Re: FIX for ZoneAlarm & KB951748 issue released
On Wed, 23 Jul 2008 11:40:05 +1200, "Harry Johnston [MVP]"
<harry@scms.waikato.ac.nz> wrote:
>Root Kit wrote:
>
>> <quote>
>> "We filter network traffic at the kernel, where malware can't avoid
>> us," said James Grant, a ZoneAlarm team lead. "If you filter traffic
>> in user mode, malware can see what we're doing."
>> <end-quote>
>>
>> Yearh, right. As if malware wouldn't compromise the kernel as well....
>
>Well ... if the user isn't an administrator, it won't.
That's correct. Unless the firewall is so badly designed it allows the
malware to exploit it to gain SYSTEM credentials, that is.
But unfortunately running as administrator is what the vast majority
of windows users do.