how-to block ads
|
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
| Re: Privacy in the new ZoneAlarm 5.5 Answer to A should be no. A trial version would be a trial copy of a pay for product. Such as ZAP, ZA Suite or IM Secure Pro. B -Is this new anonymous sending feature in ZAF 5.5.062.000? As far as I know this has been an option for many builds now. Again during install you should see the question asked. And you should be able to enable or disable this.
C) If this feature is included do I have a choice in allowing or preventing ZAF from sending any anonymous secure community data to Zone Labs.
I think my answer to B covers this. As does my first reply above. I'm having a feeling this is going to get blown way out proportion. Nothing evil is going on here. I've included a screen capture of the screen you should see during install. I'm under the impression that all versions have this screen during install.
--
Test Your Security Benefit for Children's Cancer Cable Diagnostics My Blog | |
|  
spooler
@cableone.net
| Re: iggy's prior post explains some of this iggy said;
"you should be able to enable or disable this" (i.e., the feature where ZA communicates with ZoneLabs).
--------------------
But the first thing ZA does without asking is contact ZoneLabs for one or more of various reasons. . .
See the explanation at:
»Why Zone Labs software contacts Zone Labs
Is this a bad thing? - probably not.
Should it stop one from using ZoneAlarm free or pro? - probably not,
assuming it is the user's firewall of choice in the first place. | |
| | | |
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
2 edits | "But the first thing ZA does without asking is contact ZoneLabs for one or more of various reasons"
This action would of course be blocked when set to be blocked. I have no such contact with the company when using their product.
Now if users aren't seeing the option screen I captured during the install. That leads me to have to send an email and start asking some questions. Which I'll do when I get time later tonight. I'm not ready to call out the wolves just yet.
From the link that was provided ( this is also in my ZoneLabs published bookmarks ).
"Of course, this communication is done on an "opt in" basis; it is your choice to decide to take advance of these features and services."
"Here's the link that said it would happen"
What was posted above was taken from your link to my post in the vendors forum.
--
Test Your Security
Benefit for Children's Cancer
Cable Diagnostics
My Blog | |
| | |
spooler
@cableone.net
| Re: what's missing here? Iggy said:
"But the first thing ZA does without asking is contact ZoneLabs for one or more of various reasons"
This action would of course be blocked when set to be blocked.
-------------------
But here's what happens on my system at every startup.
First thing out of the box, ZA contacts zone labs at one or more of the sites mentioned in your earlier post explaining that is what happens. [See capture of router log traffic]
Here's the link that said it would happen:
»Why Zone Labs software contacts Zone Labs
Interesting thing is that no alert pops up and no entry appears in the ZoneAlarm logs. [See capture of blank ZA log page]
More interesting is the program settings where the ZAClient is blocked all accross the board. [See capture of it in next post]
Also interesting is the fact that the first ZA status page is set for ZA not to contact ZoneLabs without first alerting the user and asking for permission. [See capture in next post]
There may be an explanation . . .
Does it stop me from using ZA? - no.
Does it make me wonder why ZA works this way? - yes. | |
| | | |
Snakebytes
| Re: what's missing here? Thanks Spooler,
I will be re-thinking if I should renew my subscription to ZoneAlarm Pro. It is due soon.
I dont like these kind of backdoor surprises. Certainly dont want to be paying money for them. | |
| | |
spooler
@cableone.net
| Re: second two captures from above post Here are the last two captures mentioned in first post. | |
| | | VirtualLarry
Premium
join:2003-08-01
| Re: iggy's prior post explains some of this said by IGGY  :"But the first thing ZA does without asking is contact ZoneLabs for one or more of various reasons" This action would of course be blocked when set to be blocked. I have no such contact with the company when using their product. Just a minor note here. I have no idea how it behaves in the 5.x Free versions, but in the prior 3.x versions, attempting to "block" ZA from phoning-home, using the firewall's own controls, was ineffective. It had an internal "allow" rule to bypass any user rules. If ZA Free 5.x is phoning home again, then I also have no doubt that they would also use a similar inbuilt "allow" bypass rule.
I don't know if I have it saved, but I had a really good discussion about this whole issue when it first broke out with one of ZL's official free-support people on GRC's newsgroups. They confirmed the behavior, and that it was intentional, for marketing reasons. Think about it, it tells them how many people, worldwide, happen to be use the "free" version of their software, and allows them a marketing opportunity to "upsell" them to the paid version. There was also some comment about auto-upgrade patches being detected, in case there is a flaw in the software, but that doesn't explain why the software generated a unique user-id, nor why it didn't give the users of the free version the opportunity to opt-out of it.
said by IGGY :Now if users aren't seeing the option screen I captured during the install. That leads me to have to send an email and start asking some questions. Which I'll do when I get time later tonight. I'm not ready to call out the wolves just yet. Well, knowing that they've done it before, it wouldn't surprise me one bit to see them trying it again.
