On Thu, 2003-08-28 at 14:59, Derek Jennings wrote: <snip> > As I understand it. There is nothing to stop a virus reconfiguring ZoneAlarm > so it is undetected. > > http://securityresponse.symantec.com/avcenter/venc/data/backdoor.tron.html > > I may be wrong but I believe there is also nothing In Windows to stop a virus > simply bypassing the IP stack and using raw sockets to send packets to the > interface around the firewall. > > http://www.securityfocus.com/bid/3647/discussion/ > > To do the same thing under Linux the virus would have to be running as root, > and of course we *never* run as root do we? > > As for a Linux app aware firewall try this one http://www.itshield.com/ > (I have not tried it) > > > derek
Seen all this. ZA got smart, it generates an encrypted sig file for itself now. Makes sure it can't be compromised either... and it is not easily killed in newer versions. Sides, that kind of attack is pretty sophisticated & the avg ZA user won't be affected. Yes its possible it will get thru...but if you see ZA isn't in your tray anymore wouldn't you be suspicious? I know I would. ZA Defender, Femme :)
Want to buy your Pack or Services from MandrakeSoft? Go to http://www.mandrakestore.com
