digg

Facebook Connect Join Digg About

Zonealarm: A Perfect Spyware?

infoworld.com It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. InfoWorld Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite’s communications options.

Who dugg this? Made popular Jan 21, 2006

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

124 Comments

show profanity settings
expand all
  • ramsinks.com, on 10/12/2007, -0/+3If you REALLY think you need a software firewall, or for network testing (which happends often with odd issues)

    http://www.ramsinks.com/software.asp#security

    Outpost is OSS
    Tiny is small
    Sygate (this version) is good till Samantec craps it up.
    Prevx is ...well at least better than ZA.

  • skeeto, on 10/12/2007, -0/+2In a related thought, wonder how that firewall that Lavasoft just put out is doing.
  • xst4t1kx, on 10/12/2007, -2/+4ibbumpin: "Dude if your still using Zone Alarm...I'm sorry for you :("

    Thanks for providing no alternatives. Ever consider that people still use software like ZA because it's well known and useless trolls like you make it a point not to promote their apparent "better" alternatives. This goes for all comments in line with the one above. On behalf of ZA users, thanks for nothing.
  • saysaknow, on 10/12/2007, -0/+2I'm sure Steve Gibson would be interested in this. Ha ha.
  • Nougat, on 10/12/2007, -1/+3double-z: "I use Zonealarm basic. It works fine for me. You whiners, it's only using 2 megs of memory, I don't know how you can call that bloated.

    I also use a router."

    So if you're not passing any ports through your router to your computer, what's ZA firewalling against? Intrusion attempts originating from your printer? And if you are passing ports through the router for some reason, like running a web server, you'd have to have those ports open in ZA, too.

    Okay, so maybe ZA is blocking outbound as well, fine. Stop surfing porn sites, and you won't have that problem anymore.

    Twit.
  • inactive, on 10/12/2007, -1/+3my router is my firewall i dont need no ***** software firewall that sucks up resources and notifies me "firefox is trying to access the internet" every 5 seconds.
  • Carnaga, on 10/12/2007, -0/+2Article said "However, there’s no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens."

    It's true that ZA has a component that you can share settings with other users, but you can disable it if you want. Is that a spyware? I dont think so.

    Well, for my self I use ZA Pro with antivir (not the freeware version) - beside ZA I have NetLimiter (NL2 pro with firewall) program gathering and limiting network traffic.

    Ok. ZA has three components running. Zlclient.exe, vsmon.exe and isafe.exe . I've disabled all unneccassarry communications to outher world via client - except anti-virus and spy-ware definition downdloads.

    With Netlimiters (network trafic gathering component) shows that vsmon has sent data to world about 0.0195 MB and recieved 0.2898 MB. Other components hasn't been sending any data.

    I understand, because of definition file downloads, ZA has to send instructions what definition file it should download for Antivir and Spyware (same with symantec, panda, f-secure, AVG, Antivir, Avast! etc.) And usually the data transefers are encrypted.

    Today, when I started my comp. virus definition file checker boumped up and it send data 0.0001 MB and resieved 0.0017MB. With f-secure, the amount of data-trancefer is much larger. And yes, most of antivir & spyware programs has backup servers out there if the downloading of the definition file fails.

    Gather up some information about this. I've used only once the freeware version of ZA, and cause its a freeware prog, I wouldn't count that it "doesent send any data" to world. With ZA Pro, I never had any kind of problems.

    Accually, I could put ZA to vmware and analyze the traffic between my computer and the virtual machine to see what kind of data it trancefers. For now, this version I use, doesen't send any unneccassarry data to the world so I'm not conserned about this issue.
  • pab89, on 10/12/2007, -0/+1I've seen this happening when PeerGuardian is running and blocking HTTP, it blocks occasional traffic to Zone Labs.
  • Double-Z, on 10/12/2007, -0/+1I use Zonealarm basic. It works fine for me. You whiners, it's only using 2 megs of memory, I don't know how you can call that bloated.

