VirtualLarry
Premium
join:2003-08-01
| reply to IGGY
Re: Privacy in the new ZoneAlarm 5.5
said by IGGY  :I think it is very self explanatory. The option isn't present within the trial version. I would think that you could set this during the install of the product. I wouldn't be so quick to discount the exact wording of "does not appear", and equate it with "does not exist".
When ZoneLabs added the unique user-id tracking and phone-home feature to ZA Free back in the 3.x era, at one point there was an installer option to disable it, and they removed that option - but the feature was still there, and still enabled.
Personally, given their past history, my interpretation is that it phones home, and you have no say in the matter. If you want to disable that "feature" - then you must pay for the software.
said by IGGY :Since that is part of the installation process. The feature is present in my paid Suite version. I've not used the free version since a beta test a few years back. And I only played with it for a few days time. That's just it - the paid-for version shows you the option and gives you the choice to disable it. The free version (generally) does not. (Caveat: I haven't use ZA for quite some time, I stopped using it around when they started tracking users of the free one with no way to disable it, that was the final straw that pushed me to Kerio. So I can't say for certain that this new version is doing that, but I would personally tend to believe so.) |
|
VirtualLarry
Premium
join:2003-08-01
| reply to Charles770
said by Charles770 :To be very clear, does ZoneAlarm free has became a Spyware? A long, long time ago. Isn't this common knowledge? |
|
VirtualLarry
Premium
join:2003-08-01
| reply to IGGY
Re: iggy's prior post explains some of this
said by IGGY :"But the first thing ZA does without asking is contact ZoneLabs for one or more of various reasons" This action would of course be blocked when set to be blocked. I have no such contact with the company when using their product. Just a minor note here. I have no idea how it behaves in the 5.x Free versions, but in the prior 3.x versions, attempting to "block" ZA from phoning-home, using the firewall's own controls, was ineffective. It had an internal "allow" rule to bypass any user rules. If ZA Free 5.x is phoning home again, then I also have no doubt that they would also use a similar inbuilt "allow" bypass rule.
I don't know if I have it saved, but I had a really good discussion about this whole issue when it first broke out with one of ZL's official free-support people on GRC's newsgroups. They confirmed the behavior, and that it was intentional, for marketing reasons. Think about it, it tells them how many people, worldwide, happen to be use the "free" version of their software, and allows them a marketing opportunity to "upsell" them to the paid version. There was also some comment about auto-upgrade patches being detected, in case there is a flaw in the software, but that doesn't explain why the software generated a unique user-id, nor why it didn't give the users of the free version the opportunity to opt-out of it.
said by IGGY :Now if users aren't seeing the option screen I captured during the install. That leads me to have to send an email and start asking some questions. Which I'll do when I get time later tonight. I'm not ready to call out the wolves just yet. Well, knowing that they've done it before, it wouldn't surprise me one bit to see them trying it again.
It really calls into the question of whether or not you can trust the vendor of your security software, when their software intentionally undermines the ability of the user to specify security policy. I am, in fact, no longer a ZoneAlarm user directly because of that, and because of recurring technical flaws in their software. |
|
VirtualLarry
Premium
join:2003-08-01
| reply to salzan
Re: Privacy in the new ZoneAlarm 5.5
said by salzan :I've been watching this thread since it was opened and am disappointed that there has been no reply from Zone Labs. It's ironic that the very program I (did) use to control outbound flow has taken advantage of that position of trust to send it's own messages out. I'm not really that concerned about what it's sending, just that it is sending.  Whoa, major Deja Vu here.. I think that I said the same thing, when ZA Free 3.x started doing this too.. then I dumped ZA totally. 
said by salzan :I rectified the situation to my own satisfaction by uninstalling ZA and installing Kerio. I used BlitzenZeus' ruleset to get started and everything is running smoothly with no problems at all on my Win2K box. Since I'm also behind a NAT modem and a HW router/firewall, I feel adequately protected with this configuration. LOL. Yep, definate Deja Vu. I, likewise, switched to Kerio 2.x Free. |
|
Infoman1
join:2001-03-21
Hubbard, OH
| reply to VirtualLarry
Re: iggy's prior post explains some of this
To be clear and factual. While these options are present in fully licensed purchased copies of ZA Pro of which I have disabled. Bottom line is free version or purchased; the product phones home and there is no way to prevent it within it's own software! |
|
SUMware
Premium
join:2002-05-21
| reply to Charles770
Re: Privacy in the new ZoneAlarm 5.5
ZoneLabs' silence on this issue seems to speak quite loudly.
