From: "Rich Gauszka" 

Yes and no. While there are a few more features in the 'pro' version the
problem in this case was that the 'pro' version had some additional
predefined rules that covered Java.  I was able to add them to the 'free'
version .


"Ellen K."  wrote
in message news:rage41p4l6vbt7krcpdqf5p43mba3u63jv{at}4ax.com...
> Looks like another case of "You get what you pay for." ?
>
> On Wed, 9 Mar 2005 11:27:38 -0500, "Rich Gauszka"

> wrote in message :
>
>>I have Java on all three PCs I tested yet only the laptop was exposed. I
>>switched the laptop from ZoneAlarmFree to ZoneAlarmPro and tested again
>>with
>>no exposure.
>>
>>
>>"Paul Ranson"  wrote in message
>>news:422f20a5$1{at}w3.nls.net...
>>> It uses a Java applet to determine your local IP address. No Java, no
>>> address.
>>>
>>> The applet posts the local address back to the server, so now they know
>>> too.
>>>
>>> I don't see how exposing a local, but unreachable, IP address is a
>>> vulnerability. I also don't see any need for Java. Problem solved.
>>>
>>> Paul
>>>
>>> "Robert Comer"
 wrote in message
>>> news:422f0de9{at}w3.nls.net...
>>>> It doesn't show my internal IP address, it just shows my router's
>>>> external IP address.
>>>>
>>>> - Bob Comer
>>>>
>>>> "Gregg N"  wrote in message
>>>> news:Xns9614AF6BC6B6gregginvalidinvalid{at}216.144.1.254...
>>>>> Could someone behind a NAT firewall visit this site
and see if it
>>>>> reveals
>>>>> your private (192.168.x.x) IP address? It shows mine
(both IE and FF),
>>>>> but
>>>>> I haven't investigated to see if it is actually
revealing a security
>>>>> vulnerability. I suspect the address is being
generated and displayed
>>>>> locally by whatever script is running on the page.
>>>>>
>>>>> http://www.auditmypc.com/whats-my-ip.asp
>>>>>
>>>>> Gregg
>>>>
>>>>
>>>
>>>
>>
>

--- BBBS/NT v4.01 Flag-5