Re: Black Ice, Zone Alarm vulnerabilities spotted

From: Markus Kraus (mkr_at_gmxpro.de)
Date: 02/15/04


Date: Sun, 15 Feb 2004 10:48:40 -0800

On Sun, 15 Feb 2004 17:44:14 GMT, Duane Arnold wrote:

>"\"Crash\" Dummy" <dvader@deathstar.mil> wrote in
>news:102vas7i4d87o96@corp.supernews.com:
>
>> eeye has issued preliminary alerts about Black Ice and Zone Alarm:
>>
>> Description:
>> A remotely-exploitable vulnerability that allows anonymous attackers
>> to compromise default installations of the affected software and gain
>> the highest possible level of access (SYSTEM).
>>
>> Black Ice: http://www.eeye.com/html/Research/Upcoming/20040213.html
>> Zone Alarm: http://www.eeye.com/html/Research/Upcoming/20040213-2.html
>
>That's why one should not use the default out of the box settings on any
>security software and configure the software to provide the protection.

Exactly!

A lot of people argue that it is possible to harden the OS by using
OS-builtin capabilities to make it less vulnerable to attackers, but
they also argue that this is a difficult thing to do and requires lots
of knowledge.

My point is that it very often requires at least as much knowledge to
configure the personal firewall right, and I wonder if the time
required to learn the personal firewall is probably better spent to
learn about those built-in OS capabilities, and learn to understand
TCP/IP and networking and stuff.

As the original posting shows, personal firewalls are not error free.
There is this theorem: Software has errors. Ergo: more software has
more errors. So the attempt to try and fix errors in the software (OS)
by installing even more software is a wong approach, at least to some
extent.

Best regards,
Markus