It really calls into the question of whether or not you can trust the vendor of your security software, when their software intentionally undermines the ability of the user to specify security policy. I am, in fact, no longer a ZoneAlarm user directly because of that, and because of recurring technical flaws in their software. | |
| | | | Infoman1
join:2001-03-21
Hubbard, OH
| Re: iggy's prior post explains some of this To be clear and factual. While these options are present in fully licensed purchased copies of ZA Pro of which I have disabled. Bottom line is free version or purchased; the product phones home and there is no way to prevent it within it's own software! | |
| | Infoman1
join:2001-03-21
Hubbard, OH
| With respect to the opt in or out, Zone Alarm periodically sends data back on a routine basis. (PA2.zonelabs.com) Looking at an Ethereal trace, part of the communication is encrypted. Could this be the license key? When I caught it I was personally uncomfortable with it, so some explanation is needed. | |
| | |
spooler
@134.50.x.x
| Outbound traffic from Zone Alarm Informan1 said:
"...Zone Alarm periodically sends data back on a routine basis....part of the communication is encrypted....Could this be the license key? ...I(i.e., Informan1) was personally uncomfortable with it, so some explanation is needed."
-------------------
Sorry that answer is way over my head. I personally do not believe it is sinister, but it appears to me that ZoneLabs needs to revise its disclosure of what information is sent and when.
It would also be nice if the company did not send information back out without giving users the choice to allow or disallow those communications. If you are using ZA Pro, you may be able to create an "expert rule" to block some of those outgoing messages, but maybe not....
We'll have to depend on Iggy and the other ZA team members here to get in touch with the company and let us know for sure. | |
| | | |
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
| Re: Outbound traffic from Zone Alarm Iggy hasn't heard back from ZoneLabs yet. I need to do some catching up on the post in this thread. But I've been up for about 25 and 1/2 hours now. Just back from a cancer research benefit. The 2 Red Bulls are wearing off.:) So I'll have to get to this tomorrow evening or Monday morning.
--
Test Your Security Benefit for Children's Cancer Cable Diagnostics My Blog | |
| | | | | SUMware
Premium
join:2002-05-21 | Re: Outbound traffic from Zone Alarm Thank you Iggy. We appreciate your efforts and understand that you have a life outside of here. LOL.  No problem! | |
| | | | | |
spooler
@134.50.x.x
| second that thanks to Iggy. Sumware and Charles said to Iggy:
Thank you Iggy. We appreciate your efforts and understand that you have a life outside of here. LOL. No problem!:)
Thanks a lot Iggy.
We know that you do your best, when we need a help!:)
----------------
Second that from here, too. Thanks for all your help, Iggy.:D | |
| | | | | Charles770
join:2004-11-08
France | Thanks a lot Iggy.
We know that you do your best, when we need a help! | |
| | | | | Infoman1
join:2001-03-21
Hubbard, OH | Thanks for your effort. Just want to know why exactly this application is phoning home. It happens on every machine Zone Alarm is installed on. I can provide the Ethereal dump if you like, although unlikely needed. | |
| | | | |
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
4 edits | I've still not heard back from ZoneLabs in regards to this thread. I just dropped a quick post on blog in regards to that. I've not forgotten about the thread. I'm going to try and do a read of recent post tonight. This thread is also now listed on my ZoneLabs bookmark page. Which I think at least one person from the company checks out from time to time.
Although I understand why users would be concerned about privacy. I think this is a bit over the top.
"I am not concerned about ZL privacy policy but I am concerned about embedded code tracking whatever. (AKA spyware)."
Your not going to see a reputable company all of a sudden start dropping spyware into their product. Even if they gave it a thought. Most companies are smart enough to realize the down side of this. They know in the end there is no positive upside long term wise. Yes many companies who "fight" ( term used loosely ) spyware - have used some "interesting" tactics to get you to buy their product. But I just don't see ZoneLabs doing something that underhanded. They have always stated that the free ZoneAlarm would be adware and spyware free. I think sometimes we are to quick to assume the worst.
"Maybe ZA uses the servers of Cerberian Inc."
This is in relation to the web filtering option. Or what some would call parental controls. I wouldn't think that ZA Free would have anything in relation to this. Considering that isn't a feature offered in the free version of the product. I do see some users are claiming to have found a related file in free above. My only thought would that since all versions are now running on the same code base - being updated at the same time - instead of one at a time. The file may have something to do with that.
