RE: Unsecure file permission of ZoneAlarm pro.

["Matthew Farrenkopf" <farrenkm () ohsu edu>]

Ron DuFresne <dufresne () winternet com> 8/20/2004 1:10:21 PM:
> yet, if I read this properly it wasnpt simply and open e-mail
attachment
> issue was it, it was open attachment then make suggested changes to
the
> system issue wasn't it?  If I understood the problem, then it really
> requres more then a simple luser, it requires the most stupid of
lusers
> for it to take.  and in that case, we're perhaps better off with
them
> DOS'ed? <smile>

Okay, so I didn't make myself clear.  Hmm.

My contention was that, if permissions are Full for Everyone, then the
virus could write changes on its own.  Depending on how it works, it's
conceivable these changes are not detected by the TrueVector(R) driver. 
By making changes, that could trip ZA's integrity checks (at some point;
after rebooting, perhaps) and cause it to fail.  By failing, the user
can no longer connect to the Internet and may not understand why or know
what to do about it.

E-mail w/virus -> (L)user opens -> Runs attachment -> Attachment makes
changes to key ZA files since permissions are wide open -> ZA fails
integrity check -> denies Internet access.

That is the full timeline I had in mind, and the nature of the DoS.

Your suggestion reminds me of the "(insert name of group of people
here) Virus" (I Googled it to the Kentucky Virus, but I'm sure it has
other names), whereby the virus works on the honor system and the user
should erase his/her own hard drive. :-)

Matt


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html