On my Win98SE box the ZAF 27 digit alphanumeric serial number is located here:
HKEY_LOCAL_MACHINE\Software\Zone Labs\ZoneAlarm\Registration\SerialNum\
You can download Javacool's ID-BlasterPlus here.
Follow the instructions and you can configure ID-Blaster to randomly change the ZAF serial number (along with others that you might select). The entry ends up in the 'default.ini' and looks something like this (verify the information layout and registry location for your OS):
Name=ZoneAlarm Serial Number
MainKey=HKLM
SubKey=Software\Zone Labs\ZoneAlarm\Registration\
Value=SerialNum
ValueType=S
Author=your name here
Description=Unique ID built into ZA
Format=###########################
Win95=0
Win98=1
WinME=1
WinNT4=0
Win2000=1
WinXP=1
Enabled=1
If you decide to try this make and keep a record of the original ID in the event that it needs to be restored. Post your opinion, will this help to better protect user privacy?
The sn is probably part of your registration, etc. and changing it may do bad things to renewal keys, upgrade functions, etc.
ID-Blaster substitutes all numerics where my original also contained letters.
From the GRC website:
"Many people have been concerned that ZoneAlarm is free, and have wondered whether it might not, itself, be very cleverly marketed advanced spyware. Then, on January 11th, gasoline was thrown on the fires of these concerns when ZoneLabs announced that their "TrueVector" technology had been licensed to Media Metrix, a company that provides "consumer profiling" services to major Internet media users. This caused an uproar as people wondered whether the "TrueVector" technology that also forms the foundation of ZoneAlarm might not be spying on them.
...Media Metrix is to web surfing as the Nielsen rating system is to television viewing. Just as a "Nielsen Family" gets paid to have a special "set top box" continually monitoring their viewing habits, Media Metrix pays 50,000 web users to have special monitoring software installed in their computers so that their surfing habits and behavior can be monitored. The technology Media Metrix had been using was limited and troublesome. So, they turned to ZoneLabs' TrueVector technology to provide a mature solution for their knowingly monitored user's needs."
Media Metrix is now located here: »www.comscore.com/ . Take a look... |
|
Infoman1
join:2001-03-21
Hubbard, OH
1 edit | Well I have educated myself by reviewing the Media Matrix website. I won't have anything masquerading as a security product when in fact it's marketed spyware! My trust has been breeched! And still no mention in the user agreement, and Zone Labs silience on the issue. It's an invasion of privacy, one which I certainly don't need to pay for. All too often software products start out great, rise to the top, then become convoluted. Intuit's Quicken and the TurboTax debacle come to mind with the drive for over zealous marketing! It's a shame.
Sygate here I come. |
|
Charles770
join:2004-11-08
France
| reply to SUMware
Hi,
thanks everyone for all the informations.
SUMware, I tried this :
I shuted down ZA,
and then deleted the entire key
HKEY_LOCAL_MACHINE\Software\Zone Labs\ZoneAlarm\Registration
(including the 'SerialNum').
After a reboot, ZA re-created exactly *the same* number of 27 digits!
So, it seems that it is taking it from somewhere else.
Best regards. |
|
SUMware
Premium
join:2002-05-21
| You are correct, Charles. I just came back online and checked my registry. The original serial number is back. Thanks for telling me. I guess that ZA really wants to keep its users tagged.
Ideas, anyone (other than switching firewalls, and I'm considering it now)?