    I also use a router.
  • siouxmoux, on 10/12/2007, -0/+1ZoneAlarm is also the perfect Bloatware version 5.
  • foxhoundadmin, on 10/12/2007, -1/+2"linux boxes make the best firewalls, servers, desktop os."

    yeah...desktop os. sure. fanboy.

    smoothwall is a great firewall. it's not the best hardware firewall, but it's the best in it's price range--free. using linux does make for a good server, but, then again, so does windows server. i'm not gonna get into the whole windows as a server thing. to each his own.

    by the way, certain unix boxes make better servers than any linux boxes.
  • aMillionAndNine, on 10/12/2007, -0/+1"someone say something i can argue with and flame back and forth with please, thanks"

    Software firewalls stink. Get a router/firewall if you want to do it right.

    That good enough?
  • dimplemonkey, on 10/12/2007, -0/+1If you google around long enough you can still locate Sygate Personal Firewall which is an awesome firewall (before Symantec bought them out).

    Kerio is also becoming.

    I used ZoneAlarm once and I immediately got rid of it. Bloatware.
  • Mipmap, on 10/12/2007, -0/+1ZoneAlarm kicked ass when it first came out. It was free. It was technically far superior to the few other personal firewalls at the time (think BlackIce).

    As each rev came out though, you could see the suits had taken it over.

    Now it is as bad as the RealPlayer crap-a-rama.

    Anywho - there are plenty of other options now...
  • mesostinky, on 10/12/2007, -0/+1ZA is garbage.

    My favorite is how when you used to turn it off, but really it wouldn't actually turn off. So things like networking etc got broken by it.

    ZA is crap and farther away everyone stays from it the better.
  • OBKenobi, on 10/12/2007, -0/+0Sygate, Outpost, Kerio and Tiny are the best. Zone Alarm and anything by Symantec I would never again put on one of my systems! Sadly, Symantec bought Sygate and discontinued this superior product in order to push their bug-ridden, bloated garbage on consumers! I will continue to use Sygate until it is no longer compatible (when Vista is released).
  • dmorack, on 10/12/2007, -0/+0tidejwe: Run your tests with only 1 firewall installed at a time. Would you test virus protection software with all of the software packages installed at the same time? I hope not!

    muddle: Doesn't it worry you when someone makes a blanket statement that a router is a firewall and then another person agrees and says "That's why I make the dough"? No wonder IT is outsourced so often in the US. (I hope he was joking)

    If I disable Firewall Protection (and all filters) and select "Router" instead of "Gateway" as the Operating Mode on my WRT54G, Then the WRT54G effectively becomes a router. If I enable Firewall Protection, then it becomes a router with SPI Firewall Protection. If I then switch the Operating Mode to Gateway, then I have a router with NAT and SPI Firewall Protection. Right?

    It's not correct to state that a router is a firewall. Yes, consumer routers typically come configured with NAT and various levels of firewall protection. And why is that? To avoid the support calls needed to assist people with configuring the router with the additional provided protection of NAT and the (sometimes) included firewall.

    Anyway... Back on topic....

    BlackICE: Used for many years. Was great in it's time, but seems to have waned. Application protection seems to have been bolted on.

    Sygate Personal Firewall: My favorite until Symantec ruined it.

    Norton Internet Security: Too bloated!

    ZoneAlarm: Version 6 seems to be buggy. Although, it appears to work as advertised. Hope the "phone home" aspect is fixed immediately (if true).

    I'm looking for something better. I've heard good things about Kerio. I like the "free" aspect of Safety.Net. Anyone have any experience with Safety.Net?
  • ahoier, on 10/12/2007, -0/+0This is NOTHING new..lol. But I digg'ed it anyways. The public needs to know.

    I've seen many reports of ZoneAlarm calling home from members of the phoenixlabs.org community.

    With Auto-Updates off, they were still seeing blocked connections to Zone Labs Inc.

    Yea, I'd be interesting in hearing what Gibson thinks of this, considering he helped boost Zone Alarm's popularity, hell, even I used it back in the days of my Packard Bell Pentium133MHz on dialup.


