Infoman1
join:2001-03-21
Hubbard, OH
| reply to spooler0
Re: Privacy in the new ZoneAlarm 5.5
You must be running Norton AntiVirus. Thats the update virus definitions connection Symantec uses. Also keep in mind there are a number of other call outs if your running Windows XP including auto updates.
It appears through testing and a reboot of the machine running ZA, the call outs have stopped as Iggy indicated in his post. It appears the authors of ZA have chosen to use central servers for remote management and updates of the ZA Client. hs2 and pa2.zonelaps.com seem to be related to checking the date on the virus definition if that option is chosen. Additionally it appears those servers also maintain a central database of known programs and services for pre-defined configuration, security recommendation, etc. in the ZA Client. Those databases I assume are updated from time to time then pushed to the ZA client. There is also a call out and associated server for automatic updates which can be disabled. The same with sharing security settings which most likely is associated with those send log configurations. The heartbeat which was referred to previously, is simply a ping like keep alive letting there server know your online and can be reached.
IMO this is an odd way for implementing and operation in a firewall product. Zone Alarm is basically a client communicating with a server. Push/Pull technology in a firewall product is a very dangerous road! Basically it's a back door that can be used for almost anything depending on the way they have implemented it. Obviously ZA and the true vector service has it's own built in default agenda which cannot be altered by the end user, bypassing it's own custom rulesets! It's certainly a trust relationship, one which I have lost! I certainly would NOT reccommend using this product on machines with confidential data, or a machine that is directly connected to the internet. With regards to all of the other assumptions including data gathering, they all "remain" valid possibilities when Push/Pull technology is used. |
|
atangel
Now What??
Premium
join:2002-02-18
Bronx, NY | Well said. |
|
Uriel3
join:2001-11-26
| said by atangel  :Well said. In my experience, I believe that ZA and ZAP began going awry subsequent to version 4.0.146.029 which I'm told may have been around the same time the company completed a major financial transaction. |
|
spooler0
Premium
join:2004-11-17
| reply to Infoman1
said by Infoman1 :You must be running Norton AntiVirus. Thats the update virus definitions connection Symantec uses. Also keep in mind there are a number of other call outs if your running Windows XP including auto updates. Thanks for the information on the Push/Pull features of TrueVector in ZoneAlarm, Infoman1. When I mentioned turning off the automatic virus updates check the attempted reference was to that feature in ZoneAlarm; not Norton.
Updates on all programs are on "manual" not auto. So the log entries I'm referring to not seeing are the previous ZoneLabs outbound traffic to the h2.zonelabs.com servers you mention. As of yet, after turning off the virus autocheck feature in ZA, the contacts have not yet reappeared.
Still, as you say, the technology is there, and the disclosures made previously by the company were not entirely clear to say the least. |
|
Uriel3
join:2001-11-26
| There must be valid reasons why whenever attempting to install some versions of Zone Alarm, especially on WinXP_SP2, 64-bit systems, and in my case, especially whenever I 'fully implement' the Data Execution Prevention (DEP) feature that I always experience computer lock-ups, PAGE_FAULT_IN_NONPAGED_AREA, stop errors every time the computer starts, or when you try to remove ZoneAlarm, you receive a stop error message or your computer restarts before the uninstall program finishes.
Those problems which do not appear to have been fully addressed and/or corrected by Zone Labs are also mentioned here by Microsoft;
»support.microsoft.com/default.as···owsxpsp2 |
|
CJ
join:2000-07-18
USA | And that has to do with ZA phoning home how???
Please stick to the original topic. Start your own thread if you have questions that are not related to this topic. |
|
Uriel3
join:2001-11-26
| said by CJ :And that has to do with ZA phoning home how??? No need to get your shorts in a knot!! Just trying to look at various solutions. If SP2 and DEP causes a conflict with ZA one could suspect that a device driver or possibly some other feature built into the program would be responsible for the the call home problem. |
|
spooler0
Premium
join:2004-11-17
2 edits | reply to CJ
said by CJ :"And that has to do with ZA phoning home how???Please stick to the original topic. Start your own thread if you have questions that are not related to this topic." cestepp: Uriel replied while I was typing.
The question posed appeared to be hypothetical and intended to get us thinking about what DEP is an how it would apply to a program that got outside its intended memory areas. (that's said as a novice, perhaps someone can state it better). |
|
CJ
join:2000-07-18
USA | reply to Uriel3
Sorry Uriel, I didn't catch your correlation between the two issues. My interpretation of your post was that you were just ranting about how you can't uninstall the product.
Again, you have my apologies. |
|
Uriel3
join:2001-11-26
| said by CJ :Sorry Uriel, I didn't catch your correlation between the two issues... You are very kind, thank you! Since SP2 has incorporated many additional security features and that DEP appears to be the wave of the future I thought perhaps ZA and many other such powerful security/privacy programs will need to revisit the harmony of how their written. Also there are other programs such as DiamondCS Process Guard which protect physical memory, block global hooks, registry DLL injections and rootkit/driver/service installations that may potentially conflict with other security/privacy programs unless they are able to be allowed to work with each other. |
|
