dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
55162
Infoman1
join:2001-03-21
Hubbard, OH

Infoman1 to spooler

Member

to spooler

Re: iggy's prior post explains some of this

With respect to the opt in or out, Zone Alarm periodically sends data back on a routine basis. (PA2.zonelabs.com) Looking at an Ethereal trace, part of the communication is encrypted. Could this be the license key? When I caught it I was personally uncomfortable with it, so some explanation is needed.

spooler
@134.50.x.x

spooler

Anon

Outbound traffic from Zone Alarm

Informan1 said:

"...Zone Alarm periodically sends data back on a routine basis....part of the communication is encrypted....Could this be the license key? ...I(i.e., Informan1) was personally uncomfortable with it, so some explanation is needed."

-------------------

Sorry that answer is way over my head. I personally do not believe it is sinister, but it appears to me that ZoneLabs needs to revise its disclosure of what information is sent and when.

It would also be nice if the company did not send information back out without giving users the choice to allow or disallow those communications. If you are using ZA Pro, you may be able to create an "expert rule" to block some of those outgoing messages, but maybe not....

We'll have to depend on Iggy and the other ZA team members here to get in touch with the company and let us know for sure.
IGGY9
No Guru Just Here To Help
Premium Member
join:2001-03-30
Chatham, IL

IGGY9

Premium Member

Iggy hasn't heard back from ZoneLabs yet. I need to do some catching up on the post in this thread. But I've been up for about 25 and 1/2 hours now. Just back from a cancer research benefit. The 2 Red Bulls are wearing off.:) So I'll have to get to this tomorrow evening or Monday morning.
SUMware2
Premium Member
join:2002-05-21

SUMware2

Premium Member

Thank you Iggy. We appreciate your efforts and understand that you have a life outside of here. LOL. No problem!
Charles770
join:2004-11-08
France

Charles770 to IGGY9

Member

to IGGY9
Thanks a lot Iggy.
We know that you do your best, when we need a help!

spooler
@134.50.x.x

spooler to SUMware2

Anon

to SUMware2

second that thanks to Iggy.

Sumware and Charles said to Iggy:

Thank you Iggy. We appreciate your efforts and understand that you have a life outside of here. LOL. No problem!:)

Thanks a lot Iggy.
We know that you do your best, when we need a help!:)

----------------
Second that from here, too. Thanks for all your help, Iggy.:D

Snakebytes
@tamqfl1.dsl-verizon.

Snakebytes to spooler

Anon

to spooler

Re: what's missing here?

Thanks Spooler,
I will be re-thinking if I should renew my subscription to ZoneAlarm Pro. It is due soon.
I dont like these kind of backdoor surprises. Certainly dont want to be paying money for them.
Charles770
join:2004-11-08
France

Charles770 to SUMware2

Member

to SUMware2

Re: Privacy in the new ZoneAlarm 5.5

Hi,

a comprehensive explanation of the 'tvdumpflags' line
can be read here:
»forums.speedguide.net/sh ··· t=159004

Regards
Charles.
SUMware2
Premium Member
join:2002-05-21

SUMware2

Premium Member

Thanks again Charles. I guess that makes sense. Iggy, can you confirm the info at speedguide forums?

The tvdebug.log increases in size over time and is essentially lost HDD space for me. So I've had my autoexec.bat delete it at boot. ZA then automatically creates a new clean file.

Think that I'll continue to do this unless it's determined do be detrimental to actual ZA operation.

'Set tvdumpflags' is also now disabled unless good reason is presented to re-enable it.

Owlbet
Ignite the Ice
Premium Member
join:2002-09-24
Palmer, AK

Owlbet to WFO

Premium Member

to WFO
said by WFO:

The "set data gathering permissions" scteen is shown during every installation in my experience. I always click no. It is an option available even after installation. I use ZAP.
I use ZAP as well and everytime I install a new version I always tell it no on the anonymous sharing of configurations settings. I can change my mind if I want after ZAP is set up to allow sharing of configuration settings. Is it possible the reason ZAP calls out to the internet everytime the computer is started is because updates are configured to be checked automatically instead of manually. Check that setting to manual and see if it makes a difference.

