Vulnerability Development mailing list archives
Re: za and spyware (was: no subject)
From: Jonathan Rickman <jonathan () XCORPS NET>
Date: Wed, 13 Sep 2000 08:28:17 -0400
Would a program such as ... zonealarm ... prevent these things from working. That is, would zone alarm provide you with a pop-up that says something like "so-and-so.dll wants to connect to the internet?" With response options like allow, deny, probe with a red-hot-debugger and "remember" this program? Other than an ad-whacker program which would have to be updated quite often almost like the virus checkers, or zone alarm, is there another solution to this irritating issue?
I believe I can answer the question regarding ZA with some level of accuracy by saying NO!!! ZoneAlarm will not detect the outbound connections, or even warn about them in most cases. I believe (not absolutely sure) that Tsadbot is the only one that actually connects to the net on its own. All others, to the best of my knowledge, use your default browser to establish a "piggyback" connection thus bypassing ZA. @guard can be configured to stop them provided you know they're connecting and where they're going. -- Jonathan Rickman X Corps Security http://www.xcorps.net -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 6.5.2 mQENAzm0QZQAAAEIAN3uNRQlWHMrHwKgTNzpYps6SLipfNvH+0uZi0TvxyXFHiiH kivQYxlcPn/4Za4eyl5XZvP6lGQ3DXcCzT+9di75HqFtTiHeE9YScR0WEeBB1ywL j8nKxFdGMCJ3a3khSafPvyTUQKGaEWQGnui+6UieWeBhDHdE/o21qNd0+6M49P73 0pVTdmdn1jPj1cU+vrqkNWMfNNNhLyPjrdPzoL6SoYzCs6p5YhLWaNOiet/91RhK VpC8uy2cUIWNOAyAOtDJwF4GY+AIVP2WTLg6L/FByDH507HP4NvkbnwPAkDSTh7M TlXvdoeNiaEUCYCgx8CFSCAg/pl819+gts810D8ABRG0JkpvbmF0aGFuIFJpY2tt YW4gPGpvbmF0aGFuQHhjb3Jwcy5uZXQ+iQEVAwUQObRBlNffoLbPNdA/AQETwwf/ d4W131UXeWd1+hcCR1bkFJRx+08fNtHzbMzjqquA4IRPftt72M6RzDsRn1xpsdh+ RqP0oeZ0IfnByhXQ7x65JxRUaYW2mw8GNQOeTkJ2uNDg3SaFG2HGYxASohP2r8D6 Yh1WIfEgf3YDwoKyGAfJTgcfHZe85+hgg6R60KbGMAhWf5Tbb6IEpzdvBi/HoYHC c1km8esjnMPDmR1aLjcRffaMmWGwXk/33oZRo3Q0SO/MvqWyo1kZnq2JIxX0MDAm nm2p0cZtQc1sECkC1XyyyH8tgWhXwzYpucpsQ3IhWFrCuL7y4t/wREOgd4KaSxkN OKraa8g7Nyh4s8rSHFvq5A== =XYFV -----END PGP PUBLIC KEY BLOCK-----
Current thread:
- Re: How to prevent malicious linking/posting to webapps?, (continued)
- Re: How to prevent malicious linking/posting to webapps? Slawek (Sep 12)
- Re: All Advantage Spyware Mark W. (Sep 12)
- Re: All Advantage Spyware Russel Smith (Sep 12)
- Re: All Advantage Spyware Jonathan Rickman (Sep 12)
- Re: All Advantage Spyware Brad Griffin (Sep 12)
- Re: All Advantage Spyware Doug Kahler (Sep 12)
- Re: All Advantage Spyware MJK (Sep 12)
- [no subject] Scott D. Yelich (Sep 12)
- Re: your mail John R. Dennison (Sep 13)
- Re: your mail Scott D. Yelich (Sep 13)
- Re: za and spyware (was: no subject) Jonathan Rickman (Sep 13)
- [no subject] H D Moore (Sep 14)
- [no subject] Blue Boar (Sep 14)
- Re: All Advantage Spyware Lincoln Yeoh (Sep 12)
- Auto-update software... Scott D. Yelich (Sep 12)
- Re: All Advantage Spyware Daehlie Owns (Sep 12)
- Re: All Advantage Spyware Brad Griffin (Sep 12)
- RES: All Advantage Spyware Guilherme Mesquita (Sep 12)
- Re: RES: All Advantage Spyware Russel Smith (Sep 13)