It appears that Zone Alarm is not quite so smart as it thinks it is. I have just written an application that downloads some stuff from a Web Site when it is first run. Zone alarm pops up and asks for permission for the application to access the Internet as you would expect. Fine so far. However, later on the the programme, it uploads some stuff to an FTP server at a different address which Zone Alarm completely ignores. Once you have given it access to the Internet it allows an application free reign to do what it likes. Doesn't take a lot of imagination to see how that weakness can be exploited by a Trojan. This is the paid for Pro edition. However the free version of Sygate Firewall does log every access to a different address and and ask permission before proceeding. Stuart

Just allow it once instead of all of the time then lol. Matt www.bbcomputing.co.uk matt@bbcomputing.co.uk

When its downloading stuff every ten minutes that becomes if a bit of a pain!! Besides, I wrote this application myself, I know exactly what it is doing, so allowing or disallowing it is not relevant. The point is if my application can do it, what else can do it that has been written by some toe rag. Stuart

ZA detects changes to "allowed" applications. If you have given a program permission to access the Internet or act as a server and you stupidly load a trojan onto your machine that changes this program, ZA alerts you that the program has changed and asks if you want to reauthorize it. Nothing protects completely against you being stupid: ZA is only one layer of security in a security-conscious system. You have run periodic AVSs of your hard drive, you have AVS all programs you manually load, you have to keep track of changes to your programs and be suspicious when a previously "trusted" program changes w/o your knowing about it. Just like a car only as safe as the little nut loose behind the wheel, a LAN is only as secure as the users on the network.

You are missing the point. It's got nothing to do with a programme being changed or acting as a server. An application doesn't have to be a server to download or upload to the Intenret. Once a programme has been given access to the Internet, Zone Alarm gives it the freedom to do what it wants with any IP address. Stuart

So what is the point you are trying to make? If you allow a program internet access that usually means you trust it... And if zone alarm doesnt fit your needs just use something else. Matt www.bbcomputing.co.uk matt@bbcomputing.co.uk

Maybe I am alone here. But first off, why are you testing vulnerablities in software firewalls? Makes me alittle suspicious of your intentions all together. Secondly, ok if you allow the firewall to always allow a program to access the internet, then thats what it will do, if you say ask permission everytime, then it will ask if the internet resource can be used by the program. Thats not a security flaw, its more common sense. Unless I am missing your point. Zone Alarm is a great free program and there is a reason it is so popular. Also, any software firewall does this. Like I said, if you give a program permission to access the net whenever it wants, then thats what it will do.