I can't say for the free version of Zone Alarm, but ZAP does log the outgoing connection. It only goes out once during any logon to my computer and connects to my ISP's server's port 53. If I reboot the computer and log back on, ZAP goes out again. Refer to screenprint.

My personal preferences are no on the configuration settings and automatic for the updates.
Infoman1
join:2001-03-21
Hubbard, OH

Infoman1 to IGGY9

Member

to IGGY9

Re: Outbound traffic from Zone Alarm

Thanks for your effort. Just want to know why exactly this application is phoning home. It happens on every machine Zone Alarm is installed on. I can provide the Ethereal dump if you like, although unlikely needed.
SUMware2
Premium Member
join:2002-05-21

1 edit

1 recommendation

SUMware2 to Charles770

Premium Member

to Charles770

Re: Privacy in the new ZoneAlarm 5.5

"There are certain situations in which you will not be notified before contact is made. Those include sending Zone Labs Secure Community data to Zone Labs, contacting Zone Lab for program advice, when an antivirus update is performed, or when monitoring your antivirus status. The "Share setting anonymously..." setting below, turns off the Secure Community transfer."

"Periodically sends anonymous configuration data to Zone Labs. For more information, see Sharing your settings with Zone Labs .
Note: This option does not appear in trial versions of Zone Labs security software."


ZAF is NOT a trial version.

"Zone Labs security software users can help shape the future of Zone Labs security products by periodically sending anonymous configuration data to Zone Labs for analysis."

"Configuration data is not collected from ZoneAlarm or ZoneAlarm with Antivirus users."

"For most users, data will be sent once per day."

"If you later decide that you do not want to send anonymous data, select Overview|Preferences, in the Contact with Zone Labs area, then clear the Share my settings anonymously... check box."


Where would that be? It's not one of the options that I see.

PapaJoe
Just My Two Cents Worth
join:2000-07-05
Chicago, IL

PapaJoe to WFO

Member

to WFO
I also use ZAP and thought I had everything for phone home disabled. I have even put the Zone Alarm site in my blocked list. I still notice on WallWatcher that it seems to phone home every 4 hours or so. Nothing is in the ZAP logs for this outbound connection.
Charles770
join:2004-11-08
France

Charles770

Member

said by PapaJoe:

I have even put the Zone Alarm site in my blocked list.
Hi,

because it's now more than a week that we are waiting for an answer that is not coming, from ZoneLabs,
does someone know if we can forbid ZoneAlarm to contact his home back?

For instance, by adding the server in the Hosts file:

127.0.0.1       hs2.zonelabs.com

or maybe such software doesn't read in the Hosts when connecting to the web?

Charles.:)
Infoman1
join:2001-03-21
Hubbard, OH

Infoman1

Member

I personally would like to know exactly what "that small anonomous data collection" contains. And this is somewhere in the license agreement I assume?

GET /1/?AqBzIYcFADCuOZskFDZWXmSRTgqLp3bTNtdf8eI2sVgzV2luZG93cyBFeHBsb3JlcgA2LjAwLjI5MDAuMj E4MAAAAEM 6XFdJTkRPV1NcRXhwbG9yZXIuRVhFADgvMy8yMDA0IDIzOjU2OjUw HTTP/1.1
Host: pa2.zonelabs.com
Accept-Encoding: gzip
Accept: */*
Content-Type: text/plain
User-Agent: ZoneAlarm/5.5.062.000 (oem-1025; en-US) ZSP/2.1

HTTP/1.1 200 OK
Content-Length: 470
Content-Type: application/octet-stream
Last-Modified: Wed, 17 Nov 2004 22:04:29 GMT
Response-Code: 200
Expires: Thu, 18 Nov 2004 05:42:20 GMT
Date: Thu, 18 Nov 2004 03:47:14 GMT
Connection: keep-alive

ZPDOCBIN   
  (ÿóû]”Š‹à.n¤¾`EÞ»Ì7[öÍ8H`öR{D[ý4’TœŸhúãg÷l¨‘ µ‰Ð¯"CøË¥¶ü|šþtå§pdì
™;\^ÚílÆ7ÅøÔ¢ñZ«?r^7N÷ðLù3u|ñ/4dtðÚþÕ×yÈI~¦*CµC¿ñ·W m)× SÅj»‚owvM¬) âC«[Ùàä)šû3Ã4ŸUÀ„¿ÃE‘rG‰ÒÜðgpwüÀ„}WƒïLÑjDcÉX9^âoªsÓÎm~Iý
spooler0
Premium Member
join:2004-11-17

spooler0 to PapaJoe

Premium Member

to PapaJoe

does hs2.zonelabs = virus update checks?