    -Proud supporter of the linksys NAT router and Windows XP Sp2 Firewall
  • inactive, on 10/12/2007, -0/+0
    "It's not correct to state that a router is a firewall. Yes, consumer routers typically come configured with NAT and various levels of firewall protection. And why is that? To avoid the support calls needed to assist people with configuring the router with the additional provided protection of NAT and the (sometimes) included firewall."

    Comments like these are why North American development jobs are off shored to India and China. First he states that it's incorrect to state that a router is a firewall and then he states that some consumer routers typically come configured with NAT and various levels of firewall protection. I'm not sure where he buys his "consumer" routers, but my guess is that they either have a Fisher Price logo on them or they were manufactured by Osbourne and are the size of a suitcase. Every consumer router sold today has NAT, SPI, Application triggered and Persistent port forwarding, MAC and Client filtering.
  • tidejwe, on 10/12/2007, -0/+0This is BS, I had 4 different firewalls running all at the same time (to test them). . . Zone Alarm ALWAYS asked me before trying to go outbound. None of the other top of the line firewalls ever caught Zone Alarm attempting to make an outside connection, and I made EVERYTHING get approval for MONTHS. Finally I decided Zone alarm was the BEST and uninstalled the others. It never made an attempt without asking permission, and even if it did (yearh right), it was probably checking updates or something anyway. Who cares. They're the best, I call BS on this.
  • inactive, on 10/12/2007, -0/+0"Those of you suggesting that a router is sufficient protection need to realize that malicious traffic arriving at your computers Ethernet port traveled through up to fifteen different routers to get there. A router is not a firewall."

    Actually, a router is a firewall and one that cannot be compromised and made into a bitch.
  • inactive, on 10/12/2007, -0/+0
    Muddle, if nothing else, we'll always have our time on Brokeback Mountain.
  • inactive, on 10/12/2007, -0/+0
    If you're calling BS on this then what is ZoneAlarm calling it when they issue the following statement:

    "A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings"

    Once again, RTFA.
  • Muddle, on 10/12/2007, -0/+0That must explain why all those Win9X NAT boxes aren't owned. Quit trying to equate a router designed to forward all packets to a firewall designed to suppress them when appropriate.
  • FelixdaaHack, on 10/12/2007, -0/+0Geeez...is everybody running NetworkActiv now-a-days to check for spookycomms
  • Muddle, on 10/12/2007, -0/+0God I give up!rnrnRouters and firewalls are the exact same thing and I suggest you don't spend a dime purchasing either one of them. That's why I'd suggest you spend no money at all downloading freesco then dumpster dive for any old computer to run it on. You'll never need to subscribe to ZA, Symantec, McAfee, or any other half-assed security company again.rnIf your running a Unix box I'd suggest WebMinrnOtherwise I'm done with this thread.
  • Carnaga, on 10/12/2007, -0/+0you should get familiar with ZA "expert" rules (found only in pro version). After that you can say what ever you want. I can say that ZA free version is for n00Bs.
  • antdude, on 10/12/2007, -0/+0See http://www.broadbandreports.com/forum/remark,11818674~mode=flat for details. Old news from what I read.
  • dmorack, on 10/12/2007, -0/+0I guess what I was trying to say was that most consumer routers can act as a firewall. In a discussion such as this, it is important to distinguish this fact since some people use consumer routers as routers and use some other hardware or software as a firewall.

    In other words, error401's explaination provided clarity that was not expressed clearly previously. Saying "a router is a firewall" to a network engineer will probably result in an "Ummm... no" response and will not be correct if taking a network certification exam. Windows XP can act as a router and as a firewall. Would you consider Windows XP a router or firewall or would you say Windows XP is an operating system with routing and firewall capabilities?

    Anyway, I apologize for being a "prick". The context for this discussion is clear to me now.
  • paulm, on 10/12/2007, -0/+0DO NOT install Kerio, it totally messd up my system. Uninstall was worthless. I'm sticking with ZA.
  • error401, on 10/12/2007, -0/+0"Comments like these are why North American development jobs are off shored to India and China. First he states that it's incorrect to state that a router is a firewall and then he states that some consumer routers typically come configured with NAT and various levels of firewall protection. I'm not sure where he buys his "consumer" routers, but my guess is that they either have a Fisher Price logo on them or they were manufactured by Osbourne and are the size of a suitcase. Every consumer router sold today has NAT, SPI, Application triggered and Persistent port forwarding, MAC and Client filtering."

