Infoman1
join:2001-03-21
Hubbard, OH
| reply to spooler
Re: iggy's prior post explains some of this
With respect to the opt in or out, Zone Alarm periodically sends data back on a routine basis. (PA2.zonelabs.com) Looking at an Ethereal trace, part of the communication is encrypted. Could this be the license key? When I caught it I was personally uncomfortable with it, so some explanation is needed. |
|
spooler
@134.50.x.x
| Outbound traffic from Zone Alarm
Informan1 said:
"...Zone Alarm periodically sends data back on a routine basis....part of the communication is encrypted....Could this be the license key? ...I(i.e., Informan1) was personally uncomfortable with it, so some explanation is needed."
-------------------
Sorry that answer is way over my head. I personally do not believe it is sinister, but it appears to me that ZoneLabs needs to revise its disclosure of what information is sent and when.
It would also be nice if the company did not send information back out without giving users the choice to allow or disallow those communications. If you are using ZA Pro, you may be able to create an "expert rule" to block some of those outgoing messages, but maybe not....
We'll have to depend on Iggy and the other ZA team members here to get in touch with the company and let us know for sure. |
|
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
| Iggy hasn't heard back from ZoneLabs yet. I need to do some catching up on the post in this thread. But I've been up for about 25 and 1/2 hours now. Just back from a cancer research benefit. The 2 Red Bulls are wearing off.:) So I'll have to get to this tomorrow evening or Monday morning.
--
Test Your Security Benefit for Children's Cancer Cable Diagnostics My Blog |
|
SUMware
Premium
join:2002-05-21 | Thank you Iggy. We appreciate your efforts and understand that you have a life outside of here. LOL.  No problem! |
|
Charles770
join:2004-11-08
France | reply to IGGY
Thanks a lot Iggy.
We know that you do your best, when we need a help! |
|
spooler
@134.50.x.x
| reply to SUMware
second that thanks to Iggy.
Sumware and Charles said to Iggy:
Thank you Iggy. We appreciate your efforts and understand that you have a life outside of here. LOL. No problem!:)
Thanks a lot Iggy.
We know that you do your best, when we need a help!:)
----------------
Second that from here, too. Thanks for all your help, Iggy.:D |
|
Snakebytes
| reply to spooler
Re: what's missing here?
Thanks Spooler,
I will be re-thinking if I should renew my subscription to ZoneAlarm Pro. It is due soon.
I dont like these kind of backdoor surprises. Certainly dont want to be paying money for them. |
|
Charles770
join:2004-11-08
France
| reply to SUMware
Re: Privacy in the new ZoneAlarm 5.5
Hi,
a comprehensive explanation of the 'tvdumpflags' line
can be read here:
»forums.speedguide.net/showthread···t=159004
Regards
Charles. |
|
SUMware
Premium
join:2002-05-21
| Thanks again Charles. I guess that makes sense. Iggy, can you confirm the info at speedguide forums?
The tvdebug.log increases in size over time and is essentially lost HDD space for me. So I've had my autoexec.bat delete it at boot. ZA then automatically creates a new clean file.
Think that I'll continue to do this unless it's determined do be detrimental to actual ZA operation.
'Set tvdumpflags' is also now disabled unless good reason is presented to re-enable it. |
|
Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK
clubs:
 ·MTA Online
| reply to WFO
said by WFO  :The "set data gathering permissions" scteen is shown during every installation in my experience. I always click no. It is an option available even after installation. I use ZAP. I use ZAP as well and everytime I install a new version I always tell it no on the anonymous sharing of configurations settings. I can change my mind if I want after ZAP is set up to allow sharing of configuration settings. Is it possible the reason ZAP calls out to the internet everytime the computer is started is because updates are configured to be checked automatically instead of manually. Check that setting to manual and see if it makes a difference.
I can't say for the free version of Zone Alarm, but ZAP does log the outgoing connection. It only goes out once during any logon to my computer and connects to my ISP's server's port 53. If I reboot the computer and log back on, ZAP goes out again. Refer to screenprint.
My personal preferences are no on the configuration settings and automatic for the updates.
--
Rocky is, was, and always will be Dawg E. Dawg. |
|
Infoman1
join:2001-03-21
Hubbard, OH | reply to IGGY
Re: Outbound traffic from Zone Alarm
Thanks for your effort. Just want to know why exactly this application is phoning home. It happens on every machine Zone Alarm is installed on. I can provide the Ethereal dump if you like, although unlikely needed. |
|
SUMware
Premium
join:2002-05-21
1 edit | reply to Charles770
Re: Privacy in the new ZoneAlarm 5.5
"There are certain situations in which you will not be notified before contact is made. Those include sending Zone Labs Secure Community data to Zone Labs, contacting Zone Lab for program advice, when an antivirus update is performed, or when monitoring your antivirus status. The "Share setting anonymously..." setting below, turns off the Secure Community transfer."
"Periodically sends anonymous configuration data to Zone Labs. For more information, see Sharing your settings with Zone Labs .
Note: This option does not appear in trial versions of Zone Labs security software."
ZAF is NOT a trial version.
"Zone Labs security software users can help shape the future of Zone Labs security products by periodically sending anonymous configuration data to Zone Labs for analysis."
"Configuration data is not collected from ZoneAlarm or ZoneAlarm with Antivirus users."
"For most users, data will be sent once per day."
"If you later decide that you do not want to send anonymous data, select Overview|Preferences, in the Contact with Zone Labs area, then clear the Share my settings anonymously... check box."