said by PapaJoe:

I still notice on WallWatcher that it seems to phone home every 4 hours or so. Nothing is in the ZAP logs for this outbound connection.
--------------
jdal, just curious what the entry is you are getting in your WallWatcher logs. If it is the hs2.zonelabs.com that charles770 mentions in his post below, it may be vsmon.exe.

At least that is what it correlates to in my router logs. I believe that is the program ZA uses to check the status of the user's firewall for current updates. That can probably be confirmed by disabling the "virus check" feature in ZA and looking to see if the outbound traffic still appears.

Iggy's earlier post at:

»Why Zone Labs software contacts Zone Labs

indicated it was:

"hs2.zonelabs.com helps your client keep its services up to date."


but it may have been expanded to include more in the later versions of ZA.
Infoman1
join:2001-03-21
Hubbard, OH

Infoman1

Member

Thank you for providing that information, however who wants a firewall that is constantly and randomly contacting your servers. I understand the concept but exactly what kind of data is being exchanged? The link provided, detailed several servers Zone Alarm contacts or may contact. I am not concerned about ZL privacy policy but I am concerned about embedded code tracking whatever. (AKA spyware). There is a wealth of information that can be collected and reported on! So if is harmless there should be no problem in revealing the data exchanged. Additionaly this may be permissable in the free version, but one that has a valid purchase license. Updates are one thing, but something smells funny.
spooler0
Premium Member
join:2004-11-17

spooler0

Premium Member

said by Infoman1:

The link provided, detailed several servers Zone Alarm contacts or may contact. . . . I am not concerned about ZL privacy policy but I am concerned about embedded code tracking whatever. (AKA spyware) [I]f [it] is harmless there should be no problem in revealing the data exchanged. . . .
That seems to be the main point and consensus of this thread.

Iggy was to check on this and get back to us with an update. Perhaps he will.

salzan
Experienced Optimist
Premium Member
join:2004-01-08
WA State

1 recommendation

salzan to Charles770

Premium Member

to Charles770

Re: Privacy in the new ZoneAlarm 5.5

I've been watching this thread since it was opened and am disappointed that there has been no reply from Zone Labs. It's ironic that the very program I (did) use to control outbound flow has taken advantage of that position of trust to send it's own messages out. I'm not really that concerned about what it's sending, just that it is sending.

I rectified the situation to my own satisfaction by uninstalling ZA and installing Kerio. I used BlitzenZeus' ruleset to get started and everything is running smoothly with no problems at all on my Win2K box.

Since I'm also behind a NAT modem and a HW router/firewall, I feel adequately protected with this configuration.
Infoman1
join:2001-03-21
Hubbard, OH

Infoman1 to spooler0

Member

to spooler0

Re: does hs2.zonelabs = virus update checks?

Patience is a virtue I suppose! I have white-listed those sites at the router/content filter level until Iggy can provide a more definitive answer.
VirtualLarry
Premium Member
join:2003-08-01

VirtualLarry to IGGY9

Premium Member

to IGGY9

Re: Privacy in the new ZoneAlarm 5.5

said by IGGY9:

I think it is very self explanatory. The option isn't present within the trial version. I would think that you could set this during the install of the product.
I wouldn't be so quick to discount the exact wording of "does not appear", and equate it with "does not exist".
When ZoneLabs added the unique user-id tracking and phone-home feature to ZA Free back in the 3.x era, at one point there was an installer option to disable it, and they removed that option - but the feature was still there, and still enabled.

