Home » Resources » Software » Reviews » ZoneAlarm Pro 3.0
13 Nov 2001 23:12:21
Gregor blows more smoke.
From: Gregor Freund
To: Michelle Delio, Tom Liston
Copies to: Mischa Garner, Te Smith
Subject: RE: FW: wired news story
Date sent: Tue, 13 Nov 2001 23:12:21
Tom, Michelle:
packet.sys/packet.vxd exploits have been around for years. As a
matter of fact they were one of the benchmarks we used when we
originally developed our TrueVector technology and ZoneAlarm. They
all base on the packet driver samples that come as part of
Microsoft's DDK (Device driver Development kits). We are aware that
some competing products are vulnerable against this exploit but we
are testing ZoneAlarm regularly against it and haven't found it
susceptible. Obviously under Windows NT/2000/XP you also need
administrative privileges to install a device driver.
To answer your more detailed questions: NDIS consists out of two
parts: Protocol drivers (such as MS's TCP/IP implementation) and
adapter drivers (such as the driver that controls your Ethernet card
or dial-up connection). The packet driver is designed to talk
directly to the adapter driver, bypassing the normal TCP/IP protocol
driver. Our firewall component sits below that driver and can 'see'
and filter any packet regardless of the protocol driver you're
using. As I've previously said, there is always a chance that under
some limited circumstances (such as specific versions of Windows
etc) that there is a vulnerability in our code but certainly nothing
systemic as you seemed to suggest. Our QA department is trying to
ascertain if there are any such issues with your sample application.
So far any similar claims were simple test errors such as scanning
computers that are in your local zone (which is not shielded by the
firewall).
I hope this clarifies the issue. I will get back to you once we've
completed tests on the code we've received this morning. Any
additional assistance such as the source code of the application or
the exact configuration you've tested would be appreciated.
Best Regards,
Gregor Freund
CEO, Zone Labs, Inc.
Prev | TOC | Next
|