Just curious what you think of Steve Gibson's conclusion that BlackICE does
nothing to stop anything from making outgoing connections? I'm thinking in
particular of his article about the IRC-connecting Sub7 trojans.
(From http://grc.com/dos/grcdos.htm:)
"The Zombie/Bot happily connected without a hitch to its IRC chat server to
await further instructions. The Sub7 Trojan sent off its eMail containing
the machine's IP and the port where it was listening. Then it connected and
logged itself into the Sub7 IRC server, repeating the disclosure of the
machine's IP address and awaiting port number. No alerts were raised,
nothing was flashing in the system tray. The Trojans were not hampered and I
received no indication that anything wrong or dangerous was going on."
Now, I wouldn't put it past him to have somehow misconfigured it. But from
his review it seems like a pretty useless piece of software, if a program
can run roughshod like that with no response at all. It wouldn't be the
first time a company had released something that was essentially
"PlaceboWare." (Some of the Windows 3.1 "memory enhancers" were that way.)
-----Original Message-----
From: Les Bessant [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 11:42 AM
To: '[EMAIL PROTECTED]'
Subject: RE: WinVNC and ZoneAlarm Pro blue screen on win2000-sp2...
Err, apart from the obvious one of not using Zone Alarm? Seriously, have you
tried removing ZoneAlarm (temporarily if need be) and seeing what results
you get using a trial of another personal firewall[1], such as Tiny Personal
Firewall[2], BlackICE Defender[3], or Norton[4], amongst others?
[1] Or intrusion detection product
[2] Free for personal use http://www.tinysoftware.com
[3] I like it, even if Steve Gibson (http://www.grc.com) doesn't
[4] Can cause BSODs on Win2K in some circumstances, but if you are not
affected by that, it's quite nice
Les Bessant mailto:[EMAIL PROTECTED]
IT Manager, Sanderson Townend & Gilbert
Acting in a personal capacity
http://www.tiggercam.co.uk - New, improved and with more bounce!
>-----Original Message-----
>From: Neel, Steve [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, July 24, 2001 3:58 PM
>To: [EMAIL PROTECTED]
>Subject: WinVNC and ZoneAlarm Pro blue screen on win2000-sp2...
>
>
>On Win2000 Pro-Sp2, running VNC(server) as a service. The
>console is logged
>on. When I try and access my system from another
>location(work) using either
>the VNC viewer or the Browser applet, my home PC will Blue
>Screen with a
>Page Fault in Non_Paged memory for vsdatant, which is a
>ZoneAlarm Pro system
>file. It seems to happen more frequently when using the
>vncviewer as opposed
>to the browser applet.
>
>This error does not happen all the time. It seems that if I
>try and access
>the system shortly after it restarts, it works fine. The
>longer the system
>sits idle prior to my remote access the more likely it is to
>blue screen.
>Also, if I access the system from remote successfully and
>remain connected,
>it will not blue screen over time. The problem happens right
>at the moment
>of access or not at all. I'm certain that ZA Pro is configured
>correctly
>(allow VNC to act as a server, Full access to my remote IP, etc...) Any
>ideas?
>
>Zone Labs has said that Zone Alarm and Zone Alarm Pro are not
>compatible
>with WinVNC Server. Being a programmer, I feel anything is
>possible! <grin>
>
>Anyone else run into this problem and more importantly, have a fix or
>work-a-round?
>
>Thanks,
>
>-Steve
>Steven Neel
>Senior Programmer/Analyst
>S&C Electric Company
>Phone: 773-338-1000 (Ext. 2688)
>Fax: 773-338-5102
>http://www.sandc.com?refid=sneel
>---------------------------------------------------------------------
>To unsubscribe, send a message with the line: unsubscribe vnc-list
>to [EMAIL PROTECTED]
>See also: http://www.uk.research.att.com/vnc/intouch.html
>---------------------------------------------------------------------
>
>_____________________________________________________________________
>This message has been checked for all known viruses by Star Internet
>delivered through the MessageLabs Virus Scanning Service. For further
>information visit http://www.star.net.uk/stats.asp or
>alternatively call
>Star Internet for details on the Virus Scanning Service.
>
The information in this communication and any attachments is confidential
and may be legally privileged. It is intended solely for the addressee. If
you are not the intended recipient any use, review, dissemination,
distribution or copying of this information is strictly prohibited. If you
have received this communication in error please notify us immediately on
0191 261 2681 and delete the original message and any copies of it.
Any opinions, conclusions or other information in this message that do not
relate to the official business of Sanderson Townend & Gilbert are neither
given nor endorsed by the firm.
_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
