Broadband Tech > Security > Security > Privacy in the new ZoneAlarm 5.5

reply to Charles770

Re: Privacy in the new ZoneAlarm 5.5

Hi, everyone--

I sent the info below to Team Z a few days back, and it's been posted far and wide, but just to clear things up, I'm posting it here again. So here's the scoop, straight from the horse's mouth. (How's that for a creepy metaphor?)

And just to be clear, we at Zone Labs have seen no examples of communication between our clients and our servers if all these steps have been followed.

If, after following these steps with the most recent release-versions of our software, you STILL get communication between your client and our servers, we absolutely want to know about it. Needless to say, that would be a bug that's critical for us to fix.

As ever, thanks for your passion and dedication, everyone.

--Corey

Corey Bridges
Zone Labs, A Check Point Company

***

The ZoneAlarm family of products offers a number of features and services that enhance your security by providing specific information about threats, configurations, and programs. To enable these services, ZoneAlarm security products communicate periodically with Zone Labs servers. Of course, this communication is done on an "opt in" basis; it is your choice to decide to take advantage of these features and services.

Here are the steps to take to disable any contact between your ZoneAlarm product and Zone Labs servers. NOTE: Disabling these features will limit the functionality of the security product, in the ways described below.

Turn off Antivirus monitoring found in ZoneAlarm, ZoneAlarm with Antivirus, ZoneAlarm Pro, and ZoneAlarm Security Suite. Choose Antivirus Monitoring (or Antivirus) | Main, and set Monitoring to Off. Disabling this feature will prevent the program from informing you when your antivirus solution from vendors like Norton, McAfee, Trend or CA is out of date or disabled.

Turn off automatic updates to Antivirus Protection, found in ZoneAlarm with Antivirus, ZoneAlarm Security Suite. Choose Antivirus | Main, and click the Antivirus Options button. The Advanced Antivirus Settings dialog appears. Select Updates from the list on the left, and uncheck "Disable Automatic Updates." Disabling this feature prevents your ZoneAlarm product from automatically updating its antivirus definitions, radically reducing its effectiveness against new viruses.

Disable Program Advisor (security advice from the AlertAdvisor) found in ZoneAlarm Pro and ZoneAlarm Security Suite. Choose Program Control | Main, and set the AlertAdvisor slider to Off. This feature can normally be run in automatic or manual mode. If you shut it off entirely, you won't have program access permissions assigned automatically, and you won't receive recommendations in manual mode. You will instead be asked to manually confirm (without advice) whether each new program, when launched, can access the Internet.

Disable sharing your security settings, found in ZoneAlarm Pro and ZoneAlarm Security Suite. Choose Overview | Preferences, and uncheck "Share my security settings anonymously with Zone Labs." With this feature disabled, you won't be sharing your configuration information with Zone Labs. Zone Labs aggregates and analyzes this anonymous information to improve performance of our products.

Disable automatic Check for Update functionality, found in ZoneAlarm Pro and ZoneAlarm Security Suite. Choose Overview | Preferences, and set the Check for Updates button to Manual. With this feature disabled, you won't be automatically notified when Zone Labs releases a new version of our products. You should make sure you continue to click the manual "Check for Update" button every few weeks, so you don't miss a product update.

Hi, Hillsboro--

I apologize. I thought I'd communicated that in an earlier post. I'm happy to make it explicit, and I'll even do it in the language you requested, with a few words added to make it more precise:

There is no information whatsoever being sent to Zone Labs or any of our affiliates for any marketing, or other purposes whatsoever other than for the updating of virus, privacy, usability, security, and application files associated with and for the operation of our software and services.

In other words, no information is being harvested beyond the aforementioned, and then only information directly linked to the operation of our software and services (like the AlertAdvisor, which gives advice on whether or not to allow a program to connect to the Internet, or HackerID, which tracks hackers anonymously for you, at your discretion). We do not monitor your information sent through our ZoneAlarm products to and from the net.

I hope that helps clear things up. I appreciate you letting me know that I looked like I was dodging the issue. Honest-to-goodness, we're not trying to hide anything here. Without making too big a deal of it, I hope that my presence here in this discussion supports that point. I have been an active participant in discussions here for years. (So have other Zone Labs folks.) I wish I had more time to be more involved in discussions like this, but barring that, I want to make things more clear when I post. Thanks for helping me to do that.

--Corey

Corey, for the record. Can you please state your exact position title at Zone Labs, and state if you possess legal authorization to act as an official representative/spokesman for the owners and management of ZoneAlarm, Zone Labs, and Check Point. And that all statements that you publish relating to these matters are complete, factual, and authorized by, and presented with the express knowledge and permission of ZA, ZL, CP.