Just sent in another email. With quick details of the latest concerns expressed here.
--
Test Your Security
Cable Diagnostics
Iggyz Blog ZoneAlarm Help | |
| | | | | | spooler0
Premium
join:2004-11-17
| Re: Outbound traffic from Zone Alarm Thank you for checking, Iggy.
While at it, would you confirm what the h2.zonelabs.com contacts are? It appears to me that h2.zonelabs.com may also be used as part of the virus updates checking feature, but the information on link I have for your post describing that doesn't mention it in connection with h2.zonelabs.com.
Either way, it would be good to know. | |
| | | | | | 
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY
| Thanks Iggy.
As a long-time user of ZAP (notice the $$ added with the letter 'P' Zone Labs), the silence irks me. Greatly. When security software starts violating privacy there's no security'cause now I don't know who or what to tryst.... I'm not saying ZA is a bad product programmatically, but it is worthless if there is no trust. Even if the code is perfect.
If it wasn't an issue, you'd think we would have heard back by now. But truth be told, my reputation is on the line every time I recommend ZAF or ZAP to a friend, and I can't do that now. Sygate it is to recommend first.. And if a response never comes, then it's then Sysgate Pro for me (once again, Zone Labs, now notice the $$ lost)!
Companies forget that the money belongs to us first, and we decide who to give it to.
--
The reason you think I'm way on the left is 'cause you're so far to the right.
Dell Dimension, XP Pro, 2.4 Ghz, 512MB, BEFSX41, ZAP 5, NOD32, BOClean, a2, Adaware, Spybot, MW Pro, The Bat! | |
| | | | | | |
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
| Re: Outbound traffic from Zone Alarm "When security software starts violating privacy there's no security'cause"
There is in fact no proof that a "privacy violation" has occurred. I'd bet money that my contact has taken the week off for the holidays. I'm also aware that my contact has a lot of things on their plate so to speak. So it doesn't worry me that I've seen no reply. I also never read anything into such a situation.
Your reputation in no way would suffer. Do to recommending this product.
If memory serves me right. Your current choice has hit a few bumps in the road from time to time.
The previous link way up above. Is a good example of ZoneLabs taking users concerns seriously. They clearly stated what contact is made - when and why. Now maybe that information needs update and some things clarified. But I'm not ready to call out the hanging party just yet.
--
Test Your Security Cable DiagnosticsIggyz Blog ZoneAlarm Help | |
| | | | | | | | 
shamrin
join:2001-01-08
Lexington, KY
clubs: 
 ·Insight Communicat..
| Re: Outbound traffic from Zone Alarm Iggy, I can appreciate you wanting to give ZA the benefit of the doubt (especially understandable looking at your avatar), but I think for a many of us the trust is already broken.
The reason we all use a software firewall in addition to NAT and/or our router firewall is (to a large extent) to ensure that desktop applications aren't allowed to phone home (or anywhere else) without our knowledge and permission. Bizarrely, or perhaps just ironically, what we find out in this thread is that the very program we use for this purpose phones home without asking permission and this apparently can't be turned off. Hmmm, well, should I really trust a company whose product violates its owned stated purpose and ethos? I don't think I have to wait around to find out if ZA is reporting back what sites I visit, or whether I have porn on my computer, or MP3s, or pirated software or even just how often I turn my machine on. No matter how benign the communication might be, the point is that this software circumvents the very reason I have installed it. Look at this thread, people are actually installing what amounts to another firewall to watch this firewall.
Anyway, truth be told, I've had some suspicions about this software for a while due to the temptations a private for-profit company might have with so much software embedded in such a critical location. I think if you are truly paranoid, and let's face it many of us in this forum are, unless ZA decides to go open source, it's hard to see how they can be the product of choice.
/sch
--
I have no opinion, therefore I do not exist | |
| | | | | | | |
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY
1 edit | Iggy, just comes down to trust. You never know, always wonder. That's why I added the part "Even if its perfect." ZA is good, but IF something is going on, the silence is disquieting (leaves me thinking that it is "better to say nothing boys, than get caught in a lie" kind of corp thing). And I don't want to recommend something just to "un-recommend" it later. I'm sure everything is fine, but....
WFO, I'm not in there I had a product issue with Sygate years ago, but I don't remember what it was anymore....
I think shamrin's last par. above kind of covers it all.
--
The reason you think I'm way on the left is 'cause you're so far to the right.