Again, my autoexec.bat deletes the tvdebug.log at every boot. So, if ZA gets info from it at boot they aren't getting much. If that's all the data that they're gathering and interested in. |
|
salzan
Experienced Optimist
Premium
join:2004-01-08
WA State
| said by SUMware :Ideas, anyone (other than switching firewalls, and I'm considering it now)? Again, my autoexec.bat deletes the tvdebug.log at every boot. So, if ZA gets info from it at boot they aren't getting much. If that's all the data that they're gathering and interested in. I'm not sure what difference the serial # makes since:
A. ZA also does this in the free version which has no serial #
B. We have no idea of what data is being transmitted, the serial # could be completely irrelevant.
As for deleting tvdebug.log at startup:
said by jdal44 previously in this thread:
"I also use ZAP and thought I had everything for phone home disabled. I have even put the Zone Alarm site in my blocked list. I still notice on WallWatcher that it seems to phone home every 4 hours or so. Nothing is in the ZAP logs for this outbound connection."
If this is true, deleting the tvdebug.log at startup will not help much, if in fact tvdebug.log is even relevant to this issue. |
|
SUMware
Premium
join:2002-05-21 | Points well taken, Salzan. Thanks. I'm still hoping that ZA will respond within the next few days. But this doesn't look good for them. Unfortunate. |
|
Charles770
join:2004-11-08
France
| reply to SUMware
I made a search on my PC for any file that contains the data of my 'SerialNum'
... and the winner is: vsutil.dll 
which is in: C:\WINDOWS\SYSTEM
(also in: C:\Program Files\Zone Labs\ZoneAlarm\repair).
So, I don't think we will be able to eradicate it! (if necessary).
Because I monitor every install with Total Uninstall, I can tell that this SerialNum appeared when upgrading from version 3.7.211 to 4.5.538.0 .
BTW, there is an other value that "could be" an user-id, at
HKEY_LOCAL_MACHINE\Software\Zone Labs | HU100.
Regards.
Charles. |
|
SUMware
Premium
join:2002-05-21
| Good hunting! I was aware of HKEY_LOCAL_MACHINE\Software\Zone Labs | HU100. If I remember correctly this location contains ZA version number.
I'm not encouraging you but have you attempted substituting an old version of vsutil.dll (if you have one)?
Bottom line - choice seems to be: use ZAF and be forced to tolerate unauthorized connections, or switch firewalls. |
|
WFO
Premium
join:2001-08-27
San Ramon, CA
1 edit | reply to Charles770
I just reread this thread. When it started, I set everything to block. Do not share info etc. Here are my last 50 log entries. Only 4 are svchost.exe. The rest are zlclient.exe. LOL. Might have to get wall watcher or LinkLogger to see what is really going on. The IPs are for my ISP and ISP DNS. |
|
spooler0
Premium
join:2004-11-17
| Re: Privacy in the new ZoneAlarm 5.x
WFO:
Interesting capture, but we might be able to tell more if you give zaclient permission to access your trusted zone and put both your isp and dns servers in the trusted firewall zone [different tab, but i'm sure you know that already].
Then rerun your test and capture the results. That should show who the zaclient is trying to contact if you leave the program settings to block zaclient's access to interent. [assuming i'm understanding the operation of the za firewall and alerts logs correctly]
Another variation of the above test is to disable the virus updates checking feature of ZA and run the same test.
Finally, yes, WallWatcher will shed more light on what's happening - especially when you boot and reboot. Link Logger might show additional detail. |
|
WFO
Premium
join:2001-08-27
San Ramon, CA
1 edit | Spooler, if I understood correctly, the isp and dns servers are now in the trusted firewall zone and zlclient is checked as trusted with xxx in the other boxes. Will I actually have to allow internet access too? Or is what I did sufficient? I'll reboot and see if there are any new entries. If not, it may be a day or two before I have another screen capture to post.
Edit: Nothing logged on reboot except for KAV checking for updates. I'll keep an eye on it though. |
|
spooler0
Premium
join:2004-11-17
| said by WFO :Spooler, if I understood correctly, the isp and dns servers are now in the trusted firewall zone and zlclient is checked as trusted with xxx in the other boxes. Will I actually have to allow internet access too? Or is what I did sufficient?
Try the permissions settings both ways for zaclient for a while and see what happens.
- watch the za alerts logs.
Start with Y ? X X for a while; then go to Y X X X.
