Hello list,



Zone Alarm stores its config. files in %windir%\Internet Logs\* . But strangely, 



ZoneAlarm sets the folder/file permission (NTFS) of %windir%\Internet Logs\* to,



EVERYONE: Full 



after its first started.



Even If you try to change the permission to...



Administrator (s): full

system: full

users: read and execute

[these are the default permissions] 



Strangely, the permission again changes back to... EVERYONE: Full each time 



ZoneAlarm Pro (ZAP) is started. I've tested these in zap 4.x and 5.x



	This could prove harmful if we have a malicious program/user running with 



even with a user privilege on the system.



Well a malicious program could modify those config file in a way ZAP will stop 



functioning. This is what ZoneLabs had to say...



---snip-------

>anyone could open any ZoneAlarm file 

> (assuming it isn't locked), edit it with a hexeditor and 

> cause it to stop functioning. This type of modification 

> wouldn't be classified as an attack, as you have simply 

> modified the file and caused it to not function as expected. 

> This is true of any executable or other binary.

> 

---/snip-------

yap, true... but shouldn’t ZAP have some protection against such attacks? instead 



of leaving the permission to " EVERYONE: Full " I wonder if a program could bypass 



ZAP filters using "safePrograms*.xml" [...experimenting]



anyone wanna take this thing to a new level, please go on...



Regards,



Bipin Gautam

http://www.geocities.com/visitbipin/