    Not to mention that the core reason for buying a consumer router is the NAT capability. If it weren't for the 'internet sharing' capability, consumer routers would've never become popular.

    Muddle: Your original post contains at least one factual error (if 15 is a standard TTL on the internet, I missed the memo). Aside from that, it's rather misleading to equate a $25 consumer device engineered with the express purpose of NAT with a many-$1000 designed to route traffic (approximately balanced) between > 2 interfaces. In this context, a 'router' *is* a firewall by definition; NAT can be assumed. What's a better question is whether the definition of 'router' applies, but that's a beef I should take up with the companies that make the gear. Nobody cares that the word 'router' in a general context does not imply that the device also has firewall capabilities, and trying to impose the general definition on a discussion where the context is rather clear just makes you look like a prick.
  • ShaunJordan, on 10/12/2007, -0/+0"Gotta love all these people who are like, "I use ZA and it works fine."

    No one is saying it DOESN'T work. What they're saying is that it's doing sneaky malicious ***** behind the scenes that you don't know about. It's bad enough to be naive and clueless, but to still be in-denial after being presented with info like this just makes you a pathetic moron.

    "I use ZA and I like it" and "I use ZA and it works fine" aren't counter-arguments any more than "I like cheese".

    It's like saying, "I don't have HIV, I feel fine." or "Yeah so what if I have HIV? I don't feel sick. No big deal." Or maybe "So what if Nike uses child slave labor in sweatshops, I like their sneakers."

    Truly pathetic"

    What do you reccomend then Captain Idiot?
  • ahmerhussain, on 10/12/2007, -0/+0Isn't ZA free?
  • estacado, on 10/12/2007, -0/+0Which country is ZoneAlarm is based that it wants to spy on U.S citizens?
  • rishimaharaj, on 10/12/2007, -0/+0"I use Zonealarm free firewall. I've never had any problems like this."

    So you've been monitoring ZoneAlarm's network usage and have determined that it never sent data to ZoneLabs without your knowledge or consent?
  • inactive, on 10/12/2007, -0/+0>>"My pet monkey s-hits all over the carpet and also doesn't admit it."

    >"You just did. I've never had problems of any kind with ZA. I don't find it bloated. If I did, I sure as hell wouldn't be using it."

    No I didn't, I just accused him. As for ZA being bloated, remove it from your startup sequence and you'll notice how it's like to have a computer that boots in a reasonable amount of time again.
  • Muddle, on 10/12/2007, -0/+0Those of you suggesting that a router is sufficient protection need to realize that malicious traffic arriving at your computers Ethernet port traveled through up to fifteen different routers to get there. A router is not a firewall.
  • davefaris, on 10/12/2007, -0/+0well, why would they bother to encrypt such a mundane task as version checking?

    Does anyone know what the modifications for the change to the hosts. file as spelled out in the article?
  • IronChef, on 10/12/2007, -0/+0Kerio hosed my system and I currently use ZA Pro. Now that Sunbelt has bought Kerio and starts reworking the code instead of rebadging the current Kerio FW I will switch back to Kerio. Sunbelt is truly a awesome company dedicated to the best IMHO.
  • Jaymoon, on 10/12/2007, -0/+0What if the only traffic going back to ZoneLabs is ZA checking for updates?

