 | | Bye-Bye ZoneAlarm Sorry, but a security product, designed to protect your PC shouldn't be bugged with this sort of problem.:o
Hello Kerio, here I come.:D
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~I drive a Volvo, Please Don't Get In My Way!I owe, I owe, 'tis off to work I go. . . . . . . . . | |
|
 |  SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: Bye-Bye ZoneAlarm said by CTCNetwork:
Sorry, but a security product, designed to protect your PC shouldn't be bugged with this sort of problem.
It's not entirely certain that ZoneAlarm is even doing this: what if some badware is doing it with data patterns designed to make it *look* like ZA was doing this?
Only time will tell...
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
| | |
| |  SmokeyI'd rather be skiingPremium
join:2003-05-20
Wild West
 ·Verizon Wireless..
| Mine too had been doing it »ZA Logging attempts to reach DSLR??
but then stopped. I just checked again now, and it has yet again filled my logs with it. All 999 log entires are from TODAY alone.
--
You want 5 bucks to buy a 1.99 burger, and wonder why the democrats are in trouble? | |
|
 keith2468Premium,MVM
join:2001-02-03
Winnipeg, MB | Maybe ZA had intended to plant a distro server on Maybe ZoneLabs had intended to plant a distro server on BBR to reduce the cost of distributing updates. 
Pretty strange though.
If it is a trojan trying to stop ZA updating, I'd expect it to try the same trick with other FW and AV software. | |
|
| | Compentant Security At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall). | |
|
| davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
 ·Verizon FiOS
 ·Verizon Online DSL
| Re: Compentant Security said by navalpatel:
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
There's one in every crowd, huh?
... and it's strange how they usually can't spell. | |
|
| | SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: Compentant Security said by dave:
There's one in every crowd, huh?
at least he didn't spell "Microsoft" with a $ | |
|
| | |  pcscdmaChocobo Chocobo Random BattlePremium
join:2004-01-14
Winterset, IA | Re: Compentant Security at least this hasn't turned into a fight between Microsoft and Linu$ Torvald$' wares.
--
Be patriotic or I'm reporting you to Ashcroft. | |
|
|  Combat ChuckToo Many CannibalsPremium
join:2001-11-29
Erie, PA | said by navalpatel:
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
No, XP's firewall did exactly what it was designed to do; block unsolicited incoming connections. It just didn't do what you wanted it to do; block outgoing connections.
--
Japan-- Now with 30% more climbable telephone poles!! | |
|
|  RhobitePremium
join:2002-02-24
Cambridge, MA | Please give a specific example of what the Windows firewall fails to do. The only thing I can think of is that during startup there's a brief period of exposure before the firewall kicks in. I agree that this is a small problem but it's fixed in SP2.
--
Jimmysquid.com - I take pictures. | |
|
| | davePremium,MVM
join:2000-05-04
not in ohio
kudos:7 Reviews:
·Verizon FiOS
·Verizon Online DSL
| Re: Compentant Security said by Rhobite:
Please give a specific example of what the Windows firewall fails to do. The only thing I can think of is that during startup there's a brief period of exposure before the firewall kicks in. I agree that this is a small problem but it's fixed in SP2.
...and it's not clear that ZA does not have the same exposure (see Security forum posts passim). | |
|
| | |  SpitefulCrowInsert Witty Tag HerePremium
join:2003-06-04
Berkeley, CA | Re: Compentant Security Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online. 
/linuxrave | |
|
| | | | SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: Compentant Security said by SpitefulCrow:
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online.
/linuxrave
<xprave>Yah for XP Service Pack 2, which does the same thing</xprave> | |
|
| | | | | SpitefulCrowInsert Witty Tag HerePremium
join:2003-06-04
Berkeley, CA | Re: Compentant Security said by Steve:
said by SpitefulCrow:
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online.
