The extremely popular firewall, ZoneAlarm, has been dealt a nasty blow with a "highly critical" security hole that allows system access to remote users - i.e. the worst possible situation. The hole affects the most recent version of ZoneAlarm - version 4 - and users with the software's update facility turned on were this morning warned to upgrade and asked to download a run a 4.8MB patching file. The vulnerability itself is an unchecked buffer in the fundamental e-mail protocol SMTP. ZoneAlarm's creators Zone Labs warned that sufficiently exploited, "a skilled attacker could cause the firewall to stop processing traffic, execute arbitrary code, or elevate malicious code’s privileges".

However, the company only gives the hole a "Medium" warning explaining that for the hole to be exploited, the system would have to be acting as an SMTP server and that ZoneLabs "does not recommend using our client security products to protect servers". The hole itself was discovered by eEye Digital Security - the company which discovered the huge ASN hole in Windows. Zone Labs recommends that all ZoneAlarm users upgrade their software and has posted a webpage covering the hole with download links to its upgrades.

Source:
http://www.securitynewsportal.com/index.shtml

ZoneLabs Thiefs:
Unfortunately ZoneLabs is taking this 'golden opportunity' to extort subscription fees out of the end users. Yes... you need to have a "current annual update and support subscription" when you visit ZoneAlarm's download page for this updated version. When folks who bought the program but not the 'support subscription' go to download their security update they will instead be met with this : "If you wish to remain eligible for this product release you will need to purchase an Annual Update and Support Renewal. Your update to ZoneAlarm Pro will be presented to download after your Update and Support Subscription purchase To which we say... Thanks ZoneLabs... for nothing...

My advice , get Sygate (http://www.klitetools.com/Security.html) cause is the best

who the hell is gonna be running a smtp server and using zonealarm. not really an issue for home users.

So glad I pushed ZoneAlarm into a dark corner years ago and went with Sygate.

Have NEVER had a problem with Sygate.

yeh sygate rox

Yes Sygate :01:

Tsk tsk. SH give the info and no more :angry:

Thx btw :P

zonealarm sucks since the day they invented it :) and i always thought it isnt worth trust :)
i like norton's alot.. never tried sygate

This was fixed with the release of v4.5.538.001...which was released on the 19th, nearly 2 days before news of this broke...LMAO

I'm using ZA pro at the mo, If I changed to Sygate am I better off with the Pro version or is the free one just as good? I have already dl the pro version ready just wanted to know what people thought.

Originally posted by Java Boy@23 February 2004 - 20:01
This was fixed with the release of v4.5.538.001...which was released on the 19th, nearly 2 days before news of this broke...LMAO
just upgrade again, no big deal :P

http://download.zonelabs.com/bin/free/1026..._45_538_001.exe (http://download.zonelabs.com/bin/free/1026_trial/zapSetup_45_538_001.exe)

Originally posted by sharedholder@23 February 2004 - 19:40
Your update to ZoneAlarm Pro will be presented to download after your Update and Support Subscription purchase To which we say... Thanks ZoneLabs... for nothing...

My advice , get Sygate (http://www.klitetools.com/Security.html) cause is the best
If you have Zonelarm pro already installed download the free trial version of the new one from the site. It will upgrade without the need to purchase the annual subsciption.

Zonealarm in my opinion is the best. If anyone took the firewall test a few weeks ago, would have realised it has better security that sygate when you have Authenticate Components turned on.