It is worth noting that the application filtering of zone alarm and other such "personal firewalls" is trivial to work around. There have been a number of articles on it (google for them). One brief example:
Hostile process spawns iexplore.exe with a URL that "phones home". iexplore.exe is almost certainly a trusted application. Attacker wins (as always). Also worth noting, two other dedicated "firewalls / access points" from Linksys and DLink specifically say that they may "crash" when under attack to "protect" your network. I don't think I need to say any more about that... Cheers, Adam On Thu, 2003-06-05 at 06:31, Shawn McMahon wrote: > On Wed, Jun 04, 2003 at 08:37:50PM -0700, morning_wood said: > > > > you must have really crappy admin if you need per application blocking > > ( hint: kill the process ) > > hint: most people on the Internet don't have admins. How much time do > you spend monitoring your grandmother's computer for suspicious > processes? -- Adam Lydick <[EMAIL PROTECTED]> _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