/linuxrave
<xprave>Yah for XP Service Pack 2, which does the same thing</xprave>
Yay for firewalls that give the user more control than "On" and "Off". /linuxrave | |
|
| | | | | | SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: Compentant Security <xprave>Yay for firewalls that have more than two users</xprave> | |
|
| | | | | | | | Windows firewall allows you to modufy it to "open ports" or do what you wish. | |
|
| | | | | | | SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5
1 edit | Re: Compentant Security said by keyboard5684:
Windows firewall allows you to modufy it to "open ports" or do what you wish.
The one in XP/SP2: yes. The older firewall really sucked (even though it did what it claimed).
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
| | | | | | | | RhobitePremium
join:2002-02-24
Cambridge, MA | Re: Compentant Security Even the older one lets you open ports individually. | |
|
| | | | | | | | | SpitefulCrowInsert Witty Tag HerePremium
join:2003-06-04
Berkeley, CA | Re: Compentant Security said by Rhobite:
Even the older one lets you open ports individually.
Ooh wow, opening ports. That's so great.
iptables supports connection tracking and customized matching based on almost every field in the packet/frame. | |
|
| | | | | | | | | Reviews:
 ·Armstrong Zoom ..
| Re: Compentant Security iptables, a Linux thing. Completely off base. We are not talking about complex firewall operations (which in my opinion the FreeBSD ipfw is far superior to a simple iptables function in linux), we are talking about Windows firewalls.
Zone alarm compared to the Windows firewall that is built in. In my eyes the Windows firewall is better because it shuts up. I do not think you should have to watch a firewall, it should just do its job. How many people go through there firewall logs and actually do something about it?
PIX firewall can track and customize matching/action on every field of the frame. Even a Cisco router can do what you stated without the firewall feature set. Checkpoint firewall can do it all to. I can go on and on about how many different firewall setups are better but since you learned how to write an iptable rule congrats. | |
|
| | | | | | | | | | Say what you will, I've been doing ISP support for four years now and I haven't seen the ICF keep anyone offline. I have seen Zone Alarm suddenly block ALL incoming and outgoing traffic for no apparent reason. Then it's a real pain to remove. The ICF in WindowsXP seems to do a very good job. The only situation where it's not helpful is when you have a trojan on your system letting someone or something in. Of course, that never happens to anyone here.......
--
"Don't try to explain computers to a layman-easier to explain sex to a virgin."-R.A. Heinlein | |
|
|  TransmasterDon't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
1 edit | said by navalpatel:
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
Don't compare the lame Windows Firewall as it is now with
what in included on the SP-2 Beta it works as well as any software firewall I have used.
--
»www.gobpl.com | |
|
 robnelleBlowing Kisses To You AllPremium
join:2001-12-05
Indianapolis, IN
1 edit | huh What did Zone Labs have to say about it? | |
|
 dadkinsCan you do Blu?Premium,MVM
join:2003-09-26
Hercules, CA
kudos:18 | One reason I switched That's one of the reasons I switched to Kerio 4.0.16. It seems that ZA just keeps having problems...enough so as to not to trust it. ZAP 4.5 did work well, but I'm happy with Kerio... for now.
--
When you've seen one nuclear war, you've seen them all. TheTechPub | |
|
 netwirePremium
join:2001-04-27
Shelby, NC
kudos:1 | Hmm.. Solution: Enabled "Manually Check for Updates"... | |
|
| Combat ChuckToo Many CannibalsPremium
join:2001-11-29
Erie, PA | Re: Hmm.. said by netwire:
Solution: Enabled "Manually Check for Updates"...
And pray that whatever is causing this actually pays attention to the setting.
