively disables the ZoneAlarm drivers, and a quick restart of the net services, and you can probable pull it off without the user even knowing their internet access was cut and reestablished (unless their doing file sharing or similar connection oriented communication).

Firewall software running on a machine, actually creates a security risk that isn't present if the firewall is on a sepearate device (ala router). In that situation, if the firewall is compromised, it pretty much shuts down the device, and you know immediately, because your internet access gets cut off. You don't end up losing your machine if someone performs a buffer overflow on yoru firewall if its not software running on your machine.

Firewall software on your machine however, performs stateful packet inspection on every packet it picks up, where a non-software firewalled machine drops any packet not bound for a port its listening on, you can only overflow the entire stack if you are trying to compromise a port that the PC isn't even listening on. Not true with firewall software, you can compromise traffic on any port, with the right exploit, as the firewall has to inspect each packet, BEFORE it decides if the packet gets forwarded onto the PC's network stacks, effectively, giving an exploit a chance to strike, that would have no chance, if you weren't running the software firewall.; Posted by: tamuhockey Posted on: 08/09/04 You are currently: a Guest | Members login | Terms of Use

Reply to Story Reply to Message

Alert moderator to an offensive message

Subscribe to this discussion via Email or RSS

MS sees the light! enduser_z | 08/08/04

Outbound blocking Jomo_z | 08/09/04

There is NO WAY to make Windoze secure ! realitycheck101 | 08/08/04

You're right .. worknman | 08/09/04

Ech.. sshreve@... | 08/11/04

You're right, but... friedcow | 08/09/04

"UNIX is basically a simple operating system, but you have to be a genius t bsfisher | 08/09/04

Sure there is... rbochan | 08/09/04

You guys are forgetting... ollie_z | 08/09/04

Not just home users Anton Philidor | 08/09/04

Windows Security gsquared | 08/09/04

Nope... Linux User 147560 | 08/09/04

Arrogance or ignorance? BOTH Squawkbox | 08/08/04

seems you missed the point zijiang | 08/08/04

Good point HOWEVER Squawkbox | 08/09/04

Hope you mean metaphorical rats Anton Philidor | 08/09/04

Yes Yes metaphorical rats Squawkbox | 08/09/04

MS has different requirements than 3rd party vendors dsnyder_z | 08/09/04

Thanks NOW I understand, that is why I asked Squawkbox | 08/09/04

Processes sshreve@... | 08/11/04

Ironic comments Nigel Johnstone | 08/09/04

Incremental security step Anton Philidor | 08/09/04

No mention of hardware firewalls wdlists@... | 08/09/04

There you go with that common sense approach again. No_Ax_to_Grind | 08/09/04

Why not hardware. donford74@... | 08/17/04

Why outbound blocking is so important friedcow | 08/09/04

It is "game over" toadlife | 08/09/04

Answer this then Taz_z | 08/09/04

Answers toadlife | 08/09/04

Good answers Taz_z | 08/09/04

easy tamuhockey | 08/09/04

I hadn't thought of that. enduser_z | 08/09/04

Not sure, but I don't think so. tamuhockey | 08/10/04

Why outbound blocking gives a false sense of security johnrich | 08/13/04

The "Outbound blocking" myth rears it's ugly head again toadlife | 08/09/04

Mostly wrong Taz_z | 08/09/04

All I'm saying is that outbound blocking is an overblown feature toadlife | 08/09/04

All good answers Taz_z | 08/09/04

It saved me enduser_z | 08/09/04

admin is needed toadlife | 08/09/04

Damned if they do, damned if they don't. No_Ax_to_Grind | 08/09/04

But half-a$$ed works Anton Philidor | 08/09/04

Al about persecption. No_Ax_to_Grind | 08/09/04

"... great ..."? Anton Philidor | 08/09/04

Who said anything about selling it? No_Ax_to_Grind | 08/09/04

You're right; I left out a step. Anton Philidor | 08/09/04

Except IE an WMP aren't free voska | 08/09/04

Re:Except IE an WMP aren't free Michael L Hereid Sr | 08/15/04

Amen, Brother Ax! ollie_z | 08/09/04

One problem, I don't trust MS voska | 08/09/04

come again? tamuhockey | 08/09/04

RE: Microsoft is the reason we need AV software Scrat | 08/12/04

Forget Windoze, you Lindoze instead FilledOut | 08/09/04

ANTI-TRUST around the corner? No_Ax_to_Grind | 08/09/04

Hmmm, and not a single responce. No_Ax_to_Grind | 08/09/04

Anti-Trust blacksheepxlch1 | 08/09/04

Because we all know your right voska | 08/09/04

UNIX bsfisher | 08/09/04

It is almost funny! blacksheepxlch1 | 08/09/04

firewalls half@... | 08/09/04

Outbound filtering is overrated! omdguy | 08/09/04

Not that good at all! htotten | 08/09/04

Sorry, but richdave | 08/09/04

UNIX hard to use? errm SCO has run on a lot of tills (and so does linux) hipparchus2000 | 08/09/04

elbow / butt label co-ordination problem. richdave | 08/09/04

Not perfect, but much better than the alternative. JonathonDoe | 08/10/04

Competition, no; enterprise/user satisfaction, yes. Anton Philidor | 08/10/04

it is a freebe firewall V Sanders | 08/10/04

Ironically this motto michael-t | 08/10/04

Consiracy Theory noetze | 08/12/04

Better than nothing... maybe! jwschull@... | 08/12/04

The average user is the problem. rwire@... | 08/12/04

hooray! CheeseToast | 08/13/04

Long Way To Go isowipe | 08/12/04

Educating the public Chiatzu | 08/13/04

If they blocked outbound then... msdead | 08/13/04

ABS FUD ArturoWeenie | 08/15/04

re "SP2's new firewall: Not good enough" V Sanders | 08/16/04

Windows Firewall(XP sp2) coolone1232001 | 12/08/04

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Why Isn't Server Virtualization Saving Us More? A Few Small Changes May Dramatically Increase Your Efficiency VMware Companies have rapidly adopted server virtualization over the past few ... Download Now
VMware Infrastructure: A Guide to Bottom-Line Benefits VMware Frustrated by the costs of maintain ever larger data centers?or building ... Download Now
Three Steps You Need to Know to Stop Data Loss Varonis Sensitive data exposed to misuse or loss... it is the stuff of nightmares ... Download Now

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Thought-provoking progressive ideas on diverse topics that intersect with technology, business, and life, and matter to the world at large. Visit SmartPlanet
More from IBM
How to Drive Better Business Outcomes with Exceptional Web Experiences Download the eBook
Driving Business Agility through SOA Connectivity & Integration Read the White Paper from IBM
Linking Decisions and Information for Organizational Performance Read the Tom Davenport study

Read the original story

Zone Labs jumps on new Windows security API, but do we need more?

What do you think?

SponsoredWhite Papers, Webcasts, and Downloads

Premier Vendor Content Whitepapers, webcasts & resources from our Power Center Sponsors

SmartPlanet

Blogs

Product Reviews

Videos

White Papers and Webcasts

Downloads

More

ZDNet News & Blogs

Product Reviews

Product Blogs

White Papers & Webcasts

Downloads