Check Point response to: KHOBE – 8.0 earthquake for Windows desktop security software

Symptoms

www.matousec.com has published a new technique for evading OS firewall protections.
The attack is described in http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php and in http://www.securityfocus.com/bid/39924/

Cause

A race condition attack that evades access control checks by substituting system call arguments.

Solution

  • ZoneAlarm Extreme Security 9.1.507.000 was reported to be vulnerable. However, ZoneAlarm has a protection against this type of attack.
  • To enable this protection ("Off" by Default), proceed as follows:
  • Launch the ZoneAlarm extreme Security GUI.
  • Select the "Program Control" menu item.
  • Under "Program Control", click "Custom". The "Custom Program Control Settings" popup appears.
  • Access the "Program Control" tab, and select "Advanced Control".
  • Select "Enable Timing Attack Prevention".
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.

Contact Us

Trusted by more than 90,000,000 users worldwide