Firewall makers scramble as security gadfly exposes flaw

PC World |  Security

Other firewall vendors are reexamining how their programs verify a program's identity. McAfee.com is already working on an MD5 checksum function for future versions of its firewall, Curry says. The company is also developing a patch to address Gibson's findings.

"Steve [Gibson]'s concerns are valid, and we are going to address them," Curry says. He advises users to check the McAfee.com for a patch this week.

Sygate Personal Firewall 4.0 will be a totally new version of the software and will incorporate the MD5 checksum, says John De Santis, Sygate chief executive officer. The company expects to post a patch for its 2.1 product that eliminates blanket permission for certain ports (but will not yet include the MD5 checksum) on its site this week.

A new firewall from Tiny Software was still in beta version during Gibson's tests, but it implements an MD5 checksum engine. It originally included a list of preapproved apps, but Tiny is reconsidering that approach in light of Gibson's criticism, says Brandon Talaich, Tiny's vice president of marketing. The version of the firewall's Trusted Application Mechanism will identify programs by their MD5 signatures.

Symantec is currently considering several methods, including an MD5 checksum, to more thoroughly verify a program's identity.

"We are going to address all the issues that were brought up by the LeakTest," Powledge says. Symantec has not decided whether to offer an interim fix or wait for a comprehensive update. But Powledge advises concerned customers to disable the program's automatic firewall rule generation. (A document on Symantec's site explains how.)

Likewise, McAfee's Curry says uses of the McAfee.com Personal Firewall should watch the site for an update. "As an ASP, we can roll out upgrades like this to our entire user base very quickly," Curry notes.

And Zone Labs is neither bragging nor relaxing. No security product is 100 percent safe, says Gregor Freund, president.

"You have to create a balance," Freund says. "Steve [Gibson] points out where that balance should be." Can the program be fooled? Users certainly can, he adds. The firewall will allow a program if the user authorizes that program, but it trusts the customer's judgement.

"People have to understand that downloading a piece of software -- if they have no idea what it is or what it does -- is taking a risk," Freund adds.

For his part, Gibson expects to keep watching. He's already working on LeakTest 2.0, expecting everyone to quickly fix the flaws LeakTest 1.0 uncovers.

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

SecurityWhite Papers & Webcasts

See more White Papers | Webcasts

Answers - Powered by ITworld

Join us:
Facebook

Twitter

Pinterest

Tumblr

LinkedIn

Google+

Ask a Question