Dell Dimension, XP Pro, 2.4 Ghz, 512MB, BEFSX41, ZAP 5, NOD32, BOClean, a2, Adaware, Spybot, MW Pro, The Bat! | |
| | | | | | | | SUMware
Premium
join:2002-05-21
| "I'd bet money that my contact has taken the week off for the holidays. I'm also aware that my contact has a lot of things on their plate so to speak. So it doesn't worry me that I've seen no reply. I also never read anything into such a situation."
Iggy -
With all due respect and appreciation for your contributions, the concern of many people is not about you or your contact possibly being on vacation, it's that ZoneAlarm/Labs itself is not disputing any of the privacy issues raised here. It's as if they're hoping, by maintaining their silence, our privacy concerns will vanish, be forgotten, or perhaps remain hidden.
It is not possible to believe that the company's public communication regarding the integrity of their security software revolves exclusively around one person who may be on vacation.
"There is in fact no proof that a "privacy violation" has occurred."
The public is not obligated to rely on, nor trust, one or a few persons for ZA propaganda. Circumstantial events have raised legitimate suspicions. It is now ZA's responsibility to demonstrate that no "violation" is occurring. Serious issues have been raised and an immediate and honest reply is required. That is if ZA, in fact, takes this issue seriously. And if it doesn't, that also speaks loudly and clearly! | |
| | | | | | | | | Hillsboro
Premium
join:2004-11-28
| Re: Outbound traffic from Zone Alarm It is not possible to believe that the company's public communication regarding the integrity of their security software revolves exclusively around one person who may be on vacation.
"There is in fact no proof that a "privacy violation" has occurred."
The public is not obligated to rely on, nor trust, one or a few persons for ZA propaganda. Circumstantial events have raised legitimate suspicions. It is now ZA's responsibility to demonstrate that no "violation" is occurring. Serious issues have been raised and an immediate and honest reply is required. That is if ZA, in fact, takes this issue seriously. And if it doesn't, that also speaks loudly and clearly!
Amen! It is ludicrous to suggest that because of the holidays, or 'someones plate being full' ZA hasn't replied yet. PR wise, any company on the up and up would have been all over this long ago. They would have responded to these concerns within 2 or 3 working days at the most.
This whole matter of privacy and trust should be right at the top of ZA's to-do list, and it isn't. They are probably stonewalling in hopes that this will go away and is a clear demonstration of their corporate arrogance... A serious error in judgement on their part, IMHO. | |
| | | | | | | |
IGGY
No Guru Just Here To Help
Premium,MVM
join:2001-03-30
Chatham, IL
1 edit | Again I'm just starting to see a witch hunt here. I mentioned what I did to calm the frustration. In return I've seen some very negative and personal comments towards my post. Honestly if your so sure there is something underhanded going on. Use the power of choice. As I said in another venue. I honestly feel once again we are seeing things being way blown out of proportion. Which seems to happen often in online forums. And do to some of the comments. I'll be taking my leave of the thread. I'm all for constructive analysis. And if there truly is an issue. I'm all for ZoneLabs being put to task. If in fact something not so kosher is going on. But I'm feeling things are now leaning more towards the less constructive side.
"Iggy, I can appreciate you wanting to give ZA the benefit of the doubt (especially understandable looking at your avatar"
I'll just say I think you need to take a look at many previous threads. Before trying to bring my character into question. I can think of one older thread were I definitely took the opposite side of the company. I'm not going to start throwing around accusations that don't have 100% facts to back them up. I'm not going to go accusing a company of doing something underhanded unless I feel I have good facts or basis to do so. At this time I see some reason to ask questions. But I see no reason to start making assumptions.
--
Test Your Security
Cable Diagnostics
Iggyz Blog ZoneAlarm Help | |
| | | | | | | | |
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY | Re: Outbound traffic from Zone Alarm I don't sense a witchhunt, as much as, say, the usual paranoid uber-concern.... And fer sure none of it directed at you! | |
| | | | | | | | | | 
WFO
Premium
join:2001-08-27
San Ramon, CA
| Re: Outbound traffic from Zone Alarm said by atangel :I don't sense a witchhunt, as much as, say, the usual paranoid uber-concern.... And fer sure none of it directed at you! LOL..."Paranoid uber-concern." Or possibly rabid dogs that smell blood? j.k.;)Iggy you should know by now DSLR members are extra sensitive. Recent examples...The FF issue in Germany, The Sygate phone home driver, the KAV ADs panic and Ad-Aware's debacle release of SE with Multiple updates, bugs and versions in a short span. DSLR members expect perhaps unfairly, nothing short of excellence 100% of the time. That ZA may (likely not) have a Claria/WhenU type relationship unknown to users causes them to vent. Rather than hurl potentially false accusations against a product/company I like, I'll monitor my router traffic. There should be no call-outs to ZL as they are blocked as previously stated. Before others jump ship, I suggest they do their own research. Too, they could always disable the suspect file and see what happens. If the FW runs normally, problem (if there is one)gone. One memeber has already done so and experienced no problems. | |
| | | | | | | | | SUMware
Premium
join:2002-05-21
| Again Iggy please understand, "the concern of many people is not about you or your contact". You are highly respected here.