--
Japan-- Now with 30% more climbable telephone poles!! | |
|
 CPMBroadband, DSL, cable
join:2001-08-24
Brooklyn, NY | Nothing but Problems I had ZA two years ago and it is nothing but probems. Remeber a software firewall is only as good as the OS it is running on and Windows is not that secure. | |
|
|  72276539Premium
join:2001-01-19
Atlanta, GA
1 edit | Re: Nothing but Problems Wrong answer, sorry please try again. I have had plenty of problems with ZA but its not windows that writes the application. Its not windows that does the install routine nor is it windows that is phoning home. | |
|
 B52GUNRKM 7D love and D3 NirvanaPremium,MVM
join:2001-03-06
Vallejo, CA | Never liked ZA I had no end of memory leaks with ZA. I personally prefer Sygate's free offering. Maybe I'll check out Kerio, as well. | |
|
 PhoenixDown-- Wants FIOSPremium
join:2003-06-08
Fresh Meadows, NY
kudos:1 | Odd I am really interested in knowing why its contacting the bbr servers for updates.
--
www.shinraonline.com | |
|
Samwoo
join:2002-02-15
Rancho Palos Verdes, CA
1 edit | Wait? Zone alarm doesn't ever automatically install updates anyways. when there is an update they link you to their site where you must manually download and run the new install.
The only thing it does automatically is check for updates. | |
|
|  nilJava Geek
join:2000-11-27
kudos:1 | Re: Wait? Yes, but considering it thinks *we* are their site.. well.. doesn't appear to be very secure, does it?
--
Life is too short to be boring | |
|
Samwoo
join:2002-02-15
Rancho Palos Verdes, CA
1 edit | Hmm my browser didn't refresh properly...
is there any way i can delete this? | |
|
1 edit | Maybe the programmers of ZoneAlarm are fans of BBR? I mean who isn't? | |
|
|
See 7 replies to this post |
|
mkbaird
join:2000-03-30
Colorado Springs, CO | I'm wondering if this started with version 5, or are even the older versions doing this updating thing. I'm still using 4.5. I'm not updating to 5 until I hear more positive reports etc. Does anyone know if there PC has called the BBR's?
Marcus | |
|
|
RhobitePremium
join:2002-02-24
Cambridge, MA | Are we sure that this isn't some sort of trojan or other sort of spyware on the users' machines, that's made to look like ZA? After all the traffic is being blocked by ZA and I'd assume that ZA lets its own "real" traffic pass through. Are we sure that ZA is the source of this traffic, and not some other program that's running on the PC?
--
Jimmysquid.com - I take pictures. | |
|
| SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: Question for folks who've been following If it *is* a Trojan or other badware, none of the anti-badware software is detecting it. Our users have been over the hills and through the woods looking for badware without any success.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
| | SmokeyI'd rather be skiingPremium
join:2003-05-20
Wild West | Re: Question for folks who've been following But when will we get to grandma's house? | |
|
|  OwlbetIgnite the IcePremium,MVM
join:2002-09-24
Palmer, AK | said by Rhobite:
Are we sure that this isn't some sort of trojan or other sort of spyware on the users' machines, that's made to look like ZA? After all the traffic is being blocked by ZA and I'd assume that ZA lets its own "real" traffic pass through. Are we sure that ZA is the source of this traffic, and not some other program that's running on the PC?
I highly doubt that. Most of the MVMs, VIPS, Mods, Regulars & general lurkers, run pretty tight ships. We come loaded with our hosts files, Spybot, Spyware Guard, Hi-Jack This, Ad-Aware, various AVs & ATs, etc. I agree with the consensus here that there is a programming flaw in Zone Alarm that is causing this and not some undiscovered malicious payload piggybacking on Zone Alarm.
On a lighter note....Zone Alarm wants to read the Security Update Sticky in the Security Forum. 