Where would that be? It's not one of the options that I see. |
|
Chibooey
Just My Two Cents Worth
join:2000-07-05
Chicago, IL
·AT&T DSL Service
| reply to WFO
I also use ZAP and thought I had everything for phone home disabled. I have even put the Zone Alarm site in my blocked list. I still notice on WallWatcher that it seems to phone home every 4 hours or so. Nothing is in the ZAP logs for this outbound connection. |
|
Charles770
join:2004-11-08
France
| said by Chibooey :I have even put the Zone Alarm site in my blocked list. Hi,
because it's now more than a week that we are waiting for an answer that is not coming, from ZoneLabs, 
does someone know if we can forbid ZoneAlarm to contact his home back?
For instance, by adding the server in the Hosts file:
127.0.0.1 hs2.zonelabs.com
or maybe such software doesn't read in the Hosts when connecting to the web?
Charles.:) |
|
Infoman1
join:2001-03-21
Hubbard, OH
| I personally would like to know exactly what "that small anonomous data collection" contains. And this is somewhere in the license agreement I assume?
GET /1/?AqBzIYcFADCuOZskFDZWXmSRTgqLp3bTNtdf8eI2sVgzV2luZG93cyBFeHBsb3JlcgA2LjAwLjI5MDAuMj E4MAAAAEM 6XFdJTkRPV1NcRXhwbG9yZXIuRVhFADgvMy8yMDA0IDIzOjU2OjUw HTTP/1.1
Host: pa2.zonelabs.com
Accept-Encoding: gzip
Accept: */*
Content-Type: text/plain
User-Agent: ZoneAlarm/5.5.062.000 (oem-1025; en-US) ZSP/2.1
HTTP/1.1 200 OK
Content-Length: 470
Content-Type: application/octet-stream
Last-Modified: Wed, 17 Nov 2004 22:04:29 GMT
Response-Code: 200
Expires: Thu, 18 Nov 2004 05:42:20 GMT
Date: Thu, 18 Nov 2004 03:47:14 GMT
Connection: keep-alive
ZPDOCBIN� ���� ���
�� � �(ÿóû]”Š‹�à�.n¤¾`EÞ�»Ì7�[öÍ8H`öR{D[ý4�’�TœŸh�úãg÷l¨‘�µ�‰Ð¯"CøË¥¶ü|šþtå§pdì
™;\^�ÚílÆ7ÅøÔ¢ñZ«?r^7N÷ðLù3u|ñ/4dtðÚþÕ×yÈI~¦*CµC¿ñ�·W m)×��SÅj»‚owvM¬) âC«[Ùàä)šû3Ã4Ÿ�UÀ„¿ÃE‘rG‰ÒÜðgp���w�üÀ�„}Wƒ�ïLÑjDcÉX9^âoªsÓÎ�m~Iý |
|
spooler0
Premium
join:2004-11-17
| reply to Chibooey
does hs2.zonelabs = virus update checks?
said by Chibooey :I still notice on WallWatcher that it seems to phone home every 4 hours or so. Nothing is in the ZAP logs for this outbound connection. --------------
jdal, just curious what the entry is you are getting in your WallWatcher logs. If it is the hs2.zonelabs.com that charles770 mentions in his post below, it may be vsmon.exe.
At least that is what it correlates to in my router logs. I believe that is the program ZA uses to check the status of the user's firewall for current updates. That can probably be confirmed by disabling the "virus check" feature in ZA and looking to see if the outbound traffic still appears.
Iggy's earlier post at:
»Why Zone Labs software contacts Zone Labs
indicated it was:
"hs2.zonelabs.com helps your client keep its services up to date."
but it may have been expanded to include more in the later versions of ZA. |
|
Infoman1
join:2001-03-21
Hubbard, OH
| Thank you for providing that information, however who wants a firewall that is constantly and randomly contacting your servers. I understand the concept but exactly what kind of data is being exchanged? The link provided, detailed several servers Zone Alarm contacts or may contact. I am not concerned about ZL privacy policy but I am concerned about embedded code tracking whatever. (AKA spyware). There is a wealth of information that can be collected and reported on! So if is harmless there should be no problem in revealing the data exchanged. Additionaly this may be permissable in the free version, but one that has a valid purchase license. Updates are one thing, but something smells funny. |
|
spooler0
Premium
join:2004-11-17
| said by Infoman1 :The link provided, detailed several servers Zone Alarm contacts or may contact. . . . I am not concerned about ZL privacy policy but I am concerned about embedded code tracking whatever. (AKA spyware) [I]f [it] is harmless there should be no problem in revealing the data exchanged. . . . That seems to be the main point and consensus of this thread.
Iggy was to check on this and get back to us with an update. Perhaps he will. |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
| reply to Charles770
Re: Privacy in the new ZoneAlarm 5.5
I've been watching this thread since it was opened and am disappointed that there has been no reply from Zone Labs. It's ironic that the very program I (did) use to control outbound flow has taken advantage of that position of trust to send it's own messages out. I'm not really that concerned about what it's sending, just that it is sending. 
I rectified the situation to my own satisfaction by uninstalling ZA and installing Kerio. I used BlitzenZeus' ruleset to get started and everything is running smoothly with no problems at all on my Win2K box.
Since I'm also behind a NAT modem and a HW router/firewall, I feel adequately protected with this configuration. |
|
Infoman1
join:2001-03-21
Hubbard, OH | reply to spooler0
Re: does hs2.zonelabs = virus update checks?
Patience is a virtue I suppose! I have white-listed those sites at the router/content filter level until Iggy can provide a more definitive answer. |
|
