Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Update: Zone Labs Now Says It Will Patch Free Firewall

From: InfoSec News <isn () c4i org>
Date: Mon, 7 Jul 2003 02:09:59 -0500 (CDT)
http://www.extremetech.com/article2/0,3973,1179181,00.asp

By Mark Hachman 
July 3, 2003 

A spokeswoman for firewall manufacturer Zone Labs said the company has
reconsidered a previous decision and will upgrade its free ZoneAlarm
firewall software to address a vulnerability found this week.

A patch to the free version of ZoneAlarm will be issued within two
weeks, the company said. Earlier this week, company executives
characterized the difficulty of exploiting the hole as "the equivalent
of hacker brain surgery" and said the cost to upgrade a free product
would be prohibitive.

"Between the time we spoke with you and last night we found a way to
block this in ZoneAlarm," a Zone Labs representative said in an email
to ExtremeTech. "We can do this without creating greater complexity
for our users or our support staff."

Originally, Zone Labs said Tuesday that it would decline to fix the
vulnerability reported to the BugTraq mailing list, as the company
claimed the hole was a flaw in Windows, and not in its own software.

On Thursday, Zone Labs changed its stance, claiming that any exploit
that took advantage of the hole was still "theoretical", and that that
to its knowledge no hacker had used the vulnerability to compromise a
user's system.

"Zone Labs will make a fix for its free ZoneAlarm product available in
the next two weeks," the company said, in a statement that was also
published to the BugTraq list late Wednesday night.

"In the meantime, users of ZoneAlarm should keep in mind the following
facts", Zone Labs added. "This vulnerability has not been exploited to
our knowledge. This vulnerability requires that a malicious
application is running on the affected PC. For this to occur, an
attacker would have to break through the other protection layers of
ZoneAlarm (firewall, stealth mode etc.) as a first step."



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.
Previous By Date Next
Previous By Thread Next

Current thread: