Everything Is Fallible in Its Own Way

In the November 14, 2001 Security UPDATE, I mentioned a story about TruSecure's PC Firewall Certification program. TruSecure awarded certification to three firewalls: ZoneAlarm Pro, Tiny Personal Firewall for Windows 2000, and Norton Personal Firewall for Windows. You can read more about this story at our Security Administrator Web site.

Shortly after we published that story, I received email from a reader who wrote that a group of researchers has discovered a weakness in ZoneAlarm: The firewall might not protect a system against attack under certain circumstances. Users can reproduce the problem, and the firewall-maker, Zone Labs, is aware of the problem. No patch is available yet, but help is on the way

I spoke with Zone Labs CEO and founder, Gregor Freund, who says the company expects to make a patch available within the next 2 weeks. Freund said that the company hasn't finished its research yet, so it isn't certain which legacy versions of the firewall the problem affects, but that the current version (2.6.362) is definitely vulnerable.

A glitch in multilevel communication is causing the vulnerability. ZoneAlarm uses high-level filtering to govern activity at the application level, and low-level, stateful-inspection filtering to handle activity at the lower layers of the network. The two filtering levels communicate with each other, and a bug in the related code might cause a monitoring oversight. Freund said that Zone Labs hopes to make the patch available before any exploit details become public knowledge. ZoneAlarm users can expect to see a pop-up notice when the patch becomes available.

Consumers need to be aware that even the most well-intentioned product makers and certification agencies are fallible, and users shouldn't adopt the opinion that these organizations' security solutions are totally secure.

We're conducting a new poll this week. If you use a personal firewall, we'd like to know which one: ZoneAlarm, Tiny Personal Firewall, Norton Personal Firewall, Sygate, or another? Please stop by the Security Administrator home page and answer the poll!

Hide comments


  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.