I agree with you. Users should upgrade. But the security advisory put out by ZA is stated in a way different then the security mind works. We want to know which ones are vulnerable. Are people still using v3? I guess, I haven't used ZA in a very long time.
But even Microsoft tells you when NT4 and Windows 98 are open to attack. If Microsoft received a security issue and released a statement that said, Windows XP isn't vulnerable...then everyone will be looking at this different. They would be questioning...what about Windows 98? What about Windows 2000 Gold? Etc, etc. I am not saying that ZA is in the wrong, but they should think about changing the way that the information is released. It makes it looks like they don't care about their old customers...which could become their current/future customers. Just my 2 cents and IMHO and all that ... > -----Original Message----- > From: Bart Lansing [mailto:[EMAIL PROTECTED] > Sent: Tuesday, October 04, 2005 8:08 AM > To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; Todd Towles > Cc: [EMAIL PROTECTED]; [email protected]; > [email protected] > Subject: RE: [Full-disclosure] Different Claims by ZoneLabs > on the "BypassingPersonalFirewall (Zone Alarm Pro) Using > DDE-IPC" issue > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > Todd, et al, > > When was the last time you saw an announcement of a > vulnerability that affected windows 3.11? > > If you are 2 or 3 full revs behind the current release > version of pretty much any software, you get what you get. > > On Mon, 03 Oct 2005 17:11:28 -0700 Todd Towles > <[EMAIL PROTECTED]> wrote: > >If a bulb in my car was found to cause a fire in certain > models from a > >certain manufacturer, I would want to know exactly which one were in > >danger...not the other way around. Has ZA tested the other versions? > >They know 6 isn't vulnerable but if they don't say that 3 is > vulnerable > >then we have to "assume" they are. That isn't any type of security > >advisory IMHO. > > > >It just makes the company look like they care more about > making you buy > >the new version as opposed to protecting their customers. Just my > >2 > >cents > > > >-Todd > > > >> -----Original Message----- > >> From: [EMAIL PROTECTED] > >> [mailto:[EMAIL PROTECTED] On > Behalf Of Paul > >> Laudanski > >> Sent: Monday, October 03, 2005 6:55 PM > >> To: Debasis Mohanty > >> Cc: [email protected]; > >> [email protected]; 'Zone Labs Security Team' > >> Subject: RE: [Full-disclosure] Different Claims by ZoneLabs on the > >> "BypassingPersonalFirewall (Zone Alarm Pro) Using DDE-IPC" issue > >> > >> > >> > >> > >> On Mon, 3 Oct 2005, Debasis Mohanty wrote: > >> > >> > >> Paul Laudanski > >> > >> What I'm saying is that the vendor never claimed ZAP > >> versions prior > >> > >> to 5 > >> > are not vulnerable in the report. > >> > > >> > Funny Paul!! You are simple exaggerating upon the same > >> point again and > >> > again in a new style each time. Well, They don't even say that > > >ZAP > >> > versions prior to v5 are vulnerable in their advisory. > >> > >> Glad I made you laugh. We are at odds in this clearly. Zone Labs > >> aka Cisco imvho has issued a fair and accurate release indicating > >> what is not vulnerable and thereby conversely you know > which products > >> are. > >> > >> To that end... I move on. > >> > >> Paul Laudanski, Microsoft MVP Windows-Security CastleCops(SM), > >> http://castlecops.com > >> > >> > >> _______________________________________________ > >> Full-Disclosure - We believe in it. > >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >> Hosted and sponsored by Secunia - http://secunia.com/ > >> > >_______________________________________________ > >Full-Disclosure - We believe in it. > >Charter: http://lists.grok.org.uk/full-disclosure-charter.html > >Hosted and sponsored by Secunia - http://secunia.com/ > -----BEGIN PGP SIGNATURE----- > Note: This signature can be verified at > https://www.hushtools.com/verify > Version: Hush 2.4 > > wkYEARECAAYFAkNCfsEACgkQfw4CJpLBxONlawCfdwJFsYQfhOhMtM+6RoemhlCd0+8A > oL7qIA7uvUvtRzEyWZ/DTR73//B+ > =lX9R > -----END PGP SIGNATURE----- > > > > > Concerned about your privacy? Follow this link to get secure > FREE email: http://www.hushmail.com/?l=2 > > Free, ultra-private instant messaging with Hush Messenger > http://www.hushmail.com/services-messenger?l=434 > > Promote security and make money with the Hushmail Affiliate Program: > http://www.hushmail.com/about-affiliate?l=427 > > _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
