In-Reply-To: <20030623061246.7134.qmail@www.securityfocus.com> The posting describes test results using older versions of Zone Labs? ZoneAlarm and also erroneously attributes the problem to a flawed core design. Zone Labs? Advanced Program Control feature protects PCs from the ShellExecute theoretical exploit. This feature is available in all Zone Labs? advanced consumer security products, as well as Zone Labs? enterprise security product, Integrity. Advanced Program Control protects against this theoretical exploit and others which attempt to bypass the firewall?s trusted application permissions. Zone Labs recommends that users run Program Control at the default ?medium? setting for about a week so that the software will ?learn? each program that is used for Internet access. After a week, configure Program Control at the high setting. At that point, users will only be prompted with an Alert if there is a problem. As a result, users get full protection against the ShellExecute theoretical exploit. Zone Labs is always working on improving these and other features to make them easy-to-use and intuitive for all users, no matter their skill level. Zone Labs first introduced the Advanced Program Control feature in November, 2002 with the release of ZoneAlarm Pro 3.5. Zone Labs added this feature to Integrity at the same time and then added it to ZoneAlarm Plus in February, 2003. Zone Labs recommends that all users keep their security products up-to-date at all times. We have continually hardened security in our free ZoneAlarm, as we do with all our releases, but we do not include all advanced features in this basic product. More information can be found through our technical support FAQs. Te Smith Sr. Director, Corporate Communications Zone Labs tsmith@zonelabs.com