And can you please explain exactly what data is being obtained, and for what purposes, from users of ZA Free. Why can't people under 13 years old use ZAF? And explain why users of ZAF can't completely opt out, even though ZA says that this is possible. Or, if ZAF users can completely opt out, explain how.

Thank you Corey for the information and your post. We all appreciate it.

I want to compliment the particpants in this thread for their dedication, research and efforts to present the facts here. Thank you!

reply to ZL_Corey

said by ZL_Corey:

Hi, Hillsboro--

I apologize. I thought I'd communicated that in an earlier post. I'm happy to make it explicit, and I'll even do it in the language you requested, with a few words added to make it more precise:

There is no information whatsoever being sent to Zone Labs or any of our affiliates for any marketing, or other purposes whatsoever other than for the updating of virus, privacy, usability, security, and application files associated with and for the operation of our software and services.

In other words, no information is being harvested beyond the aforementioned, and then only information directly linked to the operation of our software and services (like the AlertAdvisor, which gives advice on whether or not to allow a program to connect to the Internet, or HackerID, which tracks hackers anonymously for you, at your discretion). We do not monitor your information sent through our ZoneAlarm products to and from the net.

I hope that helps clear things up. I appreciate you letting me know that I looked like I was dodging the issue. Honest-to-goodness, we're not trying to hide anything here. Without making too big a deal of it, I hope that my presence here in this discussion supports that point. I have been an active participant in discussions here for years. (So have other Zone Labs folks.) I wish I had more time to be more involved in discussions like this, but barring that, I want to make things more clear when I post. Thanks for helping me to do that.

--Corey

reply to ZL_Corey
Hi Coley,
thanks to finally respond to us.
Could you answer my initial question about the Free version?

Does his behaviour is different from the other products?
Is it sharing any data with ZoneLabs or whatsoever partner company?

Does the lack of ability to disable 'Sharing your settings with Zone Labs' mean that it is gathering & sharing data anyway with no opt-out feature, ot that it is not?

reply to SUMware
SUMware , your post is not incomprehensible. Information about Mr. Corey Bridges »internet.watch.impress.co.jp/cda···za11.jpg is open in the Internet.

Corey Bridges
Chief Editor of E-Communities
Zone Labs, Inc.
Voice: 415.341.8355
FAX: 415.341.8299
email: cbridges@zonelabs.com

Besides that for additional technical questions you may reach Technical Support group at »www.zonelabs.com/store/content/s···port.jsp or security@zonelabs.com.

As I wrote before in my post I am sure that this thread is one example of the witch-hunt. Do you pay attention that other security software (Kaspersky AV) nicks all computer resources at automatic updating and sends huge amount data from the client computer?

reply to Charles770

reply to foxsteve
By the way, that "Chief Editor" title is an old one of mine. The new one is:

> Corey Bridges
> Evil Overlord and Corporate Jerkweed

I'm kidding. I know that most everyone reading this understands that we're all on the same side, and that I'm not trying to cover any evil from Zone Labs. At least, I hope everyone understands that. By the way, if you want to post my picture and direct phone number, fine. I knew the risks taking this job. But let's just make sure we don't escalate this to having someone post my children's school schedule, hm?

In the 17 pages of this thread, many questions have come up. I couldn't possibly address every nuance, but as I understand it, these are the top questions:

QUESTION: Is there a way for users to disable communication between ZoneAlarm (the free product) and Zone Labs servers?
ANSWER: Yes. Follow ALL the steps that I listed in a previous post. (Iggy posted the same list). To reiterate: It's not a matter of simply flipping just one switch. Follow all the steps. If you have thoroughly tested ZoneAlarm and found me to be wrong on that, call me. (I'm serious.) My direct number is just a post or two above this... :P

QUESTION: Did earlier versions of Zone Labs products always have ways to disable communications between themselves and Zone Labs servers?
ANSWER: Yes. In one or two of the 4.x versions, we made bad choices in creating the interface for shutting off the communications, and it made the product frustrating almost to the point of unusability. You were, however, ALWAYS able ultimately to shut the communication down. It was just a matter of the cure being worse than the problem. And, importantly, any time that we've made a poor choice on this front, we've ALWAYS corrected it.

QUESTION: Does Zone Labs share information with partner companies?
ANSWER: No matter how many times I am asked this, the answer remains No. At least for sales and marketing information. For example, if you use the Web Filtering feature in ZoneAlarm Security Suite, you can choose to send filtering recommendations to Cerberian, our web filtering partner. Our spam-filtering functionality in ZoneAlarm Security Suite comes from MailFrontier, so you can send them information. We're not collecting your personal information--let alone giving it to someone else.

