Re: Avast or Zone Alarm using proxy server?
From: Gerald Vogt (vogt_at_spamcop.net)
Date: Tue, 22 Feb 2005 10:40:53 +0900
ROBERT S AMP BA Drake wrote:
> ZoneAlarm has asked permission to go out on two occasions for me that were
> unknown programs. Symantec research identified them as viruses and I was
> able to kill them off. They both came through the browser. That alone
> gives ZA an advantage over MS FW - IMO
First: you had the virus already. Why do you run viruses in the first
place. A virus running on your computer can do whatever you can do on
the computer. Including reconfiguring ZoneAlarm.
Second: you do not know that ZoneAlarm "killed them off". You know maybe
the some communication attempt was blocked. You do not know what other
attempts have been made as well which ZoneAlarm did not detect. How do
you know that this was not a probe message for you to catch so that you
think "ZA protected me. I am safe".
Third: This killing off only leads you to the conclusion that you are
safe and protected for now. This is wrong. A compromised computer is a
compromised computer. If you already had two viruses and will expect
more to come soon. And I would not wonder that this may be due to some
backdoor or similiar that goes undetected in ZoneAlarm.
Fourth: I know the truth is hard to grasp and you won't like it, surry,
but: It is most likely your fault of lacking precautions on your actions
that you got that virus. Either you run it or installed it with some
dubious software or you got it because you did not keep your system
up-to-date. The occasions where an unknown/not-yet-patched security
vulnerablity are not impossible but yet pretty rare.