Re: Zone Alarm - firewalls


"James Egan" <jegan@xxxxxxxxx> wrote in message
news:ibkcf29vu8hja80v954flhoddm9qubhai9@xxxxxxxxxx
On Wed, 30 Aug 2006 17:42:23 GMT, "pc doctor" <msuhm@xxxxxxxxxx>
wrote:

[snip]

The key point you seem to be ignoring in this scenario is that the
system protection has already failed and some malware is already
active. That being the case the malware can do what it likes which
includes circumventing zonealarm's outgoing notification. Consequently
this outgoing notification is of miniscule value and is considered by
many to be not worth the drop in performance caused by the resource
guzzling firewall.

The system protection does not have to have failed for a trojan to enter
your computer.
For example, let's say my son/daughter uses a file-sharing program and
intentionally downloads a file that they believe to be a safe file. They
click on the newly downloaded filename and see nothing happening, but in
fact, the file discreetly installs itself on my system and starts to "phone
home". The file was actually a backdoor trojan disguised as a valid file.
Or perhaps the trojan is packaged as part of a real program. I have seen
malware start up from the clicking of an "uninstall" icon for a seemingly
valid program.
The action of downloading the "trojan" file is not likely to trigger any
type of warnings from any security programs or scanners.
The act of installing the trojan is not likely to trigger any warnings
either.
But the action of the trojan attempting to connect to it's host server or
computer will trigger warnings *only if* you have a firewall with outgoing
protection.
The Windows firewall would not stop the trojan from connecting, and you
would not likely be aware of it. From this point forward, your system could
become a "zombie" for forwarding spam e-mails out to the world, and you
would not have any clue it was happening

In regards to your comment that in an infected system, the malware can do
what it likes, how is the trojan going to start controlling the outgoing
notifications of your firewall unless there is an unpatched vulnerability
that would allow it to take control of the firewall. And wouldn't the
trojan have to be coded to take advantage of your particular brand and
version firewall?

With todays systems, considering the fast cpu speeds, and the much larger
and faster memory, how much of a hit are you actually taking by having
outgoing protection? Are you foregoing anti-virus protection also?

pc doc



.

Relevant Pages

  • Re: Malware
    ... it does not show that it includes Malware protection but the Security Centre shows that the Malware protection is on all the time and only disappears when I get the warning on the Taskbar. ... The warning disappears if I restart the computer and then the Security Centre show that the Malware protection is on. ... It is still considered by everyone whose opinion matters to me an "adequate" firewall. ...
    (microsoft.public.windows.vista.security)
  • Re: Cant Firewall/Remote
    ... worm protection that will block inbound connections. ... will not start in Safe Mode but then the Windows Firewall might. ... some basic network troubleshooting such as try pinging your computer by IP ... I already scanned for malware and viruses, ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Understanding NAT, Firewalls, TCP/IP
    ... > approach as well in Windows Firewall, ... > block malware from listening at a port for controller probes. ... whilst providing little in the way of real protection. ... then the malware also has administrative rights. ...
    (comp.lang.java.programmer)
  • Re: OT: Laptop sufficent for Vista?
    ... protection despite the claims made to the contrary. ... a fool's paradise since the really nasty malware is likely to be ... quite capable of disabling such notifications (or, indeed, the ... firewall protection itself). ...
    (uk.comp.homebuilt)
  • Re: Zone Alarm - firewalls
    ... The system protection does not have to have failed for a trojan to enter ... that would allow it to take control of the firewall. ... If you're happy with za outgoing protection then stick with it. ...
    (alt.comp.anti-virus)