RE: Unsecure file permission of ZoneAlarm pro. (ZA will fail to load)-WASTE OF TIME

["Cassidy Macfarlane" <cmacfarlane () Drummond-Miller co uk>]

ffs

Open a cmd, type 'format c: /y'

Omg, phone billy g, it's a massive DoS/vuln.

Get a grip bipin.  If a malicious user has command line access to your
system, 'zonealarm' is the last thing you should be worrying about.


-----Original Message-----
From: bipin gautam [mailto:visitbipin () yahoo com] 
Sent: 23 August 2004 15:34
To: barrie () reboot-robot net
Cc: full-disclosure () lists netsys com
Subject: Re: [Full-disclosure] Unsecure file permission of ZoneAlarm
pro. (ZA will fail to load)



--- Barrie Dempster <barrie () reboot-robot net> wrote:

> In reply to my own previous email, I assumed ZA
> would fail, as others
> have on this list, with an EVERYONE:DENY security
> policy, however this
> isn't the case.
> ZA 5.1 PRO Trial version will change this to
> EVERYONE:FULL for the
> duration of the program after which it will then
> change these settings
> back to the original EVERYONE:DENY. This throws out
> the DoS theory, but
> the permissions are still extremely permissive, if
> the "truevector
> driver" was to have issues with it's integrity
> checks then the files in
> this folder would be easily compromised.


not really, just simply, go to  internet log directory
and , do

..\..\Internet Logs\>attrib/s +h +s +r +a *.*

next time Zap'S "truevector driver" will fail to load.
when the pc reboots or zap restarts...

bipin

ps: thanks for the 'Rant's-&-Raves' regarding NTFS (O; 


                
__________________________________
Do you Yahoo!?
Yahoo! Mail Address AutoComplete - You start. We finish.
http://promotions.yahoo.com/new_mail 

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html