Serious Computer Security Issues

[herme3]

ZoneAlarm is a popular security firewall that is believed to be one of the best security systems available. A few days ago, all ZoneAlarm products on thousands of computers suddenly shut down. It was later announced that Zone Labs, the creators of ZoneAlarm attempted to run a background automatic update to their software, and failed. After they realized that all of their customers' firewalls had crashed, they ran another background automatic update that fixed the problem. Nobody that used the firewall was aware that their software was being updated.

 

The fact that ZoneAlarm products were shutdown on so many computers made me realize how bad the security is on Zone Labs products, Microsoft Windows, and even hardware firewalls. First, it appears that Zone Labs is capable of making large changes to your computer without your permission. To be able to make these changes to my computer, Zone Labs got past a hardware firewall built into my router, Microsoft Windows security, and Microsoft AntiSpyware. Microsoft AntiSpyware is supposed to notify a user if any application or person makes a large change to a computer. I was not notified when Zone Labs sneaked several compressed folders into the directory "C:/Windows/Internet Logs". After that, it proceeded to extract these files into the TrueVector service which is contained in the folder "C:/Windows/System32". This is the main Windows XP folder, and it is supposed to be under heavy protection by the operating system. Can you imagine what would happen if someone hijacked the Zone Labs servers, and put a virus into the operating system's main folders? Thousands of computers could have their hard drives erased. Why was Zone Labs capable of getting past Windows and my hardware firewall? I never configured either one to allow Zone Labs to get past them. If Zone Labs can do this, couldn't other hackers? This is obviously a huge security issue in products that were once believed to be very secure.

[Bettina]

ZoneAlarm is a popular security firewall that is believed to be one of the best security systems available. A few days ago' date=' all ZoneAlarm products on thousands of computers suddenly shut down. It was later announced that Zone Labs, the creators of ZoneAlarm attempted to run a background automatic update to their software, and failed. After they realized that all of their customers' firewalls had crashed, they ran another background automatic update that fixed the problem. Nobody that used the firewall was aware that their software was being updated.

 

The fact that ZoneAlarm products were shutdown on so many computers made me realize how bad the security is on Zone Labs products, Microsoft Windows, and even hardware firewalls. First, it appears that Zone Labs is capable of making large changes to your computer without your permission. To be able to make these changes to my computer, Zone Labs got past a hardware firewall built into my router, Microsoft Windows security, and Microsoft AntiSpyware. Microsoft AntiSpyware is supposed to notify a user if any application or person makes a large change to a computer. I was not notified when Zone Labs sneaked several compressed folders into the directory "C:/Windows/Internet Logs". After that, it proceeded to extract these files into the TrueVector service which is contained in the folder "C:/Windows/System32". This is the main Windows XP folder, and it is supposed to be under heavy protection by the operating system. Can you imagine what would happen if someone hijacked the Zone Labs servers, and put a virus into the operating system's main folders? Thousands of computers could have their hard drives erased. Why was Zone Labs capable of getting past Windows and my hardware firewall? I never configured either one to allow Zone Labs to get past them. If Zone Labs can do this, couldn't other hackers? This is obviously a huge security issue in products that were once believed to be very secure.[/quote']

 

Yesterday, I couldn't log onto my computer because of a "true vector" error from zonealarm. I tried everything but dad and I finally uninstalled zonealarm and everything was ok again.

 

We are now running without it, and using our router as a firewall. I thought it was just us until I read your post.....thanks

 

Bettina

[herme3]

Yesterday' date=' I couldn't log onto my computer because of a "true vector" error from zonealarm. I tried everything but dad and I finally uninstalled zonealarm and everything was ok again.

 

We are now running without it, and using our router as a firewall. I thought it was just us until I read your post.....thanks

 

Bettina[/quote']

 

Yes, this problem happened to everyone that had any type of ZoneAlarm product. Their servers went into your computer and changed some of the TrueVector files. I guess they must have not tested the files too well. It took them about 5 hours to realize that all of their customers were receiving that error. Then they automatically went into your computer again and changed the files to fix the problem. This didn't just happen to you and me, but it happened to thousands of people worldwide. The TrueVector error message came up whenever you tried to connect to the Internet until they fixed the problem.

[Dak]

Zone Labs got past a hardware firewall built into my router...

getting past firewall: if zonealarm (or any other program) actually request an update over the internet, then a one-way firewall (such as is on your router) will allow the files to be delivered to your computer, what with them actually having been requested by your computer. a two way firewall will ask your permission before allowing the program to ask for the updates over the internet. I dont know wether zonealarm has a built in bypass so that its own firewall can access the update thingy without asking, or wether you may have clicked the 'always allow this program acess to the internet' jobby when zonealarm first asked for internet access.

 

...Microsoft Windows security...

Ha. ha-ha, ha. ha.

 

...and Microsoft AntiSpyware.

the active protection of microsoft antispyware probably doesnt consern itself with preventing automatic updates, and aslong as it could be done without modifying the reg, then theres no reason why M$ anti-spyware would notise.

 

just out of interest, was this zonealarm or zonealarm pro? iv never had the program updated without my knowledge (AFAIK), its always popped-up a message telling me a new version is available, and that i should download it and update.

We are now running without it' date=' and using our router as a firewall. I thought it was just us until I read your post.....thanks[/quote']Id strongly reccomend either reinstalling ZoneAlarm, or installing Kerio firewall., lest thee get infected (well, not thee personly, but thine computer)

[mezarashi]

I agree with you herme3. The fact that more companies are implementing these so called "automatic updates" makes me very uncomfortable. If in the wrong hands, this can be used to hi-jack a lot of computers. The update process will be able to get past all your other "protections" of course, because originally this process is authorized. The problem is you don't know what it's auto-updating itself to... somehow I just don't trust them. I can imagine one of those Skynet takeover predicaments sometime in the close future where Microsoft or some entity takes over the world by trying to update malicious code onto all computers running Windows.

[JPQuiceno]

GNU/Linux & Unix ALLLLLLLLLL THEEEEEEEE WAYYYYYYYYYYY!

[Dak]

The update process will be able to get past all your other "protections" of course, because originally this process is authorized. The problem is you don't know what it's auto-updating itself to... somehow I just don't trust them.

first time they try and update, a two-way firewall will pop up a message asking if its ok to let them. i always say yes, but never 'always allow this program'. that way, i get informed everytime they try and update (the exeption being anti-viruses, which update every day and that i kinda trust not to put junk on my pc).

[husmusen]

The fact that more companies are implementing these so called "automatic updates" makes me very uncomfortable. If in the wrong hands, this can be used to hi-jack a lot of computers. The update process will be able to get past all your other "protections" of course, because originally this process is authorized. The problem is you don't know what it's auto-updating itself to... somehow I just don't trust them.

 

Something which I am sure has probably occured to at least some if not most crackers and the Russian mafia.

 

Does anyone know if sygate has similar issues?

 

You could try running tiny in conjunction with your firewall, each one

keeping tabs on the other.

 

And microsoft security is a contradiction in terms.

 

Cheers.

[5614]

It is easy to think of the hardware/software firewall options like this... A hardware firewall rule out amateur hackers, whereas a software firewall will eliminate almost all threats, other than a true true mastermind (ie. the ones who hack USA military stuff) and there's little you can do about them.

 

What you must remember is that if you open a file and that instals stuff on your computer and opens back doors on your computer a hardware file will let these work (because the computer is requesting the data) but a software firewall has a chance of realising the program is dodgy, although understand that sophisticated back doors exist that are seriously harder to stop.

 

Basically don't open dodgy files and software firewalls are better than hardware!