ZoneAlarm phones home

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a "bug" in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.

formatting link

Reply to
salwithed
Loading thread data ...

I can confirm this. We just measured: it's true; Zone Alarm Pro is "phoning home", even if automatic updates is disabled.

So Zone Alarm cannot prevent phoning home other programs, far from it, Zone Alarm itself "phones home".

Yours, VB.

Reply to
Volker Birk

Just ZoneAlarm Pro version 6.0 or does this apply to version 5.5 as well?

Reply to
Anonymous

We tested Zone Alarm Pro 6.1.737.000.

Yours, VB.

Reply to
Volker Birk

snipped-for-privacy@yahoo.com wrote

Time to remind users that ZA is owned by an Israeli company.

Reply to
Far Canal

it's a very old story. They never give up; every major version has had this problem and it's always "it is a bug in our software". Another good one is that they have to verify if a program that wants internetaccess is an intruder or a valid program. The user is to stupid and didn't know anything about security and the average user allows every program to access the internet. That's a great risk, so ZA(P) phones home to the ZA database and ask if this a valid program or not. So they like to check every program if it is a valid program or something that needs to be blocked. The ZA people think that this is the best way to block new trojans,virusses, etc. as soon as possible and most important, they find a way to bypass the user and make the internet safer. I'm very sure that this is still the case, but I changed ZAF a long time ago for another firewall. The only thing I know is that people still have problems with the phoning home behaviour of ZA(P) after I left ZAF 2.6x. Ehhhhhh and that was 4 years ago :-).

Reply to
toodeloo

Exactly what I was getting ready to say. This has been a bug/feature since ZA v1.0. They just do the "it must be a bug" song and dance until people forget about it....till the next go-around.

It must be a good strategy...it's gotten them through six versions of their software. Suck...er, people...keep giving them money.

Reply to
gray.wizard

Next you'll be telling us these guys hacked your computer.

formatting link

Reply to
James E. Morrow

Hardly, but it does seems to be an exercise in futility to run anti-spyware utilities when one's firewall is doing exactly that. Last year I discovered and analyzed the calling-home anomaly of Zone Alarm Pro v6.0.

Initially was shocked (I was an original beta tester for ZAPro v1.0), but not so much after learning the original crew was bought out a few years ago by an Israeli corp.

I did manage to contain it somewhat by locking down ZLclient.exe-- FWTW. I chose instead to uninstall it.

Zone Labs did not deny my conclusions of being spyware when asking for a refund.

Most interesting, is when I tried to reinstall my earlier version of ZAP, it would not install. Only after deleting a few system32 files and registry keys that remained after uninstalling v6.0, did I succeed.

I now run Sygate Pro v5.5-- having purchased a 2 year license. It's great-- and more configurable than ZAP! It kinda reminds me of the old ATGuard firewall in some ways... in any case, I don't know if the license is still available given that Symantec bought it to kill it-- then did just that last Nov.

If anyone is interested, they can try:

formatting link
The only good firewall left, IMO, is Outpost Pro. Methinks were slowly losing the privacy battle against the marketer's info-miners...

~S

Reply to
Sid

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.