Home » Resources » Software » Reviews » ZoneAlarm Pro 3.0
16 Nov 2001 13:04:06
Tom waxes more philosphical.
Subject: Re: Time Is On My Side
From: Tom Liston
Date: Fri, 16 Nov 2001 13:04:06
To: radsoft.net
Issues:
> - They have a new version on its way out.
Yes, but based on GF's actions, we can both be pretty sure that
this caught them with their pants down. You don't spend 4 hours
working on something that you KNOW how to fix.
> - They are about to be called frauds.
This is probably the least of their worries. No one will call them
frauds. Spin: Their software failed to block a 'clever' attack.
There is no proof that it's ever been exploited, so they'll just say
that they're working on a fix.
The really tough issue for them is this: despite GF's claims to the
contrary, this IS a core architecture issue. ZL ain't a brain
trust...
I've been getting that notion loud and clear. Blocking (REALLY
blocking) outbound traffic is HARD. We're talking ZL here, not
Radsoft. If you found an issue like this in one of your programs,
you would go into overdrive and work your tail off until it was
fixed.
But these folks have other 'issues' to consider. They have
compatibility issues, they have their 'certification' issues, they
have 'code reviews' and all sorts of BS to deal with. The bigger
the ship, the more difficult it is to turn.
> - They can in theory demultiplex all the way up from packet level
> to see the originating app.
FROM WHAT? They don't even know there's a packet going out!!!!
That's bridge #1 they gotta cross...
Let 'em. What's it get 'em? Hmmm.... how about we pull all that
dll crap down inside our application? Hmmm.... how about we toss
the all the crap INSIDE the frickin' VXD? THEY CAN'T BLOCK EVERY
DAMN CALL TO NDIS. Programs'll be yacking up chunks all over the
place...
> - They would love to deny what you claim.
With an installed base in the millions, do you REALLY think they
can? Like I said... big ships don't turn fast.
-TL
Prev | TOC | Next
|