posted January 21, 2006 06:40 PM            

It cannot be trusted. ZoneAlarm itself does what it’s supposed
to prevent.

“ZoneAlarm phones home”
InfoWorld – January 13, 2006
www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html

quote:

---

... ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite’s communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software – even though instructions to contact the servers were set out in the program’s XML code. [The company] says a fix for the flaw will be coming soon and worried users can get around the [“]bug[”] by modifying their Host file settings.

---

ZoneLabs is owned by Check Point Software. Their cover-up is
worse than their original trick. I think the word cover-up applies.
First for two months they deny there’s any problem, as if they
were incompetent. Then they admit there’s a problem but claim
it’s an innocent “bug.” Encrypted?

Internet technology is not my field and I’m out of my depth here.
I’d be interested in what more knowledgeable people think about
this.

posted January 21, 2006 06:56 PM            

I assume they are referring to the "hosts" file on your desktop.

For Windows XP your default host file is here:
C:\WINDOWS\system32\drivers\etc

Excellent host file site: http://www.mvps.org/winhelp2002/hosts.htm

posted January 23, 2006 02:05 PM            

quote:

---

Originally posted by Ivan Iraola:
I've read the article but still don't quite understand the "calling home"
issue, I use ZA and as far as I know, it checks for updates and
spyware/virus definitions (Internet Security Suite version)
what's exactly sending? that's the part I'm missing.

---

I think that's part of what's freaking people out. The data that they're sending is encrypted, so unless someone has cracked it, no one seems to know exactly what it is.

ZA claims its "anonymous configuration data", but if that's the case there'd really be no need to encrypt it. And on their website's privacy statement, they say that they only send "personally identifiable customer data" in encrypted form. So it'd be reasonable to suspect that they're sending back more than what operating system you're running and such.

The other special part is that you apparently can't disable it, even if you configure the preferences so that it doesn't (shouldn't) send that data.

Regardless of whether or not they're actually doing anything "spyware-ish", it certainly has the appearance of it and for a company that specializes in security, that's not exactly great public relations.

posted January 23, 2006 04:16 PM            

quote:

---

... to block ZoneAlarm Firewall from phoning home,
add the following line to your Windows hosts file:

# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com

... blocking access to ZoneLab Servers would also block access to Smart Defence Advisor, AntiSpyware and Antivirus updates.

---

posted January 24, 2006 02:43 PM            

- Unfortunately, ZA has chosen to make no official reply to any of this,
which is a course of (in)action that is hard to comprehend.

- Being myself a non-too-trusting person where spyware is concerned,
I think Mark H has the right idea, here, especially since ZA has not
provided any reasonable explanation or other response.

posted January 24, 2006 10:39 PM            

127.0.0.1 localhost
127.0.0.1 zonelabs.com
127.0.0.1 ads.web.aol.com
127.0.0.1 ar.atwola.com # alias of ads.web.aol.com
127.0.0.1 205.188.165.57
127.0.0.1 205.188.165.121
127.0.0.1 205.188.165.185
127.0.0.1 205.188.165.249
127.0.0.1 64.12.174.57
127.0.0.1 64.12.174.121
127.0.0.1 64.12.174.185
127.0.0.1 64.12.174.249
127.0.0.1 152.163.208.57
127.0.0.1 152.163.208.121
127.0.0.1 152.163.208.185
127.0.0.1 152.163.208.249
127.0.0.1 cds25.ord.llnw.net
127.0.0.1 68.142.72.45
127.0.0.1 eqva20mdvip3.doubleclick.net
127.0.0.1 209.62.180.181
127.0.0.1 doubleclick.net
127.0.0.1 216.73.92.112
127.0.0.1 24.28.193.1 # others
127.0.0.1 209.62.182.80 # others
127.0.0.1 152.163.208.185 # others

posted January 25, 2006 10:16 AM            

"The actual communication in dispute is a simple encrypted GET
request that is checking to see if the user’s security software is
current. We will continue to work with Mr. Borck and anyone else
who might have any concerns about this issue."

Hmmm...given the circumstances around this entire affair -
1) "It doesn't exist"
2) "It's a bug"
3) "It's a feature (which you cannot disable easily - and we
recommend you do not do so)"
I have to say only that I have uninstalled the software - and
yes, I told them exactly why in their online "exit survey".

posted January 25, 2006 01:16 PM            

In the previous version I was able to shut down zone alarm, send an email out and start it back up and all with out the users kn owledge.

Don't ask for the code though, belongs to WD

Never trust software to do what hardware SHOULD be doing.

Symantec AV corporate edition - so far the best I've used.

Scott

posted January 25, 2006 05:49 PM            

I used to use Tiny Personal Firewall, but they changed their
product to the point where it was hardly usable.

Now I'm using Zone Alarm, and I don't like this behaviour.

Suggestions for another?

posted January 25, 2006 08:41 PM            

- As a sidenote, I posted a topic today on the ZoneLabs forums asking for
a definition of exactly what data items they were capturing that
required encryption (the program version and the signature file versions
are public and do not require encryption, in my mind, so I asked).
- They told me that I was off topic, and that I would not be answered
since this topic was not included in the original InfoWorld story.
- Then they locked the post so that no further responses would be accepted.
- Two hours later, they deleted the entire topic from the Forum - my entries along
with those of other people who were involved in this.

- I could have understood it if they said it was proprietary ( I would
not have liked the answer, but I would have understood it!). They chose
instead to get all medieval on my butt instead! I felt like asking
"What's the big secret?" I guess the fact that this program
phones home when it feels like (beyond user control) and sends an
unknown set of encrypted data to a third party should not raise any
concerns, since ZA "protects you from spyware"!

- They are certainly not handling this whole matter in a way that
would allay suspicions about what they *might* have to hide!
On the contrary, even mentioning the topic is taboo enough that
they make it an "untopic" ASAP.
- It bears mentioning that Zonelabs claims this forum is run by an
independent third party and is not monitored by ZoneLabs in any way...
the nature of this response seems not in keeping with that assertion!

------------------