Theme

Welcome · log in · join

Forums → Software and Operating Systems →

Security → Re: Weather bug access to "net" B4 ZA is loaded

uniqs
11

« MVPS.org vs. MVP.org • PC in the DMZ »

This is a sub-selection from Weather bug access to "net" B4 ZA is loaded

EGeezer Premium Member join:2002-08-04 Midwest 2 edits	EGeezer to RockyRMG Premium Member 2004-Jan-9 6:15 pm to RockyRMG Re: Weather bug access to "net" B4 ZA is loaded Hi Roxanne, I'll take a shot at it based on what I'd do and what I would do if I were more concerned about vulnerability; You have a router (Missed my guess on the brand )so I'd test to ensure your firewall type features of blocking unsolicited inbound requests are active. You can also turn off answering PINGs if you wish. Then install any available updates to your security applications and perform any scans they provide. Using msconfig, uncheck weatherbug(weather on my system) from startup if you want to keep it. I don't find anything objectionable to me in Wxbug but I regularly scan my PC for adware and other crapware too - just in case. After you've finished your housekeeping, test with something like grc.com, BBR tools or other popular scanner to see if your router and ZA are doing their jobs. As I said before, there's reasonable evidence to believe the ZA window could present a vulnerability opportunity, but as of today no exploits are known and I feel exposure small for anyone with typically implemented security apps and configurations. Based on what I've been able to discover Zone Alarm has been silent, even to its Team Z members, on the issue of the potential vulnerability. If, after your own research, you feel uncomfortable with ZA's protection during the window, you might disconnect by using the disconnect feature on newer RoadRunnere modems, power off the modem or unplug the ethernet cable until your PC has powered up completely. Switching to another ZA-type product may not exempt you from this relatively small "hole" as I am seeing reports in this forum of other products behaving similarly. I hope I've provided you with acceptable solutions while avoiding any initiation of flame wars in this topic between folks who differ on ZA's potential exposure. Have a great day, EG Edit - Corrected lousy spelling, syntax and capitalization
	· actions · 2004-Jan-9 6:15 pm ·
IGGY9 No Guru Just Here To Help Premium Member join:2001-03-30 Chatham, IL	IGGY9 Premium Member 2004-Jan-9 7:06 pm "Based on what I've been able to discover Zone Alarm has been silent, even to its Team Z members, on the issue of the potential vulnerability." So far yes this is the case. But don't read to much into that just yet. This subject originally came up in the other thread during a holiday in which I know at least 1 of our contacts was out of office. This week is CES in Las Vegas - I'm not sure if ZoneLabs has a presence there this year. But I'm sure they very well might. So both our major contacts might be at that convention. I know 1 of those contacts has a faithful laptop they take with them to shows. So if they are at CES hopefully they'll at least get my most recent email. Just sent a few hours ago. I'm personally not extremely concerned at this point. But it's something worth testing and if there is a chance for exploit. As I said in the other thread - the product needs to be hardened to this. I'd like to see how other products fair in relation to this as well. Just for the sake of having an across the board fair representation.
	· actions · 2004-Jan-9 7:06 pm ·
Tablet Premium Member join:2003-01-15 Czech	Tablet Premium Member 2004-Jan-9 7:45 pm said by IGGY9: I'd like to see how other products fair in relation to this as well. Just for the sake of having an across the board fair representation. I tried Outpost Pro v2.0.238 and it is vulnerable during boot-up as well. But when the Outpost service loads (before user logon), all of its functionality is activated, including outbound program control, logging functionality, etc.. ZA has these activated only after GUI loads. I suspect it could take some time for ZA to fix this, will probably take some big redesigning..
	· actions · 2004-Jan-9 7:45 pm ·

rtcy FACTS only please Premium Member join:1999-10-16 Norwalk, CA	rtcy to IGGY9 Premium Member 2004-Jan-9 7:57 pm to IGGY9 I see a lot of ASSUMPTIONS being made in this thread, but lack of real testing, and so far the OP has not said for SURE if they have ever clicked on the YES remember this option, so it could be a legitimate access outbound due to the rules clicked on by the user OR another user that has access to that machine are they using a password on ZA to keep others from answering yes on programs? have they looked in the registry under RUNONCE and RUN (2) ocurrences of each , and in other places and verified that ZA is indeed loaded BEFORE other APPS, I know that services usually get loaded even before the run and runonce items come into play, BUT since the weatherbug is being labeled as SPY ware it could have played a trick in the registry there are a lot of variables maybe the folks at ZA will come back with a definitive answer
	· actions · 2004-Jan-9 7:57 pm ·
RockyRMG join:2003-09-30 Appleton, WI	RockyRMG Member 2004-Jan-9 8:11 pm No, I am positive I have never clicked on YES remember this option. I am the only one using my computer-yes password protected-my hubbie and kiddos have their own computers.
	· actions · 2004-Jan-9 8:11 pm ·

RockyRMG	RockyRMG to EGeezer Member 2004-Jan-9 9:30 pm to EGeezer Thank you so much for all your help (and everyone) I've learned a lot today! Roxanne
	· actions · 2004-Jan-9 9:30 pm ·

Forums → Software and Operating Systems → Security	« MVPS.org vs. MVP.org • PC in the DMZ »
This is a sub-selection from Weather bug access to "net" B4 ZA is loaded