What should happen with the first setting is that ZA client will automatically contact your ISP and DNS server, then an alert will pop up asking you for permission to contact the real IP it is seeking. That then will be the IP you will see in the ZA alerts logs. You can run a GRC IP address search on it to see what it is or use DNS Stuff or another service of your own choice.
GRC's service is downloadable at:
hppt://grc.com/id/idserve.htm (correct hppt to "http")
DNS stuff is at: >www.dnsstuff.com/
-----------------------
If you are using a linksys router you might want to download WallWatcher and set it to log your router traffic. Posts in the DSLR Linksys forum show the appropriate ZA and Windows Firewall settings you will need with SP-2. Search under something like WallWatcher and ZA settings, and WallWatcher and Windows Firewall Settings or something along those lines.
Turn on the ZA feature to monitor your virus programs updates. Then turn off and restart your computer. Observe the outgoing traffic (may not be the very first item, but among the first). Then scan the logs for later traffic to and from the ZA ip's throughout your browser session or use the WallWatcher Analyze feature to search the logs for the IP's in question.
After that try it with the ZA virus update monitor set to off. Observe the difference, if any.
I don't know if KAV is one of those supported by ZA.
Also observe the logs for other ZA traffic. Link Logger may provide more information, but I'm not that familiar with it.
I really wish Iggy would get a clear answer from ZA on this for us, but the answer may have already been posted a few posts ago. If that answer is correct, it doesn't seem to too much to ask that ZA fully disclose what is going on. Given full disclosure and the ease of using the ZA product I don't think they would lose too many users.
Aside: ZA has been a good firewall for me. Stopped an outbound dialup modem connection not initiated by me at 2:30 A.M. many months ago. That either followed or preceded an unusual blocked inbound request for some sort of "multicast event" or "web event". Pursuing those events prompted me to unplug the modem, buy a router, and eventually find this site and forum. So I really can't knock ZA, but do wish they would be more forthcoming about what is going on with their traffic.
It's late here and I'm off for the night. |
|
spooler0
Premium
join:2004-11-17
| reply to WFO
Here's what you may see on cold starts.
WFO said:
"Nothing logged on reboot except for KAV checking for updates."
--------------------
Heres what you may see on reboots or cold starts.
ZA h2.zonelabs outbound that does not request permission with an "Alert Popup" and that does not appear in the ZA logs, but does show up in router logs. Shown in attachment with with WallWatcher.
This is same behavior described earlier in previous post with more attachments.
Interesting that you are getting entries showing ZAClient wanting outbound in your ZA alerts logs. I'm not, but I'm using ZA plain or "free" now and it looks like you are on "Pro". |
|
SUMware
Premium
join:2002-05-21
1 edit | reply to Charles770
Re: Privacy in the new ZoneAlarm 5.5
Is this at all helpful?
From the ZA forums.
Zone Labs is committed to your privacy, and never collects any personally identifiable information about our users. Any information that does come to Zone Labs servers is used in aggregate form. For Zone Labs' full legal statement on privacy, please refer to »www.zonelabs.com/store/content/c···vacy.jsp The information that is exchanged with the servers below is stripped of identifying data, and is not saved.
Each one of these features and services is voluntary; you can easily choose not to use any or all of them. Following is a list of the servers that your client might contact, and the functionality they provide.
cm2.zonelabs.com assists in the functioning of various services including the AlertAdvisor, antivirus updates, and antivirus monitoring.
hs2.zonelabs.com helps your client keep its services up to date.
ls2.zonelabs.com manages information relating to program configuration.
pa2.zonelabs.com manages the Program Advisor functionality.
ps2.zonelabs.com helps with updates to services and client functionality.
update.zonelabs.com supports the "Check for Update" functionality.
register.zonelabs.com handles product registration. |
|
Charles770
join:2004-11-08
France
| reply to SUMware
Hi,
more infos about this new variable 'Set tvdumpflags=10', at:
»forum.zonelabs.org/zonelabs/boar···id=25401
This environment variable is also set on Windows XP. Since XP does not have autoexec.bat anymore, it is set through My-Computer, Properties, Advanced, Environment Variables.
I'm unsure of the function though. From the name, it presumably affects the type of log file created if Truevector crashes.
|
|
