About | Buy Stuff | News | Products | Rants | Search | Security
Home » Resources » Software » Reviews » ZoneAlarm Pro 3.0

13 Nov 2001 23:12:21

Gregor blows more smoke.

     From: Gregor Freund
       To: Michelle Delio, Tom Liston
Copies to: Mischa Garner, Te Smith
  Subject: RE: FW: wired news story
Date sent: Tue, 13 Nov 2001 23:12:21

Tom, Michelle:

packet.sys/packet.vxd exploits have been around for years. As a 
matter of fact they were one of the benchmarks we used when we 
originally developed our TrueVector technology and ZoneAlarm. They 
all base on the packet driver samples that come as part of 
Microsoft's DDK (Device driver Development kits). We are aware that 
some competing products are vulnerable against this exploit but we 
are testing ZoneAlarm regularly against it and haven't found it 
susceptible. Obviously under Windows NT/2000/XP you also need 
administrative privileges to install a device driver.

To answer your more detailed questions: NDIS consists out of two 
parts: Protocol drivers (such as MS's TCP/IP implementation) and 
adapter drivers (such as the driver that controls your Ethernet card 
or dial-up connection). The packet driver is designed to talk 
directly to the adapter driver, bypassing the normal TCP/IP protocol 
driver. Our firewall component sits below that driver and can 'see' 
and filter any packet regardless of the protocol driver you're 
using. As I've previously said, there is always a chance that under 
some limited circumstances (such as specific versions of Windows 
etc) that there is a vulnerability in our code but certainly nothing 
systemic as you seemed to suggest. Our QA department is trying to 
ascertain if there are any such issues with your sample application. 
So far any similar claims were simple test errors such as scanning 
computers that are in your local zone (which is not shielded by the 
firewall).

I hope this clarifies the issue. I will get back to you once we've 
completed tests on the code we've received this morning. Any 
additional assistance such as the source code of the application or 
the exact configuration you've tested would be appreciated.

Best Regards,

Gregor Freund
CEO, Zone Labs, Inc.

Prev | TOC | Next

About | Buy | News | Products | Rants | Search | Security
Copyright © Radsoft. All rights reserved.