--
Rocky is, was, and always will be Dawg E. Dawg. Miss you, pal. | |
|
| | We have seen a number of these type requests in our web server logs as well. Some include:
- - [15/Jun/2004:16:45:31 -0500] "GET http://avu.zonelabs.com/modules.txt HTTP/1.0" 404 20
*5 "-" "Internet Download"
- - [15/Jun/2004:16:45:33 -0500] "GET http://update.zonelabs.com/checkupdate.asp HTTP/1.0"
* 404 205 "-" "Zone Labs Registration Agent 1.0"
(*) WARNING 2 long line(s) split
--
»www.OverclockersClub.com | |
|
|
See 7 replies to this post |
|
 MaggsPremium
join:2002-11-29
Woodside, NY
·RCN CABLE
| It was one of the ZoneAlarm coders who was surfing BBR at the time. He might have typed BBR's IP in instead of ZA's.
I use Sygate, so I will check my logs to see if it occurs in other Firewall products.
I feel sorry for the site admins, getting pounded by stupid ZA cilents. Why don't the site admins, set a redirection to the actual ZA update servers, that way it might get corrected.
--
Paperclips do not belong inside a printer. Snapple Tech tip #123 | |
|
| SteveI know your IP addressConsultant
join:2001-03-10
Yorba Linda, CA
kudos:5 | Re: Maybe... Just Maybe said by Maggs:
Why don't the site admins, set a redirection to the actual ZA update servers, that way it might get corrected.
Because "posting front-page news" on a busy site like BBR is much more likely to capture their attention | |
|
 Doctor OldsI Need A Remedy For What's Ailing Me.Premium,VIP
join:2001-04-19
1970 442 W30
kudos:18 | ... by a ZA detractor?
Has anyone captured the packet leaving their PC? Where does it send it's request when you perform a Manual Update Check?
Things that make you go Hmm.
HOSTS file hijack?
Proxomitron misfire?
Trusted Zones first site used? | |
|
| | I got away from that crap and switched to the free version of sygate a year ago. | |
|
| | | Re: ZoneAlarm sucks. x2, using Kerio 2.15 right now, have been for a few years for that matter.
No problems, does EXACTLY what I tell it to
Sygate, Outpost and Tiny are also very good. | |
|
 richk_1957If ..Then..ElsePremium
join:2001-04-11
Minas Tirith | When I upgraded to 5, I noticed that, although I had told it not to contact zone labs, it tried to. And as I've had other issues with 5, I uninstalled it.
4.5 doesn't have this problem. I've had no problems there so that is where I am right now. | |
|
| | | I never liked ZoneAlarm I never trusted that program from the day it came out. I will allways use a hardware firewall. | |
|
| | | | Re: I never liked ZoneAlarm Well, in all honesty I will stick with Kerio 2.15 I see really no other firewall that I need besides it at this point. How can you guys even compare Zone alarm to Kerio for that matter? With Kerio you control what is going in and out, bottom line!
Ditch the ZoneAlarm newbie firewall and go with something a little more advanced such as Kerio 2.15
Nuff said
And come on, comparing windows firewall to Kerio? There is no comparison, Kerio eats the windows firewall for lunch and then spits it back out and laughs.
Come on guys, you guys that know about packets, filtering, networking protocols and the such should be able to see that Kerio or Outpost is by far superior to windows firewall for Zone Alarm.
Zone Alarm is meant to be a newbie firewall, simple at that. Remember that next time you get hacked and you wish you installed and was running a hardware firewall or Kerio with proxomotron. | |
|
| | Combat ChuckToo Many CannibalsPremium
join:2001-11-29
Erie, PA | Will that hardware firewall let you block a particular piece of software from phoning home?
--
Japan-- Now with 30% more climbable telephone poles!! | |
|
| | | | | Re: I never liked ZoneAlarm said by Combat Chuck:
Will that hardware firewall let you block a particular piece of software from phoning home?
Yes but it doesn't have that problem. I'm using a cisco firewall. | |
|
| | | | | | Re: I never liked ZoneAlarm I like Cisco You can be extremely strict with what you want to let out or in as with any application. I would say you can deny that program from phoning home pretty easily even with a software firewall if you know what you are doing. | |
|
|
|
Re: Bye-Bye ZoneAlarm
