Posted on 01/22/2006 11:09:42 AM PST by B4Ranch
Is your firewall spying on you?
Zone Alarm gets rumbled
By Paul Hales, in Jerusalem: Sunday 22 January 2006, 12:39
IT’S OBVIOUS, REALLY, that the best way of penetrating users' PCs to see what they get up to online would be to become a Firewall maker. Like, when I wanted a Firewall and was too tight to pay for one, I turned to Checkpoint’s little freebie Zone Alarm. It sits there between you and the Internet and lets you know when someone’s trying to sneak in through your backdoor or when a program you’re running tries to connect to the Web for no apparent reason. When you’re as techie as me – not very – you just have to trust it.
Of course, Checkpoint’s an Israeli company and as a foreign journalist working in Israel you know the hyperactive security services here would like to keep tabs on you. And you know that they do. It has been confirmed to me by a security sources here that mobile phone conversations I have had have been listened to – and in circumstances which I won’t reveal, the contents of a call I have been involved in have actually been relayed back to me.
It’s part of the game – like the airport interrogation, or the surreptitious copying of your notepad while you’re off having a body search. You know what goes on but you have a job to do and just get on with it – hoping that what you get up to in the legitimate pursuit of your business won’t upset anyone to the extent that they’ll come break your door down and cart you off somewhere.
Now, the handsomely-named Mr Cringely has revealed that a colleague of his at Infoworld noticed that Zone Alarm 6.0 was sneakily sending off data to four different servers. Cringely says that Zone Labs (acquired by Checkpoint in March of 2004) at first denied the activity for a couple of months before deciding the software had a "bug" even though, as he points out, "the instructions to contact the servers were set out in the program’s XML code."
The company says it will fix the "bug" soon. In the meantime you can work around it by adding: # Block access to ZoneLabs Server 127.0.0.1 zonelabs.com to your Windows host file.
The "bug" seems to be present in the retail version of Zone Alarm, so there’s no telling what the freebie gets up to. We called Checkpoint here in Israel to find out, but were referred to a US spokeszoner. Trouble is they’ll all be in bed there on this sunny Sunday morning. µ
I don't use ZoneAlarm. I had other problems with it a couple of years ago on several customers' computers not related to this issue. Of course, ZoneAlarm has to contact the server IF you have it set to check for ZoneAlarm updates so this guy might be all wet.
"Software firewalls suck. Nothing can beat hardware."
There's no difference.
What do you think that is, running on the dedicated hardware?
Internal loopback IP... sometimes called internal host... used by programs (such as firewalls, proxie servers, and virus checkers among others) to hook into the data stream. (For a more detailed explanation, better find a professional techie, I'm only a wanna-be that keeps my own internal network running...)
Using plenty of cyanoacrilate, no doubt....
This guy just drips paranoia. Why do I care what Israel thinks I am doing?
The news is also all over Usenet that Checkpoint is spying through Zone Alarm. I do not use Zone Alarm.
I think it's great.
No problem with the install.
One program install from the command line (Automatix (Automated GUI installation script) and then Automatix will install just about anything else you will need.
Well there is a difference, first the 'software' on a hardware router is embedded and can only be changed by flashing the eeprom. 2nd, it is independent of the OS and even the pc bios, which also makes its response time much faster. Most important though, is that a hardware firewall stops incoming before it reaches the pc unlike software that runs under the OS.
Thanks for the info, Seabiscuit. I've been using ZA for a long time but notice performance declines sometimes and it seems to interfere with other software. I checked out KPF and wonder how you downloaded it? What do you recommend? I'd love to try a different firewall for awhile and see if performance improves. I bought a used laptop by Gateway and have ZA free installed. Would you recommend KPF for a laptop?
"Well there is a difference, first the 'software' on a hardware router is embedded and can only be changed by flashing the eeprom.
These days many devices use nvram, not eeprom. Either way, it's still vulnerable to exploits. I found a bug on an old "hardware" wireless router which left tftp enabled on the internal interface... If you connected and did a tftp get for the conf file filename (which I retrieved from the eeprom update zip file) you could get it... and the plaintext unencrypted password for the web interface, too.
"2nd, it is independent of the OS and even the pc bios, which also makes its response time much faster."
Have you been inside many appliances? Most "enterprise" firewalls are dedicated devices using common mobo and chipset, either Intel x86 or ARM or something similar. Many consumer devices run a Linux or BSD based or similar commercial kernel. Many commercial firewalls such as Checkpoint can run on a standard UNIX box, such as Solaris Linux or FreeBSD. In fact, the Nokia Checkpoint boxes are really just stripped down FreeBSD with nice network hardware built in and avalable as cards.
The latency isn't necessarily much better. In fact, puter clock times and responses are measured in ns... Internet latency is measured by ms.
"Most important though, is that a hardware firewall stops incoming before it reaches the pc unlike software that runs under the OS."
This is really the only valid point.
2nd, it is independent of the OS and even the pc bios, which also makes its response time much faster. Most important though, is that a hardware firewall stops incoming before it reaches the pc unlike software that runs under the OS."
Well, the desktop firewall software recieves the packet before anything else - that's how it works.
I put AOL on the bottom and used Mircrosoft Internet Explorer and everything seemed to work fine. I've down loaded a lot since then and I don't understand why AOL wants to protect me from everthing or they only want me to use their stuff. I can't explain why though I'm very happy with the results. Good luck and I hope this will be of some help.
I have used a lot of firewalls with Zone Alarm being the most invasive.I used it up to when they upgraded and it slowed down my Pc so I then went with Sygate which has worked good for Me.I have known people to have their registry hosed by Zone Alarm.It happened to Me while working on a few Pc's that had Windows 98Se on them.
When uninstalling it would take a .dll file with it causing a no Cd rom support.There is a fix for it on Zone Alarm's site.
I use a Hardware Firewall plys the Software one and noone has came close to getting in.
The best way to keep hackers out is by using a old Pc something like Intel 66 mhz Cpu,16 megs of memory and you don't even need a harddrive.This drives Hackers up a wall when they can't download software to sniff your packets.
Hackers are lazy and most don't know what they are doing they download software that a hacker that does know how to exploit a Pc and sniff out Ip Address plus they are looking for what version of Windows you are running.The one's that are amatuers are called Script Kitty's because they are young and inexpierenced and rely on software sniffing software to get into your Pc.
There is software that hackers used called Snort that lets them sniff packets for info like your Mac Address and info you are sending.
I am all for prosecuting anyone caught doing this and have a first time offense of 5 years in the Prison House then see if they want to do it again.
The System is doing nothing to curtail them right now and it is the same as breaking into someone's Home or Vehicle.
I wish they would do the same with all the Spam/Malware/Viruses/ right now we are paying for the bandwidth they are using which is a lot.I am for ISP's being held accountable of letting them get through their Servers to us.Nothing is more offensive than the Porn and language they send you by stealing your e-mail address.
Fine them and give them a jail sentence.I believe that to use a PC one should have to take a course and be Certified to use Internet and mail.I don't mean a expensive hard test just a test to let them know that it is a fine and wrong to hack.If someone defrauds the Postal service they go after them.I see what they do with e-mail as no different.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.