http://www.infoworld.com/article/06/01/13/...cringley_1.html

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite’s communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software -- even though instructions to contact the servers were set out in the program’s XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there’s no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.


They can deny this as much as they want, this has been going on sinse before protowall was invented. This is the firewall I used during beta testing of the first protowall build. Once I seen this, that was the end of zonelabs for me.

Ok, so it took them over 2 years to see this? How good of a firewall company can this be?

reported encrypted packets to 4 servers folks, thats not done by some bug!!!!

I bet all you ZoneAlarm users are real happy it kept your private data like credit card numbers secure in its vault now.



yeah,,, right.. you may have caught us sending data to our servers, but you will never be able to prove we let the NSA spy with it,, because we are not gonna admit it.

I don't trust them at all folks, please do not use there products, even if it is free.

firstaid

Does anyone have the ip's of the servers it calls home to? It would be interesting to see if we could find out more about them.....

Another write up about Zone Alarm concerns here:

http://www.theinquirer.net/?article=29157

I remeber not too long ago even Spyware info decided to stop recommending ZA because you couldnt prevent it from calling home to big brother in the free versions. It's a good way to drive more people to Outpost though ..

Can any one confirm that zonealarm accesssing index.dat file.

Those who are using Zone Alarm and are concerned about it calling home should add the following entries to their hosts file:



This covers all of the servers I've been able to detect so far. Too bad the packets are encrypted - it would be interesting to see what information is actually being sent out. I wonder if there's any l337 haxors out there capable of breaking this encryption. :-P

EDIT: And yes, it definately appears as though Zone Alarm is accessing the index.dat files at random occurrences, according to Filemon from Sysinternals:



For the record, vsmon.exe is the process associated with Zone Alarm.

Maybe is better:

Here's another to that list for any one using zone alarm still ~ It stops the registration process in its tracks
or checking every 5 minutes for registration checking which I see no point in that what so ever.
If you want to update zone alarm still ~ take zonelabs.com out of the hosts file (assuming you have it there)
download latest version from their site ~ then re-add zonelabs.com back to hosts file ~ install updated version.
You dont need to register this software at all,and you dont need this firewall checking non-stop for updates.
This whole option works well if you prefer to do it manually and not from the firewall it's self.

To block registering process,add the below to your hosts file.

register.zonelabs.com

If any one else has found out any other IP's or URL's that users of zone alarm should be blocking
then please post them here for all of us or who ever is using zone alarm still. Thanks.

If any one else has found out any other IP's or URL's that users of zone alarm should be blocking
then please post them here for all of us or who ever is using zone alarm still. Thanks.
[/quote]

try 208.185.174.65

My protowall catches it every time

I´m using Computer Associates (CA) Etrust Internet Security Suite for some Years now. Its included their Virus Scanner V7 which I think really gave me good protection and a version of licenced ZoneAlarm, simple or pro i dont know. That seemed me to be a little funny and not a real worthy protection. On other hand it caused no problems. And showed really all connections programs established. Then i was able to manually set the permissions and control that programs, maybe. It really stopped the Nero Web Engine.
And showed me all the bunch of connections the program itselfs needed to work. All for downloading new virus signatures? Ok my machine became more and more slower the last time, search for files becoming unpossible with the windows search option, hanging up. Found out that the Realtime Scanner caused that. So decided to buy the new Internet Security Suite 2007 with more features they offer now for 30€ first install, updates 1 year. Virus scanner ok as before and fast again. That depends to an OpenSource program integrated for speeding up search and for that they want 30€! But the firewall! seems to be just ZoneAlarm again with some other more simple surface and package integration. Slow settings, unstable performance. Manually settings are changing. Running programs not shown, emule for example. Connections as the old version did not shown. Using emule or utorrent the computer crashes down. Then after restart windows scans the drives, always c, shows pathes to emule and utorrent user files as not guilty, scans other drives involved when machine crashed but lost datas only on c (windows and some programs only on that drive no file sharing programs). Then machine run again. So i just stop the firewall, crashes stop. No information about connection of the security software itself. And there seems me to be a lot. >I never had crashes for the last 3 years, never had to install xp for new. Last week my installation get damaged after i tried to install a version of Internet Explorer 7 Final in german with some modification to make validation unnecessary (that time i still used the old firewall). Dont know who put that torrent online to www.bitreactor.to. After restart windows not finished booting showing some normal.dll missing. Had to switch of the main switch. During next boot the system crashed with next scanning of all drives and showing data looses. Tried to recreate the former system with an Acronis Boot CD to install an image i had prepared before that Explorer 7 installation and stored on one of the local drives. Got to notice that image was lost (the only loose on all drives)!! Really that strange things never happened to me the last years.
For luck i can give that CA software back the first 30 days, so will do.
I believe the big industry is fighting with harder weapons now. With Windows Vista a new age will begin.
Time for Linux now? First i will try to live with the Outpost Firewall. Can someone suggest me a good Virus Scanner?

