Is your firewall spying on you? [Zone Alarm gets rumbled]

theinquirer.net ^ | Sunday 22 January 2006 | Paul Hales

[B4Ranch]

Is your firewall spying on you?

Zone Alarm gets rumbled

By Paul Hales, in Jerusalem: Sunday 22 January 2006, 12:39

IT’S OBVIOUS, REALLY, that the best way of penetrating users' PCs to see what they get up to online would be to become a Firewall maker. Like, when I wanted a Firewall and was too tight to pay for one, I turned to Checkpoint’s little freebie Zone Alarm. It sits there between you and the Internet and lets you know when someone’s trying to sneak in through your backdoor or when a program you’re running tries to connect to the Web for no apparent reason. When you’re as techie as me – not very – you just have to trust it.

Of course, Checkpoint’s an Israeli company and as a foreign journalist working in Israel you know the hyperactive security services here would like to keep tabs on you. And you know that they do. It has been confirmed to me by a security sources here that mobile phone conversations I have had have been listened to – and in circumstances which I won’t reveal, the contents of a call I have been involved in have actually been relayed back to me.

It’s part of the game – like the airport interrogation, or the surreptitious copying of your notepad while you’re off having a body search. You know what goes on but you have a job to do and just get on with it – hoping that what you get up to in the legitimate pursuit of your business won’t upset anyone to the extent that they’ll come break your door down and cart you off somewhere.

Now, the handsomely-named Mr Cringely has revealed that a colleague of his at Infoworld noticed that Zone Alarm 6.0 was sneakily sending off data to four different servers. Cringely says that Zone Labs (acquired by Checkpoint in March of 2004) at first denied the activity for a couple of months before deciding the software had a "bug" even though, as he points out, "the instructions to contact the servers were set out in the program’s XML code."

The company says it will fix the "bug" soon. In the meantime you can work around it by adding: # Block access to ZoneLabs Server 127.0.0.1 zonelabs.com to your Windows host file.

The "bug" seems to be present in the retail version of Zone Alarm, so there’s no telling what the freebie gets up to. We called Checkpoint here in Israel to find out, but were referred to a US spokeszoner. Trouble is they’ll all be in bed there on this sunny Sunday morning. µ

[Roses0508]

I've used Zone Alarm since it came on the market - 5 years maybe. Let's just say I believe in it enough to put my money where my mouth is - I buy the Pro version for myself, my two children, a birthday present to my sister who was forever getting her computer zapped and several friends. I've never had any trouble with it, but I do know several people who have. If you are having trouble with Zone Alarm I recommend downloading "The Cleaner", doing a good cleanup and then installing Zone Alarm.

FYI a version of Zone Alarm runs on almost every home router you can buy, including the ones you get from cables companies, etc.

My son, bless him, played online games for about 45 minutes outside of the safety of ZA once. You'd be astonished at the trash he acquired on his computer in that 45 minutes.

[snarks_when_bored]

The article needs a bit of supplementation. Here is the path to your hosts file (note that the file has no extension):

C:\WINDOWS\system32\drivers\etc\hosts

(Of course, if the drive you've installed Windows on is not labelled 'C', make the appropriate modification.)

Add the following line to your hosts file (using a text editor such as Notepad):

127.0.0.1      www.zonelabs.com    # Block access to www.zonelabs.com

Understand that, if you make this addition to your hosts file and then attempt to surf to www.zonelabs.com, you're not going to get there.

[snarks_when_bored]

I should've said that the path I gave was for a standard installation of Windows XP. If you're having trouble finding the file, just search for 'hosts' (without the single-quotes) from within your Windows directory.

[Uri’el-2012]

But not in my world. :-)

Got Root !

[Publius6961]

How?

[philetus]

I'm using Ubuntu

http://www.ubuntulinux.org/

[AmeriBrit]

Bookmaked : ZA info

[sageb1]

"My son, bless him, played online games for about 45 minutes outside of the safety of ZA once. You'd be astonished at the trash he acquired on his computer in that 45 minutes."

No I wouldn't be surprised at all. My grandson plays games and his parents have had to have their hard drive wiped twice. I attributed it to AOL spam. I won't let AOL near my computer.

[oceanview]

what information are they sending back to zonelabs?

[Constantine XIII]

Bump

[Sabramerican]

Freeware- Easy edit of the HOST file

http://www.funkytoad.com/hoster.htm

[Dallas59]

That's what I have.

[boris]

OK explain this to me. When I open the hosts file, I already find:


127.0.0.1 localhost


Somehow I don't think I want to block access to this address unless I am certain it wont mung things up.

[Dallas59]

Do I even need the MS firewall and ZA with my router?

[Dallas59]

But then again...I'm on the Israeli side...Why should I be worried?

[Graybeard58]

I build all my firewalls out of 7400 Quad NANDs.

I know it's illegal but nothing beats good old fashioned asbestos for fire walls.

[snarks_when_bored]

Don't change the localhost association with 127.0.0.1. 127.0.0.1 is the local loopback address (it connects your machine to itself). By associating 127.0.0.1 to (say) www.zonelabs.com, you tell Windows networking that when it is asked to connect to www.zonelabs.com, it should connect to the IP number 127.0.0.1 (which goes nowhere).

Each line of the form

127.0.0.1      www.(whatever).(whatever)     # Block access to www.(whatever).(whatever)

associates loopback with the www.(whatever).(whatever) address, effectively killing the ability of Windows to connect to www.(whatever).(whatever).

You can add as many lines to the hosts file as you wish, each line blocking connection to a particular internet address.

[Varmint Al]

Hi Dallas59
I don't think ZA will do anything once you have a hardware firewall like a router. You need to use the correct blocking settings like I have shown. If you activate the Windows XP firewall, it probably will have nothing to do. With it activated, you won't keep getting the alerts that the Windows firewall in not operating. I have my Windows firewall turned on just to save the alerts.

Here are what the settings mean.

There is more information on how I have my computers setup here: Varmint Al's Computer Page.

Good Hunting... from Varmint Al

[B4Ranch]

How do you like it?

[B4Ranch]

I have no idea