Zone Alarm Firewall – A True Alarm to Attackers
By admin on Oct 14, 2012 in Security, Software
Are you safe? Are you sure that you are not being monitored? Once you step on to the world of internet you are getting exposed to millions of attackers who are constantly trying to demolish your privacy and steal your data. Though 100% security is out of the cards, it is our duty to protect ourselves to the maximum extent. The best way to get ourselves protected from network attacks and intrusions is to hide our machines behind a firewall, but which firewall offers the maximum protection?
An experiment that reveals the best firewall
I would like to share with you the details of an experiment that I performed, to identify the effectiveness of different antivirus and firewall software. For this experiment, I chose free versions of 10 popular firewalls and antivirus software that are available in the market.
I needed someone to attack me in order to find out which software works best in preventing a potential attack. So I decided to be the attacker myself and I chose the keylogger attack. And who will be the victims? Some of my friends agreed to be the victims and they will be referred to as ‘test users’ or ‘victims’ from now on. Before proceeding with the experiment, let me give you a short introduction to a keylogger and the attack that was performed.
The keylogger attack
Keylogger is an application, which when installed on a computer, will start monitoring the keystrokes. So whatever you type on your keyboard, will be tracked and stored inside a file. Now let me explain how I used a keylogger to perform an attack. I configured the keylogger to use an SMTP server and send periodic mails to my email id, using the victim’s internet connection. Once this keylogger is installed on the victim’s computer, it will keep running in the background, monitoring the victim’s keystrokes and will send those monitored data to my email, periodically. Though it sounds easy, the biggest challenge is to get the keylogger installed on the victim’s machine, without the victim’s knowledge.
So how do I get it installed? Manual installation is definitely out of the cards, and the only option is to make the victim initiate the installation, without getting a slightest doubt that he is being attacked. It was a festival season in my country and I decided to encapsulate the keylogger within an electronic greeting card. It took me a while to get the keylogger encapsulated within the greeting card, but I got it working. Now when the victim clicks on the greeting card, an animation will start greeting him, and the keylogger will get installed in the background, without his slightest knowledge.
Reaction of antivirus and firewalls to our attack
The greeting card was then sent across to different test users through email. Once the users clicked on the greeting card, the antivirus software installed in their machines, identified the keylogger and popped out a Trojan alert. This showed that our attack was not successful and the antivirus software was efficient enough to identify a potential threat.
So I decided to kill the antivirus process that is running in the user’s machine, prior to the installation of keylogger. I created a batch file that had scripts to kill popular antivirus software that were chosen for this experiment. I encapsulated this batch file along with the greeting card, and made sure that the batch file executes prior to the installation of the keylogger. I sent this updated greeting card to all the users. Now, when the users clicked this updated greeting card, the antivirus that was protecting their machines, got killed and the keylogger got installed without any hassles. Thereafter, I started receiving the keystrokes from almost 70% of the victims, through email.
The power of Zone Alarm
What about the remaining 30%? Apart from the antivirus, was there any additional security in those machines? Yes, those machines were protected by a firewall. Though my keylogger got installed successfully, when it tried to access the victim’s internet connection to send across the keystrokes through email, the firewall alerted the user that an application is trying to access his internet connection. Again, our attack was not successful among the firewall users.
So I just modified the batch file to include scripts that would kill the top firewall software that are available in the market. When the updated batch file is executed, I found out that all the firewall processes got killed except Zone Alarm. I researched a lot for almost 10 days and came up with different scripts and ideas to kill Zone Alarm, but nothing worked out. The only way Zone Alarm can only be killed manually by the user himself.
So from my experiment, I found out that Zone alarm provides a better protection when compared to other popular software, when it comes to network attacks.
Sanjay is a computer expert specializing in software reviews and Windows tips and tricks, he is also a contributor to web site http://www.dailydeals4you.com, which provides antivirus software coupons such like Bitdefender promo, Zone alarm coupon etc.
Hello there, my bro installed a keylogger, the name is PC Agent in the pc, and even if I tried to uninstall his version, it won’t work. (I installed my own PC Agent to see how it works, and I was able to uninstall mine) so since I have to still backup my files and I have to learn how to reformat the pc, what precise settings in Zone Alarm should I set so that the data doesn’t get transferred to his email? I just use the default settings, and I don’t know if it’s safe enough since the keylogger is already installed. Thanks!
CJ | Nov 10, 2014 | Reply