NOD32 seems to be the answer i have found.

Believe it or not I just this hour found out about the Zone alarm issue. I noticed that ZA notified me "twice that my avast anti virus was trying to access the internet. I wrote the down the Ip destinations and put them into a search box which led me here. I am using version 6.5.737.000, so apparently the "bug" was not fixed and now it is actually lying about it.. I also tried to terminate the vsmon.exe in the task manager and the request was denied. How exactly can I stop this. I don't know anything about host files and I really don't know of any other firewalls that I could use.. And isn't this illegal???
Any help would be greatly appreciated.
Thanks

Uninstall that thing and try one of these instead:
Outpost Firewall
Comodo Free Firewall


I have been watching ZoneAlarm for a few years now, and they never
did get it performing well enough to get my recommendation. That
apparent incompetence and these reports of it's spyware activities
show that the people behind it cannot be trusted. When one cannot
trust the people, one certainly should not trust their product.

Have a look here.


Add this to your hosts file:

After this you won't be able to view the entire domain and your ZA will stop sending data to ZoneLabs servers.

Holy crap, been using ZoneAlarm for years and didn't know anything about this. Think i'm gonna try
Comodo Free Firewall (can't be arsed with emails for Outpost Firewall) tomorrow. Bit late now so just added that 127.0.0.1 zonelabs.com to hosts file (thanks to helpfull info from here link) and rebooted.

And to rub salt to wounds it's Israeli company...sigh...

Wonder what more horrors await me here? AntiVir is a keylogger?!

Comodo ???
You`ve got to be kidding . I`ve tried it twice and it`s been a showstopper every time . Not only did the damn thing fail to work on either occasion , but it cost me quite a few nerve cells to get the system back on track and uninstall the bugger . It`s positively unstable and unreliable as far as i`m concerned , i wouldn`t go anywhere near it if i were you . The Outpost f/w is a great bet though , it`s the best one outhere IMO , provided you go for the paid Pro version ( the standard one is not really worth it ) . Another neat one is the standard Webroot Desktop Firewall , although it`s a paranoid one , it never runs out of pop-up queries . As for good ol ZA , you can easily silence it by fighting fire with fire - add the Zone Labs ranges from Level 1 straight to its Blocked Zone . At the end of the day though the best bet by far is using hardware f/w on top of which you could add any application-based software f/w outhere to keep tabs on outbound traffic .

(1)
Had to see for myself so installed Filemon and it really is like post says. While watching vsmon in constant action really got the "uhm dear 'firewall', shouldn't you be concentrating more on something else..." feeling. So little apologies to B.I.S.S. for having doubts, but like you say if it seems too good to be true etc (meaning the posts/site here).

(2)
Got Comodo installed and running, and so far had no problems. All the applications i normally use and online games work fine. And setting those Network Security Policies is bit like trinketing with gambits in FFXII. Spent yesterday evening trying to learn more about TCP's, UDP's and who knows what. Long way to go there, maybe bit too long. Got more important things to do in life. Like "sitting by computer and doing something that matters".

Only thing bothering a little is that nothing has asked for 'server rights' like in ZA. Seems to give 'in' rights automatically to BitComet so assuming worst case scenario with other programs too. Aren't inbound connections root of all evil?! Someone gets inside YOUR computer and does whatever HE/SHE wants.

And the Learning part. If i get a virus etc it will probably get connection atleast once and do some damage until i can deny it's access (well, get rid of it). If it's on Not Learning mode, it really doesn't learn anything = don't get any entries which i could adjust and such.


Voices Inside My Head,Part ??:

Me: Hmm, so those do that...but whats this then?...and why Comodo...

Synaptic overload! Fuel rods pop out of head to prevent meltdown! (i.e. coffee, smoke & ffs)

Me: ...
ZA: Hi!
Me: What the hell?!
ZA: Looks kinda complicated. I mean no simple Yes/Ask/Block to Access/Server rights?
Me: Nooo! You're not real! I uninstalled you!
ZA: Did you really think you would get rid of me so easily? After all those years.
Me: <helpless/terrified sobbing>

ZA: Ooh, it's learning again!
ZA: Why it gives System outbound access to those dreadfull ports 137, 138 and 139?
Me: I don't know. I really don't know.
ZA: (I had much better use for those ports myself ^^)
Me: Did you say something?
ZA: Nope. Hmm, maybe it gives inbound access too? After all, you don't know if it does.
ZA: Look, your computer is now listening that port. Doesn't it mean it's acting as a server?
Me: Shut up.
ZA: Remeber how easy it was to deny server rights for Svchost and other stuff? One click.
Me: I said SHUT UP!

