Malicious code masquerading as a trusted application could trick a ZoneAlarm firewall into letting it connect to the Internet, security experts have warned.
The issue affects the popular free ZoneAlarm firewall and default installation of version 5.5 and earlier of the paid product. Default installations of the Check Point Integrity Client are also affected, but the paid ZoneAlarm 6.0 products, released in July, are not affected.
Zone Labs has no current plans to update its free firewall product to protect against this issue. Its paid products offer protection against the problem because of additional technology, called an operating system firewall, that is not part of the free network firewall.
Users of the paid ZoneAlarm 5.5 products can protect themselves by enabling the "Advanced Program Control" feature, Zone Labs said.