Personally, given their past history, my interpretation is that it phones home, and you have no say in the matter. If you want to disable that "feature" - then you must pay for the software.
said by IGGY9:

Since that is part of the installation process. The feature is present in my paid Suite version. I've not used the free version since a beta test a few years back. And I only played with it for a few days time.
That's just it - the paid-for version shows you the option and gives you the choice to disable it. The free version (generally) does not. (Caveat: I haven't use ZA for quite some time, I stopped using it around when they started tracking users of the free one with no way to disable it, that was the final straw that pushed me to Kerio. So I can't say for certain that this new version is doing that, but I would personally tend to believe so.)
VirtualLarry

VirtualLarry to Charles770

Premium Member

to Charles770
said by Charles770:

To be very clear, does ZoneAlarm free has became a Spyware?
A long, long time ago. Isn't this common knowledge?
VirtualLarry

VirtualLarry to IGGY9

Premium Member

to IGGY9

Re: iggy's prior post explains some of this

said by IGGY9:

"But the first thing ZA does without asking is contact ZoneLabs for one or more of various reasons"

This action would of course be blocked when set to be blocked. I have no such contact with the company when using their product.
Just a minor note here. I have no idea how it behaves in the 5.x Free versions, but in the prior 3.x versions, attempting to "block" ZA from phoning-home, using the firewall's own controls, was ineffective. It had an internal "allow" rule to bypass any user rules. If ZA Free 5.x is phoning home again, then I also have no doubt that they would also use a similar inbuilt "allow" bypass rule.

I don't know if I have it saved, but I had a really good discussion about this whole issue when it first broke out with one of ZL's official free-support people on GRC's newsgroups. They confirmed the behavior, and that it was intentional, for marketing reasons. Think about it, it tells them how many people, worldwide, happen to be use the "free" version of their software, and allows them a marketing opportunity to "upsell" them to the paid version. There was also some comment about auto-upgrade patches being detected, in case there is a flaw in the software, but that doesn't explain why the software generated a unique user-id, nor why it didn't give the users of the free version the opportunity to opt-out of it.
said by IGGY9:

Now if users aren't seeing the option screen I captured during the install. That leads me to have to send an email and start asking some questions. Which I'll do when I get time later tonight. I'm not ready to call out the wolves just yet.
Well, knowing that they've done it before, it wouldn't surprise me one bit to see them trying it again.

It really calls into the question of whether or not you can trust the vendor of your security software, when their software intentionally undermines the ability of the user to specify security policy. I am, in fact, no longer a ZoneAlarm user directly because of that, and because of recurring technical flaws in their software.
VirtualLarry

VirtualLarry to salzan

Premium Member

to salzan

Re: Privacy in the new ZoneAlarm 5.5

said by salzan:

I've been watching this thread since it was opened and am disappointed that there has been no reply from Zone Labs. It's ironic that the very program I (did) use to control outbound flow has taken advantage of that position of trust to send it's own messages out. I'm not really that concerned about what it's sending, just that it is sending.
Whoa, major Deja Vu here.. I think that I said the same thing, when ZA Free 3.x started doing this too.. then I dumped ZA totally.
said by salzan:

I rectified the situation to my own satisfaction by uninstalling ZA and installing Kerio. I used BlitzenZeus' ruleset to get started and everything is running smoothly with no problems at all on my Win2K box.

Since I'm also behind a NAT modem and a HW router/firewall, I feel adequately protected with this configuration.
LOL. Yep, definate Deja Vu. I, likewise, switched to Kerio 2.x Free.
Infoman1
join:2001-03-21
Hubbard, OH

Infoman1 to VirtualLarry

Member

to VirtualLarry

Re: iggy's prior post explains some of this

To be clear and factual. While these options are present in fully licensed purchased copies of ZA Pro of which I have disabled. Bottom line is free version or purchased; the product phones home and there is no way to prevent it within it's own software!
SUMware2
Premium Member
join:2002-05-21

SUMware2 to Charles770

Premium Member

to Charles770

Re: Privacy in the new ZoneAlarm 5.5

ZoneLabs' silence on this issue seems to speak quite loudly.

On my Win98SE box the ZAF 27 digit alphanumeric serial number is located here:
HKEY_LOCAL_MACHINE\Software\Zone Labs\ZoneAlarm\Registration\SerialNum\

You can download Javacool's ID-BlasterPlus here.

