>ZoneAlarm does not rely on file permissions to protect >any configuration files. Configuration files are protected >by our TrueVector(r) driver in the kernel.
>then ALL YOU NEED TO DO, >is to change the folder permissions to EVERYONE: DENY, and NTFS will >not EVER allow you to recover this folder. ZA will thus never operate >properly on this machine again. Not really, I've discoverd a NTFS feature (BUG?). well... If you have system/administrative privilages in a disk.... you can read/modify a file even though it has "EVERYONE: DENY" permission set. All you have to do is read the file through RAW disk access... instead of going through the standard procedure. This will let you read/modify the file even-though it has the permission "EVERYONE: DENY" For quick demo. use any, file delete/recovery utility... to read a file that has EVERYONE: DENY permission set. -------------- But, this trick isn't limited to this... i've foud some intresting thing. -------------- EVEN THOUGH ZA has its 'SECURITY' feature enabled, all a attacker has to do is, E:\WINDOWS\Internet Logs\> attrib/s +h +s +r +a {{{ and compress the folder (optional) }}} Next time, when ZAP or PC restarts... its so called, TrueVector(r) driver in the kernel will fail to load at all. (cheese!) Now, DOES ANYONE SEES A HOLE..... (O; bipin __________________________________ Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. http://promotions.yahoo.com/new_mail _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html