Free Republic
Browse · Search
News/Activism
Topics · Post Article

Skip to comments.

Is your firewall spying on you? [Zone Alarm gets rumbled]
theinquirer.net ^ | Sunday 22 January 2006 | Paul Hales

Posted on 01/22/2006 11:09:42 AM PST by B4Ranch

Is your firewall spying on you?

Zone Alarm gets rumbled

By Paul Hales, in Jerusalem: Sunday 22 January 2006, 12:39

IT’S OBVIOUS, REALLY, that the best way of penetrating users' PCs to see what they get up to online would be to become a Firewall maker. Like, when I wanted a Firewall and was too tight to pay for one, I turned to Checkpoint’s little freebie Zone Alarm. It sits there between you and the Internet and lets you know when someone’s trying to sneak in through your backdoor or when a program you’re running tries to connect to the Web for no apparent reason. When you’re as techie as me – not very – you just have to trust it.

Of course, Checkpoint’s an Israeli company and as a foreign journalist working in Israel you know the hyperactive security services here would like to keep tabs on you. And you know that they do. It has been confirmed to me by a security sources here that mobile phone conversations I have had have been listened to – and in circumstances which I won’t reveal, the contents of a call I have been involved in have actually been relayed back to me.

It’s part of the game – like the airport interrogation, or the surreptitious copying of your notepad while you’re off having a body search. You know what goes on but you have a job to do and just get on with it – hoping that what you get up to in the legitimate pursuit of your business won’t upset anyone to the extent that they’ll come break your door down and cart you off somewhere.

Now, the handsomely-named Mr Cringely has revealed that a colleague of his at Infoworld noticed that Zone Alarm 6.0 was sneakily sending off data to four different servers. Cringely says that Zone Labs (acquired by Checkpoint in March of 2004) at first denied the activity for a couple of months before deciding the software had a "bug" even though, as he points out, "the instructions to contact the servers were set out in the program’s XML code."

The company says it will fix the "bug" soon. In the meantime you can work around it by adding: # Block access to ZoneLabs Server 127.0.0.1 zonelabs.com to your Windows host file.

The "bug" seems to be present in the retail version of Zone Alarm, so there’s no telling what the freebie gets up to. We called Checkpoint here in Israel to find out, but were referred to a US spokeszoner. Trouble is they’ll all be in bed there on this sunny Sunday morning. µ


TOPICS: News/Current Events
KEYWORDS: computers; firewall; lowqualitycrap; malware; pc; privacy; spyware; zonealarm
Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-72 next last
To: Varmint Al

Thanks!


41 posted on 01/22/2006 1:28:29 PM PST by Dallas59 ((“You love life, while we love death"( Al-Qaeda & Democratic Party))
[ Post Reply | Private Reply | To 38 | View Replies]

To: Sabramerican

I hadn't seen that little hosts file editor. Looks nice (although Notepad works fine for me).


42 posted on 01/22/2006 1:28:47 PM PST by snarks_when_bored
[ Post Reply | Private Reply | To 31 | View Replies]

To: Varmint Al

Check your FReep mail, please.


43 posted on 01/22/2006 1:39:18 PM PST by B4Ranch (No expiration date is on the Oath to protect America from all enemies, foreign and domestic.)
[ Post Reply | Private Reply | To 38 | View Replies]

To: oolatec

I have a Linksys router. Do I really need Zone Alarm, too? Anybody have a clue?


44 posted on 01/22/2006 1:44:18 PM PST by The Westerner
[ Post Reply | Private Reply | To 2 | View Replies]

To: B4Ranch

Download a copy of tcpview, then you can see what is
connected to your PC....


45 posted on 01/22/2006 1:48:35 PM PST by thinking
[ Post Reply | Private Reply | To 1 | View Replies]

To: B4Ranch
A useful article from Wikipedia on the hosts file:

Hosts file

46 posted on 01/22/2006 2:08:51 PM PST by snarks_when_bored
[ Post Reply | Private Reply | To 1 | View Replies]

To: oolatec

I'm using both. The software tells me how good I am and it pleases me. :-D


47 posted on 01/22/2006 2:09:48 PM PST by jayef
[ Post Reply | Private Reply | To 2 | View Replies]

To: B4Ranch
This is from the ZA help file, perhaps this is what he was seeing:

Joining the DefenseNet community Zone Labs security software users can help shape the future of Zone Labs security products by joining the DefenseNet community protection network and periodically sending anonymous configuration data to Zone Labs for analysis. By joining DefenseNet, you can help us focus our attention on the features and services that you use most often and to introduce new functionality that will provide even smarter security.

Configuration data is not collected from ZoneAlarm or ZoneAlarm Anti-virus users.

Even with the "Alert me before I make contact" preference selected in the Overview|Preferences tab, you will not be alerted before sending configuration data to Zone Labs.

The data collected is completely anonymous and is for Zone Labs internal use only and will not be shared with others. Of the millions of Zone Labs security software users, only a small percentage of users will have their information collected. The frequency of data transmission depends upon the configuration of your computer. For most users, data will be sent once per day.

To send configuration data to Zone Labs, select Yes, automatically and anonymously share my settings in the Configuration Wizard.

If you later decide that you do not want to send anonymous data, select Overview|Preferences, in the Contact with Zone Labs area, then clear the Share my settings anonymously... check box.

48 posted on 01/22/2006 2:43:19 PM PST by Shadow Deamon
[ Post Reply | Private Reply | To 1 | View Replies]

To: snarks_when_bored

I added the entire list from "Blocking ads on the Internet with a list of ad server hostnames and IP addresses." to my hosts file. Here's hoping that cuts down on the garbage that builds up in my Temporary Internet file.