Follow the instructions and you can configure ID-Blaster to randomly change the ZAF serial number (along with others that you might select). The entry ends up in the 'default.ini' and looks something like this (verify the information layout and registry location for your OS):

Name=ZoneAlarm Serial Number
MainKey=HKLM
SubKey=Software\Zone Labs\ZoneAlarm\Registration\
Value=SerialNum
ValueType=S
Author=your name here
Description=Unique ID built into ZA
Format=###########################
Win95=0
Win98=1
WinME=1
WinNT4=0
Win2000=1
WinXP=1
Enabled=1

If you decide to try this make and keep a record of the original ID in the event that it needs to be restored. Post your opinion, will this help to better protect user privacy?

The sn is probably part of your registration, etc. and changing it may do bad things to renewal keys, upgrade functions, etc.

ID-Blaster substitutes all numerics where my original also contained letters.

From the GRC website:
"Many people have been concerned that ZoneAlarm is free, and have wondered whether it might not, itself, be very cleverly marketed advanced spyware. Then, on January 11th, gasoline was thrown on the fires of these concerns when ZoneLabs announced that their "TrueVector" technology had been licensed to Media Metrix, a company that provides "consumer profiling" services to major Internet media users. This caused an uproar as people wondered whether the "TrueVector" technology that also forms the foundation of ZoneAlarm might not be spying on them.

...Media Metrix is to web surfing as the Nielsen rating system is to television viewing. Just as a "Nielsen Family" gets paid to have a special "set top box" continually monitoring their viewing habits, Media Metrix pays 50,000 web users to have special monitoring software installed in their computers so that their surfing habits and behavior can be monitored. The technology Media Metrix had been using was limited and troublesome. So, they turned to ZoneLabs' TrueVector technology to provide a mature solution for their knowingly monitored user's needs."

Media Metrix is now located here: http://www.comscore.com/ . Take a look...
Infoman1
join:2001-03-21
Hubbard, OH

1 edit

Infoman1

Member

Well I have educated myself by reviewing the Media Matrix website. I won't have anything masquerading as a security product when in fact it's marketed spyware! My trust has been breeched! And still no mention in the user agreement, and Zone Labs silience on the issue. It's an invasion of privacy, one which I certainly don't need to pay for. All too often software products start out great, rise to the top, then become convoluted. Intuit's Quicken and the TurboTax debacle come to mind with the drive for over zealous marketing! It's a shame.

Sygate here I come.
Charles770
join:2004-11-08
France

Charles770 to SUMware2

Member

to SUMware2
Hi,

thanks everyone for all the informations.

SUMware, I tried this :
I shuted down ZA,
and then deleted the entire key
HKEY_LOCAL_MACHINE\Software\Zone Labs\ZoneAlarm\Registration
(including the 'SerialNum').
After a reboot, ZA re-created exactly *the same* number of 27 digits!

So, it seems that it is taking it from somewhere else.

Best regards.
SUMware2
Premium Member
join:2002-05-21

SUMware2

Premium Member

You are correct, Charles. I just came back online and checked my registry. The original serial number is back. Thanks for telling me. I guess that ZA really wants to keep its users tagged.

Ideas, anyone (other than switching firewalls, and I'm considering it now)?

Again, my autoexec.bat deletes the tvdebug.log at every boot. So, if ZA gets info from it at boot they aren't getting much. If that's all the data that they're gathering and interested in.

salzan
Experienced Optimist
Premium Member
join:2004-01-08
WA State

salzan

Premium Member

said by SUMware2:

Ideas, anyone (other than switching firewalls, and I'm considering it now)?

Again, my autoexec.bat deletes the tvdebug.log at every boot. So, if ZA gets info from it at boot they aren't getting much. If that's all the data that they're gathering and interested in.
I'm not sure what difference the serial # makes since:

A. ZA also does this in the free version which has no serial #

B. We have no idea of what data is being transmitted, the serial # could be completely irrelevant.

As for deleting tvdebug.log at startup:
said by jdal44 previously in this thread:
"I also use ZAP and thought I had everything for phone home disabled. I have even put the Zone Alarm site in my blocked list. I still notice on WallWatcher that it seems to phone home every 4 hours or so. Nothing is in the ZAP logs for this outbound connection."

If this is true, deleting the tvdebug.log at startup will not help much, if in fact tvdebug.log is even relevant to this issue.