ZA: ...
ZA: Is there really something so terrible in index.dat? You delete it everyday anyway.
Me: Yeah but...it's wrong to peek around without permission.
ZA: It was for your protection only. I would never harm you.
Me: And Filemon shows insane activity from your vsmon!
ZA: So you trust some program that doesn't even have flashy colors in user interface more?
Me: Yes! Uhh, no. I don't know.
ZA: Why don't you just get rid of that thing and re-install me? We could be together again.
Me: No.
ZA: <sigh>
Me: Arrgh...let me think about it ok?
ZA: Sure, no hurry. I'm only few clicks away, in BUprogra directory. Waiting...
Me: Yeah yeah. Hmm, where was i?...

Cooling process completed. Pondering and wondering of Comodo's secrets continues.


Should stop reading i guess...i'd still have firewall i can fully understand. But gonna give Comodo a go, it seems interesting. But if i keep feeling insecure, can always convince myself that it's safe to use ZoneAlarm by adding that range to host file

first of all sorry for possible OT and for too long post and excuse me for my weak english (speaking is one thing but writing is another...uou i'm wise today:)

second of all am sure that no fw will save you 100% from malware,spyware,viruses,worms and so on, something will always find a way through your registry or whatever it wanted in that particular case

now i'll explain my time with ZA and point of view regarding safe® surfing stuff like that, hang on

i had my time with ZA, we had fun maybe few years or so but then i realized that my computer is zone alarming for more ram on that point things started to change i become conscious about ZA hunger for ram and his wish to control every little tiny thing i just can't describe it, i went completely insane.. it was like confronting a hungry beast in a jungle, "he" became more dangerous for me than a worm.viruse for my computer )

after little research i found out that ZA isn't really that good as i thought(nor are other fw's), because half of his security reports are just a bunch of bs, and if you use internet like a normal user(not a total n00b) you can easily go with no fw at all, am serious, first step in securing your os(win of course) is setting up services in administrative tools in control panel, dont skip that

if u must or just want to use fw, my recommendation goes to Sunbelt/Kerio Personal or Tiny Personal fw(very easy to use!), maybe Comodo(people say its good stuff but i didnt like it at all)

with some experience on net and in winxp, little caution in using net(web..), fw its not needed in my opinion, all fw's have lot of vulnrabilities and won't protect u well, of course there some things you install and use instead of fw to be/feel secure (look at the end of post), ...but if u want total privacy protection or smth like that i recommend tor,vidalia & that kind of s0ftware

i find z0ne aLarM most gruelling fw I met in my whole life! its no joke, i cannot even recommend it to beginners that want fw to handle all the situations cause ZA will bother u evey 5min with new suggestion,its annoying soon you'll be like "..what the f.." why am i? why am i receiveing so much security warnings and u will go mad with his buggings and warnings

when i had zone alarm i was a bit more comfortable but i had sec. issues like viruses&other..every few weeks for sure, but since i unninstalled ZA(what a procedure that was!) and just started 2 behave more careful in general, and w/o any fw computer is even safer than before

>> my winning combination is using other softw that kind-a replace "fw job"; its well known spybot-search&destroy, and avg anti virus(fast&good), mozilla firefox upgraded with some security add-ons, and the last but not the least important is protowall&with BM (that also needs time with doing your "best setup" with exclusions list and other), so all free, no illegal zonealarm.pro(poor student:), no phoning home, and everything is in order&secure, also the cheapest version prob.

and i must point out that i have less ram "stolen" and some more cpu power available that i haven't had before, when using any fw especially deadly ZA!

p.s. after all we all know it's not good to have more than one firewall, and most of modem/routers have its own fw's and port scaning and much more sec. options...

You will need to add all these to your Hosts file, just adding zonelabs.com will not work.






This (below) is not going to stop your computer from connecting to the above domains.





Here are some more Hosts from that range.

Let's face it. The only reasonable action is to wipe all traces of ZoneAlarm from
your system and never look back.
If you cannot trust the people involved, you definitely cannot trust their software.

Why should you have to defend yourself against your firewall when other,
more trustworthy firewalls are available for free?