QUESTION: Why do ZoneAlarm, ZoneAlarm with Antivirus, ZoneAlarm Pro, and ZoneAlarm Security Suite contact Zone Labs servers?
ANSWER: We've covered this lots and lots of times. This post is already plenty long, with more paragraphs to come. If you really want to know, check previous posts by myself or Team Z members. Here's the summation, though, which you've heard before: The ZoneAlarm family of products offers a number of features and services that enhance your security by providing specific information about threats, configurations, and programs. To enable these services, ZoneAlarm security products communicate periodically with Zone Labs servers. Of course, this communication is done on an "opt in" basis; it is your choice to decide to take advantage of these features and services.

By the way, you REALLY don't want this to turn into me giving ultra-official legal statements. Check Point is a big company with many lawyers. If I have to ask them to adjust and approve (in a strictly legal sense) every single statement I make, communication is going to dry up. Trust me. Here's the situation: I am an employee of Zone Labs, a Check Point company. Part of my job is to communicate on behalf of the company. Ergo, I am a spokesman. I am, however, human, and from time to time my posts will contain misspellings, INADVERTANT inaccuracies, and bad puns. When such mistakes are pointed out to me, I correct them as soon as possible. I have not, do not, and will not lie to you.

Here's a pertinant example--and the one I keep bringing up: based on our testing here at Zone Labs, I have said that you can disable communication between ZoneAlarm and the Zone Labs servers, using the steps previously described. If someone here is certain that he's followed all those steps (the ones appropriate to ZoneAlarm, not ZoneAlarm Pro), and he's STILL getting communication between ZoneAlarm and the Zone Labs servers, I will move heaven and earth to get that bug fixed. So far, it doesn't look like that's happened. But again: if it has, let me know, and we'll get on it.

--Corey

ZL_Corey you are a great asset to your company. Excellent post!

Cudni

Thanks, Cudni! It's always nice to get an "attaboy"--especially in the midst of such a passionate discussion as this. Makes my job feel like it's worth doing!

--Corey

Hi, SUMware--

> Corey, can you please explain "You must be 13
> years or older to install this product." on
> ZAF install (see above pic)? Why the age
> restriction?

Hm. Beats the heck outta me. I'll check. I'm afraid I'll have to ask our legal department, so it might take a couple weeks to get a response...

I jest, of course. Hopefully I'll hear back by tomorrow!

--Corey

reply to ZL_Corey
I have been a paid Zonealarm Pro user in the past,but use Sygate now, and have been watching this discussion and several others and have made a personal decision to never use ZA again, even if they resolve the current issues. Reasons?

Zonealarm has really shown it's true colors in the last few years.

Instability, and bloat are some of the reasons I uninstalled ZAPro,and the product seems to get bigger and more bloated with every new version (all I ever needed was a Firewall, not a popup blocker etc.).
But the reason I will never use it again is the response (or lack thereof) concerning past and current issues. Vague references to lawyers and legalities are just ways of saying to me that you are hiding something.
A security product should make every effort to protect it's credibility, and ZA has failed miserably (in my opinion).

Once my trust has been lost, it is very difficult to ever regain it, this may not mean much to a corporation like Zonealarm, but there are a lot of "little people" just like me who feel the same way and we are the ones that Paid to use your Product.

I really don't think ZA will make any significant changes until they have noticed a severe decline in their profit margin so I'm voting with my wallet. Profit and ethics don't seem to play well together nowadays.
When I consider all the people I have referred to ZA in the past, it makes me ill, seems I have a lot of apologies to make now.

Adios ZA, and if in the future I find Sygate doing something like this, I'll dump them too.

reply to ZL_Corey

said by ZL_Corey:

Hi, SUMware--
> Corey, can you please explain "You must be 13
> years or older to install this product." on
> ZAF install (see above pic)? Why the age
> restriction?

Hm. Beats the heck outta me. I'll check. I'm afraid I'll have to ask our legal department, so it might take a couple weeks to get a response...
I jest, of course. Hopefully I'll hear back by tomorrow!
--Corey

From the COPPA site:

Who Must Comply

If you operate a commercial Web site or an online service directed to children under 13 that collects personal information from children or if you operate a general audience Web site and have actual knowledge that you are collecting personal information from children, you must comply with the Children's Online Privacy Protection Act.

*

To determine whether a Web site is directed to children, the FTC considers several factors, including the subject matter; visual or audio content; the age of models on the site; language; whether advertising on the Web site is directed to children; information regarding the age of the actual or intended audience; and whether a site uses animated characters or other child-oriented features.
*

To determine whether an entity is an "operator" with respect to information collected at a site, the FTC will consider who owns and controls the information; who pays for the collection and maintenance of the information; what the pre-existing contractual relationships are in connection with the information; and what role the Web site plays in collecting or maintaining the information.
--
The reason you think I'm way on the left is 'cause you're so far to the right.
Sygate Personal Firewall
Why I mistrust Zone Labs