Re: Zone Alarm - firewalls

On Thu, 31 Aug 2006 08:21:06 GMT, "pc doctor" <msuhm@xxxxxxxxxx>
wrote:


The system protection does not have to have failed for a trojan to enter
your computer.

No-one said it did. But if it's phoning home then it has already been
executed and is running.

<snip>

The Windows firewall would not stop the trojan from connecting, and you
would not likely be aware of it.

Zonealarm will tell you about outgoing connections that don't make any
attempt to hide themselves. This usually also means the connections
are probably valid anyway. It's the ones it doesn't tell you about
that you need to worry about the most.


From this point forward, your system could
become a "zombie" for forwarding spam e-mails out to the world, and you
would not have any clue it was happening


True with or without zonealarm is malware is active.


In regards to your comment that in an infected system, the malware can do
what it likes, how is the trojan going to start controlling the outgoing
notifications of your firewall unless there is an unpatched vulnerability
that would allow it to take control of the firewall.

Assuming something more than a sledgehammer approach which closes down
the firewall (a simple wm_destroy to the process called zonealarm used
to close it completely and maybe still does), a likely approach would
be for the malware to use (say) your browser to send out all your
sensitive data since this more than likely already has zonealarm's
permission to send stuff out onto the Internet.


And wouldn't the
trojan have to be coded to take advantage of your particular brand and
version firewall?


The more popular the firewall, the more tempting it would be for a
malware author to write stuff to circumvent it.


With todays systems, considering the fast cpu speeds, and the much larger
and faster memory, how much of a hit are you actually taking by having
outgoing protection? Are you foregoing anti-virus protection also?

pc doc



If you're happy with za outgoing protection then stick with it. Just
don't expect it to tell you about everything.

If I was behind a router I wouldn't bother with a firewall at all. If
a machine has a direct connection to the Internet I would use the
built in firewall. I would always recommend using av though not
resident scanners for clued up people.


Jim.

.

Relevant Pages

  • Re: Zone Alarm - firewalls
    ... system protection has already failed and some malware is already ... The system protection does not have to have failed for a trojan to enter ... The file was actually a backdoor trojan disguised as a valid file. ... computer will trigger warnings *only if* you have a firewall with outgoing ...
    (alt.comp.anti-virus)
  • Re: Modem with NAT firewall, do I also need a software firewall?
    ... Zonealarm installed. ... Windows XP Firewall is enabled, ... If you need outgoing protection - you're already messed up. ...
    (microsoft.public.windowsxp.hardware)
  • Re: firewall on budget ?
    ... can do, however, is flag an alert if a trojan is trying to call home. ... test the firewall for this type of outgoing threat. ... Firewall (I actually use ZA Free behind a NAT router) is that it is ... I have used outbound protection tests to ...
    (microsoft.public.windowsxp.general)
  • Presentation: Bypassing client application protection techniques with notepad
    ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ...
    (NT-Bugtraq)
  • Presentation: Bypassing client application protection techniques with notepad
    ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ...
    (Bugtraq)