nanog mailing list archives
Re: Microsoft to ship new versions with firewall enabled
From: Omachonu Ogali <nanog () missnglnk com>
Date: Thu, 14 Aug 2003 15:41:29 -0400
On Thu, Aug 14, 2003 at 05:37:44PM +0100, Richard Cox wrote:
What I do like in the latest release of Zone Alarm Pro is that it will stop ANY program from connecting outbound on Port 25 unless that program has been specifically authorised to send mail. It was quite informative to see which programs were trying to mail information back to their base!
Zone Alarm Pro is very stupid as well. When a machine makes an outbound connection attempt, yes, you'll see a dialog that pops up asking you whether to allow that SINGLE connection or not, I guess this is what you mean... BUT on every single occasion I get that dialog box, it's telling me that the program is trying to access my ISP's DNS servers, which is correct, I click yes to allow that SINGLE connection, and it lets the program go ahead and connect to port 22 (putty is the application in this instance), instead of asking me about port 22 next. Reasons why this is bad? A) Semi-savvy user sees 'DNS' and their ISP's nameservers and clicks yes not knowing it's a trojan trying to resolve the hostname for trojan base. B) Trojanned program operates semi-normally, makes the initial connection to the proper host, you ok it with ZoneAlarm because it looks legit, but ZoneAlarm goes ahead and lets the program connect to whatever it wants after the inital OK, (example scenario: buffer overflow), so the trojan connections are concealed. C) It's bothersome. Ask the user every time they fire up the program whether they want to let it connect to something, and they're going to click the "please don't ask me about this crappy program ever again" checkbox, and be done with it, again, concealing trojan connections in the event the program gets modified later down the road.
Current thread:
- Microsoft to ship new versions with firewall enabled Sean Donelan (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Eric A. Hall (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Greg Maxwell (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Scott McGrath (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Richard Cox (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Crist Clark (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Omachonu Ogali (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Omachonu Ogali (Aug 14)
- Big power outage in Ontario ? Mike Tancsa (Aug 14)
- Re: Big power outage from NYC Robert Cannon (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Greg Maxwell (Aug 14)
- Re: Microsoft to ship new versions with firewall enabled Eric A. Hall (Aug 14)
- RE: Microsoft to ship new versions with firewall enabled Daniel Senie (Aug 14)
- RE: Microsoft to ship new versions with firewall enabled JC Dill (Aug 14)
- East Coast outage? Aaron D. Britt (Aug 14)
- Re: East Coast outage? up (Aug 14)
- Re: East Coast outage? Ray Bellis (Aug 14)
- Re: East Coast outage? Dominic J. Eidson (Aug 14)