It's not a witch hunt, it's about legitimate concerns. We're urging, willing and EAGER for discussion with, or even a sentence from, ZA!
I'm a solid ZA user and promoter since I came online. Like others, I am hoping that this is much ado about nothing. But we do need to hear from the company. | |
| | | | | | | | | | | | | | | | | | Hillsboro
Premium
join:2004-11-28
| said by IGGY :"I'll just say I think you need to take a look at many previous threads. Before trying to bring my character into question. I can think of one older thread were I definitely took the opposite side of the company. I'm not going to start throwing around accusations that don't have 100% facts to back them up. I'm not going to go accusing a company of doing something underhanded unless I feel I have good facts or basis to do so. At this time I see some reason to ask questions. But I see no reason to start making assumptions." Iggy, I don't believe anyone is calling your character into question. However, the fact remains that you don't have any inside ZA, first person, factual information regarding the concerns expressed here. ZA has been conspicuous by their absence. Granted there is no incontrovertible proof that ZA is spying on it's customers... Neither is there proof that they are not. Their silence on this matter is growing by the day. I suspect that ZD or one of the other publications will pick-up on this as happened with the Intuit debacle 2 years ago. As I stated before; I think ZA is stonewalling... they perhaps think that because this issue is relatively isolated on the net they will just ignore it until they need to spin the problem.
Myself, I dumped ZA from our systems and will not under any circumstances go back. Why? I tried contacting ZA support to get answers... I got nothing. Zip... NADA. That's was 8 working days ago.
Your help has been and is appreciated here. I think the worse you can be accused of is misguided loyalty given the circumstances. No the sky isn't falling... But, where are the answers from a ZA staffer? None of us, including you, are getting any.
Best Holiday Wishes | |
| | | | | | | | | | 
markjclark
join:2000-08-11
clubs: | Re: Outbound traffic from Zone Alarm 4 words, Not american company now. | |
| | | | | | | | | |
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY | Re: Outbound traffic from Zone Alarm We haven't made a forum hot topic on the front page, have we? Bet they would get back to us if we did  | |
| | | | | | | | | | 
MeDuZa
join:2003-06-13
Austria
| said by markjclark :4 words, Not american company now. I don't think this should be at issue.
Anyway, TrueVector Technology was not patented or distributed with CheckPoint software at least until they did acquire ZoneLabs
--
Reality corrupted. Reboot universe? (Y/N) | |
| | | | | | | | 
Spy
Premium
join:2001-09-22
NE
2 edits | said by IGGY :"When security software starts violating privacy there's no security'cause" There is in fact no proof that a "privacy violation" has occurred. But I'm not ready to call out the hanging party just yet.
I hope not.:D | |
| | | | | | |
WFO
Premium
join:2001-08-27
San Ramon, CA
| AtAngel, I don't know why you would recommend Sygate after this thread. »Sygate Firewalls
Was that resolved to everyone's satisfaction???
So far nothing has been proven one way or another regarding ZA. I'm still inclined to give the benefit of the doubt. In the meantime I've upgraded my own monitoring capabilities. Iggy I and many others hope you are right.:) | |
| | | | | | 
ReVeLaTeD
Premium
join:2001-11-10
San Diego, CA
| said by IGGY :Your not going to see a reputable company all of a sudden start dropping spyware into their product. I don't remember Internet Explorer 4 having "Alexa" pre-installed with their software. | |
| Charles770
join:2004-11-08
France
1 edit | Re: Privacy in the new ZoneAlarm 5.5 Thanks everyone for reply.:)
Sorry Iggy, but I didn't had such a screen during install (Win98 SE), and never had it for a previous version.
As it's said: "This option *does not appear* in trial versions of Zone Labs security software.", which seems to be ZAF definitely.
From Help:
Even with the "Alert me before I make contact" preference selected in the Overview|Preferences tab, you will not be alerted before sending configuration data to Zone Labs.
... The frequency of data transmission depends upon the configuration of your computer. For most users, data will be sent once per day.
To be very clear, does ZoneAlarm free has became a Spyware?
Regards.;)
Charles. | |
| |
See 6 replies to this post | |
| | (topic locked) | |
|
Re: iggy's prior post explains some of this