    ....cause it does do that every couple of days...
  • arlene1985, on 12/01/2007, -0/+0I don't like ZoneAlarm. First, it messes up with registry. Uninstalling ZA is pain in the ass. Then, it is slow and not quite reliable. Go for Xoftspy http://xoftspyantispyware.blogspot.com from Pareto Logic Inc or Spysweeper http://spysweeper-download.blogspot.com by webroot inc if you're after commercial solutions. Or choose SpyBot which is free solution to anti-spyware protection for personal use.
  • ShaunJordan, on 10/12/2007, -0/+0I use Zonealarm Pro and it works fine, besides....what kind of information would they be taking? What porn sites i go to?
  • dbr_onix, on 10/12/2007, -0/+0Quite a lot it seems..
    "my router is my firewall i dont need no ***** software firewall that sucks up resources and notifies me "firefox is trying to access the internet" every 5 seconds."
    Erm, a "eviltrojan.exe is trying to access the internet" message is pretty usefull, also the router wont protect you from anything on other PC's on your LAN (more a problem on open wireless AP's though)
    Your router isn't a firewall, it's a NAT, and it will only work from the internet to your PC, no other way..

    Anyway, untill someone works out what the data is for, as in if it's sending all your credit card info to them (No I'm not being serious), then I might care.. Loads of programs does this, though the firewall doing this silently is slightly wrong, wasn't there an identical thing happening with an OS X default dashboard widget communicating with Apple? (Not 100% sure though..)

    As for good free firewalls, Sygate Personal Firewall is good if you can still find it.. I've used it for a couple of years, the only problem I've had is it seems to hate Windows 2K, so I ended up using Zonealarm for a few weeks, till I put linux on it for various reasons (It was my non-media PC, and it's good to have around, even though I dislike KDE/Gnome, using PuTTY/SSH sorts that)
    - Ben
  • Diggg, on 10/12/2007, -0/+0There have been rumours of ZA becoming even better spyware since it was sold...the new owners have very interesting backgrounds!

    We've tried to rid of it completely but even now we are not sure that it is totally gone.

    (Too lazy to FDISK.)

    Go for a hardware firewall or maybe something like Agnitum Outpost, etc.

    BTW, it's not the NSA you have to worry about.....
  • Giraff, on 10/12/2007, -0/+0ZA made my computer BSOD quite a lot a few years back. After switching to Kerio the problem disappeared. I tried a later ZA version too but it also gave me BSOD. I swear by Sygate these days.
  • treelovinhippie, on 10/12/2007, -0/+0lol, I wonder if they picked up the fact that my copy is pirated

    :D
  • shmooz, on 10/12/2007, -0/+0A router firewall doesn't catch programs on your desktop sending connections out or even received. I have a hardened openbsd 3.8 box with clamAV, f-prot, dansguardian running, but I still find use for a desktop firewall. I have zonealarm security suite which has caught close to a 100 other things trying to phone home. I would drop it, if the information on my desktop was crucial and I was paranoid that they would stick their nose in it. But as it is, I'd rather keep it to bust any bad torrent downloads from taking over my desktop system. And the people that call it bloat must be judging it from its GUI or colors. If you look at how much ram/cpu it uses, its minimal for what it does, it caught more viruses than AVG, and more spyware than S&D SpyBot.rn Hopefully thanks to posts like these they will yank whatever hidden backdoor out, before they get into deeper trouble like sony.
  • eclectro, on 10/12/2007, -0/+0Netgear makes hardware firewalls if you don't want to hassle with a large linux box. Hardware firewalls are the way to go IMHO.

    All the good software gets bought by mega-companies and turned into bloated cows. Same thing happened to nuts and bolts tfor those that remember those great utilities. Mcafee bought them and crapped them up. Happens all the time.

  • Drood, on 10/12/2007, -0/+0Nougat said "double-z: "I use Zonealarm basic. It works fine for me. You whiners, it's only using 2 megs of memory, I don't know how you can call that bloated.

    I also use a router."

    So if you're not passing any ports through your router to your computer, what's ZA firewalling against? Intrusion attempts originating from your printer? And if you are passing ports through the router for some reason, like running a web server, you'd have to have those ports open in ZA, too.

    Okay, so maybe ZA is blocking outbound as well, fine. Stop surfing porn sites, and you won't have that problem anymore.

    Twit."

    I have Kerio running, despite being behind a router. Why? Because I like control over what software connects to the internet. When I first installed a firewall I was amazed at the amount of programs that try and connect to some random IP address. These are programs that have no call to connect to the net. (Photoshop for example.)

  • Fetching more discussions...
    Show 51 - 100 of 128 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.