The NSA 0wnz popular firewalls and 'secure' email services

By Egan Orion: Friday, 21 December 2007, 9:19 AM

All your secrets are belong to them

CRYPTOME reports that the US National Security Agency (NSA) has remote administrative access to several of the most popular Windows PC firewalls, and that it has also taken control of a number of supposedly "secure " email services within the past few months.

It writes that the personal computer firewall software products from MacAfee, Symantec and Zone Alarm all "...facilitate Microsoft's NSA-controlled remote admin access via IP/TCP ports 1024 through 1030... without security flag."

That bit of news is merely an aside to the posting's main topic, which is that:

"Certain privacy [and/or] full session SSL email hosting services have been purchased [or] changed operational control by NSA and affiliates within the past few months, through private intermediary entities."

The so-called "secure" email services implicated by Cryptome's report include Hushmail, Safe-mail.net, and Guardster.com.

Just a reminder that, if you're not using strong encryption, the NSA is probably reading your email, if not also everything that's on your system's hard drive.

http://www.theinquirer.net/gb/inquirer/new...pular-firewalls

This is bound to cause more than uproar
if it doesnt then people are clearly sheep lol

Lets hope agnitum hasnt or doesnt swing the same way ?

Hurrah for national security, nice excuse for almost everything. Sometimes i think if i lived in USA i could kick elderly people on street and get away with by saying "I though she had Al-Qaida connections/was threat to national security".
Note: Don't have any urge to actually kick grannies, or anyone else for that matter. Just an example

Anyone uninstalling ZoneAlarm might want to check their C:\WINDOWS\system32 afterwards. Will find ZoneLabs directory there, containing vsmon.exe and some dll's. Waiting for remote activation or re-installing (Prime Directive: Check index.dat asap and report!)?
Maybe uninstall works properly, removing program components. Leaving uhh...'stuff' behind.

As for Comodo, no more coffee, smoke & ffs. There's actually nice help topics in their site, but sometimes "Whine now, study later" motto just kicks in. Installed it on laptop too.


"You can keep western democracy, i'm happy with european one."

To be fair though, if you're not encrypting your email, potentially anyone can read it...

There is such a thing as too paranoid.

And Comodo is actually really good. I've got V2.x for XP and V3 for Vista and they're both very good indeed. It was a sad day when Symantec bought Sygate

Come on, Windows can do that all by itself! Do a port scan (or router log) and see who has been watching who!



I still remember Tiny Firewall and Blackice. Both went commercial and lost appeal. The thing was, They were GREAT at what they were for, before the coperate world took em over.

Until now i thought zone labs are the best produces of soft firewall

but this fact is true than dont have anything to say that they have not know a bug that was reported by most of the users.

They cheaters have to punished they have sole interest only in selling their software but not improving or taking valuble customer calls!!!

Hi Everyone,
I noticed this real strange cookie ,so I searched for an answer what it was from and why it was there.I wasnt even home when my PC went online.I was gone for 4 days,Checked the cookies/History this is what I found.You are the only site I could find when I searched Google,Ask jeeves,Cuil ect,nothing came up. So here it is and can anyone explain this?I am getting rid of zonealarm for sure. GETSPYSITEDATA???????http://cws.zonealarm.com/zawebservices/GetSpySiteData/version/001/domainhash/57ffa1a641f7b6460ed07445aa094518

Hi JpDovers.. Yeah I searched for cws.zonealarm.com and it seems we are the only site in google for that term, and the number one search result. Couldn't find any documentation for it either..

Even the ZA site itself comes up blank when searching for it, which is not very surprising.



Now the spysites data I suspect may have something to do with a Zone Alarm feature to block spyware sites, but since ZA is a form of spyware itself I would not keep it around and let that israeli security company continue to gather your data another day longer..

There are other much more secure & trustworthy firewall solutions, Outpost Firewall or Online Arrmor would be my first recommendations to consider switching over to.

COOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOOLLLLLLLLLLLLLLLLLLLLL





it make me laugh a lot, THANKS!!!!!!!! You should really "scroogle" for Yahtzee takes on the World or just go to FullyRamblomatic.com.


By the way since you'll folks are talking about firewalls and so on: avast! pro 4.8.1296 / WinXP built-in firewall for inbounad and GhostSecuritySuite for outbounad and app behaviour and registry protection / ProcessGuard 3.5 from DiamondCS to prevent unathorized apps to launch, install drivers, acces memory and so on. That's my resident kit.
MalwareAntispyware/SpywareBlaster/Spybot and SuperAntiSpyware for on-demand and inmunization.
Now I'm trying PeerGuardian2... and KeyScrambler