49 posted on 01/22/2006 3:18:19 PM PST by B4Ranch (No expiration date is on the Oath to protect America from all enemies, foreign and domestic.)
[ Post Reply | Private Reply | To 46 | View Replies]

To: Shadow Deamon

Maybe so.


50 posted on 01/22/2006 3:19:27 PM PST by B4Ranch (No expiration date is on the Oath to protect America from all enemies, foreign and domestic.)
[ Post Reply | Private Reply | To 48 | View Replies]

To: JOE43270

I have XP Pro and use IE. I cannot open a PDF file but I can save it and open it. What is up with that? What was your work-a-round?


51 posted on 01/22/2006 3:26:09 PM PST by Snoopers-868th (Borrowed tagline: Who do I vote for-the Republicans are socialist and the Democrats are Communist)
[ Post Reply | Private Reply | To 20 | View Replies]

To: Publius6961

lots of solder


52 posted on 01/22/2006 3:49:15 PM PST by palmer (Money problems do not come from a lack of money, but from living an excessive, unrealistic lifestyle)
[ Post Reply | Private Reply | To 25 | View Replies]

To: Publius6961
OpenBSD is one of the most hardened "out of the box" operating systems on the planet. The developers have included a facility called "pf". It's a very configurable firewall package.

I run three of them on a site that I have. One is supporting a private (RFC 1918) LAN behind a static netblock via NAT/PAT for hosts on the LAN.

Another is in front of the netblock and it does everything except for NAT/PAT and traffic redirection because it's running in bridge mode and doesn't even have any IP addresses. It "looks" like a layer two device (switch or hub) to those machines around it.

The third supports a second WAN connection via a RoadRunner broadband connection that my employer (most graciously) provided to me. That one is like the one that does NAT/PAT, except that if the IP address changes, it's set up such that none of the firewalling features are affected.

There is ONE more OpenBSD host on the site that uses pf, but it's simply a SMTP server (PostFix) and runs OpenBSD because of greylisting and spamd (anti-spam system) for e-mail.

It's a rock solid operating system. They tout the fact that they've only had one remote root exploit in a default install in over eight years. No other operating system even comes close to being able to say that, except for maybe OSs like Inferno (Lucent Brick), and VX-Works (used by the Nortel CES). But most people will have never heard of these, nor would they really want to use them anyway.

But OpenBSD is not a user's operating system (IMHO). All of the systems that us people here touch are Linux systems. Debian to be specific. But they're all protected by the OpenBSD firewalls running pf.

The "pf" how-to is linked from http://www.openbsd.org.
53 posted on 01/22/2006 3:53:38 PM PST by hiredhand (My kitty disappeared. NOT the rifle!)
[ Post Reply | Private Reply | To 25 | View Replies]

To: oolatec
Software firewalls suck. Nothing can beat hardware.

It doesn't matter what medium the firewall is built on. Whether it sucks or not has nothing to do with whether it is a software application on a pc or a dedicated device.

54 posted on 01/22/2006 3:57:16 PM PST by bobdsmith
[ Post Reply | Private Reply | To 2 | View Replies]

To: oolatec

Thats true, a router is a must, especially for 24/7 cable connections. But, a software firewall is also important, not for incoming which is the router's job, but to keep a check on outgoing connections, though I don't use ZA.


55 posted on 01/22/2006 4:00:47 PM PST by SeaBiscuit (God Bless all who defend America and Friends, the rest can go to hell.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: B4Ranch

I doubt this is anything serious at all. A well known software product like ZoneAlarm simply cannot send information to somewhere covertly without someone finding out about it pretty quick by simply looking at what data is being sent out. The people who make zone alarm would realise this and so I don't believe they would even think about attempting it.


56 posted on 01/22/2006 4:03:07 PM PST by bobdsmith
[ Post Reply | Private Reply | To 1 | View Replies]

To: The Westerner

See my post #55. I use the old free version KPF 2.15, highly configurable and uses little resources.


57 posted on 01/22/2006 4:06:18 PM PST by SeaBiscuit (God Bless all who defend America and Friends, the rest can go to hell.)
[ Post Reply | Private Reply | To 44 | View Replies]

To: B4Ranch

My firewall: a Hub, an old Pentium III PC, pulled out the CDRom, HardDrive, Video and Sound cards, 8 megs ram, and have two NIC cards. Basically it's a stripped down computer. Then I use http://www.coyotelinux.com/ free firewall. Everything is blocked; everything. The firewall runs off the floppy disk into Ram. Completely invisible from the outside world. I packed up my LinkSys; ppl can still get to ya. Software Firewalls eat system resources, KT recommends to get a real hardware firewall (linksys are pseudo hardware fw...it is really still primarily a software fw) and use your old PC to make a killer FW.


58 posted on 01/22/2006 4:44:33 PM PST by KillTime (Democracies that can't distinguish between good and evil or deny any difference shall surely perish.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: B4Ranch

127.0.0.1 is listed as "loopback adapter" under the firewall and zones area in ZA 6.xx


59 posted on 01/22/2006 5:47:38 PM PST by dynoman (Objectivity is the essence of intelligence. - Marylin vos Savant)
[ Post Reply | Private Reply | To 1 | View Replies]

To: dynoman
Loopback Adapter on IP 127.0.0.1
60 posted on 01/22/2006 6:12:38 PM PST by dynoman (Objectivity is the essence of intelligence. - Marylin vos Savant)
[ Post Reply | Private Reply | To 59 | View Replies]


Navigation: use the links below to view more comments.
first previous 1-2021-4041-6061-72 next last

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
News/Activism
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson