Hi,

Please post your feedback on ZoneAlarm Pro 70_337_000

Any user of ZoneAlarm Pro 70_337_000 !!!

Hello,
Have tested it. Works rather OK.
Friendly enough as always.
Mrk

Hi, folks: I have upgaded and moved over to ZA Pro 7.0.337 from ZASS 6.5 737. I waited this long to make my move, just want to be certain that this one is ONE I can trust. ZA Pro is the only one (correct me, if you will) in ZA 7's family that will NOT make your cybertime miserable. The others, due to foreign body part of KAV, IMO, you might as well push them into archive for now. ZA pro works like a charm, feeling the ZA of old days has returned. An improvement, indeed. A significant compliment among many negative finger-pointings. If you are in market of a decent FW, just give a spin. Good luck.

Works great, but im having some problems with the cookie blocker.
If I turn it on, some images won't load, and youtube.com doesnt load at all.

Hi, folks: I have turned off AD and Cookier blocker, they are not that good, just some sort of plug-ins.

-{ Quote: "Works great, but im having some problems with the cookie blocker.
If I turn it on, some images won't load, and youtube.com doesnt load at all." }-
Sometimes you do need to lower Cookie control for images to load. You can always block cookies through your browser while doing that if you wish.

Pages sometimes need the 'referer' in order to load, and you will block the referer with the cookie slider set at medium or above.

I prefer to leave the cookie control at medium, only lowering when required.

The Privacy section of ZAP/ZASS is one of the most useful features for blotting out exploit attempts (ie via Mobile Code Control) but you do need to understand what it is doing and be prepared to switch on/off certain sections for downloading and enhanced functionality on safe sites.

Some people get frustrated and don't use Privacy section - that is their loss! The plain fact is that with Mobile Code Control set to block everything (including java script) you are unlikely to suffer from a drive-by download. In my opinion it is simpler blocking via the FW than fiddling with browser settings to achieve the same result. You can easily allow java script etc at safe sites.

As far as ZAP 7.0.337.000 is concerned, the operating system FW is a very nice feature protecting from the activities of malware should it ever get on your system. I really don't know how good the AS scanner is, but I guess it's at least as good as Spybot/AdAware.

ZAP v7.0.337.000 is an excellent FW and very user-friendly, but fwiw, it has a 'heavy footprint' (33MB).

-{ Quote: "Sometimes you do need to lower Cookie control for images to load. You can always block cookies through your browser while doing that if you wish.

Pages sometimes need the 'referer' in order to load, and you will block the referer with the cookie slider set at medium or above.
" }-
Mine is on medium, but I have problems like this:

189681

And if I reload the page 4 times or something, all the images appear again..?

I'Ve never experienced a bunch of smilies! ;D

If an image doesn't load you usually get a red cross, refreshing once (after putting the cookie slider to off) should bring the image back, if not then use the 'Back' button of your browser and re-enter the site fresh.

Other reasons for pages not loading could be the ad-blocker, java script blocked or perhaps it requires some other form of mobile code. However there are certain bad sites (porno etc) that deliberately set themselves not to load correctly unless you lower your browser or FW settings; and as soon as you do lower your defences you get hit! So I would only do that for a site I was confident was 'clean'.

I'm thinking of getting the newest version of ZA Pro myself. Do you guys recommend upgrading to the newest version every year, or do you generally recommend just sticking with a version that works well on your system and not worrying about always running the most recent version of ZA Pro ?

I don't mind paying for a decent product, but I hate managing (and paying for) a bunch of ongoing upgrades and subscription fees for various security softwares.

Thanks
John

-{ Quote: "Other reasons for pages not loading could be the ad-blocker, java script blocked or perhaps it requires some other form of mobile code. However there are certain bad sites (porno etc) that deliberately set themselves not to load correctly unless you lower your browser or FW settings; and as soon as you do lower your defences you get hit! So I would only do that for a site I was confident was 'clean'." }-
I use FireFox with adblock plus and no-script, so need to worry about that ;D
Because of that I switched the adblocker etc. off in ZA.

All the image etc. worked fine before the installation of ZA pro, and im sure the cookie blocker causes the problems..

But since I do not really fancy keep sliding with the cookie blocker level, I may just switch it off permanently.

Hi Again:

My most recent feedback on ZA Pro 7.0.337 is in the following thread dealing with increased scan times on other ASW like SS.

http://www.wilderssecurity.com/showthread.php?t=169175

If you are unsure about how it will work on your PC use it on 15 day trial before laying down your $.

I use ZA Pro ongoing but turn off ASW and email scaning since it duplicates what SS and BD does for me.

You run it in it's learning mode to let it learn your settings per application.

Still haven't switched on mobile code yet but will.

If you are moving from ZASS make sure you do a full uninstall on it!

Hi there. ;)

-{ Quote: "I'm thinking of getting the newest version of ZA Pro myself." }-

ZA is an excellent firewall. Very secure and with bunch of additional (non-firewall) stuff. The thing with the latest version is that it has changed the owner recently, so everybody is a bit wary about it (this transactions more than occasionally prove to be a failure). I am not familiar with v7, I tried it briefly, but I was a satisfied user of series-6 a year ago or so. It is very user-friendly, but it also allows fine-tuning. A bit heavy on resources, but no other complaints whatsoever. I believe you can't go wrong with ZA firewall, just choose the dedicated version (Pro). BTW, regarding the choice of version, everybody likes to use the new one, it's a matter of prestige, not quality or protection... ;) (just look at the ESS board - so many 'beta-testers')

Cheers. :thumb:

-{ Quote: "I'm thinking of getting the newest version of ZA Pro myself. Do you guys recommend upgrading to the newest version every year, or do you generally recommend just sticking with a version that works well on your system and not worrying about always running the most recent version of ZA Pro ?

I don't mind paying for a decent product, but I hate managing (and paying for) a bunch of ongoing upgrades and subscription fees for various security softwares.

Thanks
John" }-
If you buy a licence for ZAP it is good for ugrades and support until the licence expires. If a new version comes out you will be informed (so long as you have ZAP set to check for updates) and can install the new version without charge if you wish (generally I don't hurry to install the 'latest', I prefer to wait until the dust settles in case of bugs etc).

When your licence expires you can renew (at a discount) or continue using your current version without renewing, in which case you will lose the entitlement to updates/upgrades/support etc. That means you will not get AS scanner definitions, will not be able to rely on 'Smart Defence' recommensations etc, but you can keep what you have bought, which is a good deal more than the free version offers.

Hi TopperID,

Thanks for your reply. Do you think that most people update to the next version of ZA PRO after their license expires, thus getting a new version each year or so, or do you think that most people just buy the product once and when their subscription expires, keep using what they have bought without worrying about having the most current version ?

Would I likely be better off buying the pro version once, and after the license expires, just keep what I have, without worrying about using the most current version, or keep using the most current versions of the free Zone Alarm as they come out ? With the free ZA, I would always have the current version, but it would have limitations being free. With the Pro, I would have a better product with the OS firewall, "but" I would likely want to let my license expire after a year and then just keep using what I had bought. Is a newer version of ZA free better than an older version of ZA pro, or is it the reverse ? I guess it depends on how old and how new the respective versions are :-)

I understand the ideal situation would be to keep buying new versions and subscriptions of ZA Pro forever, I'm sure that's what Zone Labs would recommend :-) but with all the bills nowadays, I don't want to pay for something I don't really need. In general, can most people just settle on a version of ZA pro that works for them and just leave it at that, or from a standpoint of protection, do most people need to always use the most current version of ZA ?

Thanks again,
John

-{ Quote: "Do you think that most people update to the next version of ZA PRO after their license expires, thus getting a new version each year " }-
New versions are being released every few months, often they are not major upgrades and it will be a matter of choice whether to constantly uninstall/reinstall every time. I only bother if I think the new version has improvements sufficient to make it worthwhile.

You can keep track of the changes here:-

http://download.zonelabs.com/bin/free/information/zap/releaseHistory.html
-{ Quote: "do you think that most people just buy the product once and when their subscription expires, keep using what they have bought without worrying about having the most current version ?" }-
It's cheaper to renew a licence than it is to buy one in the first place and I'm sure most people would prefer to keep their licence current so as to continue getting upgrades and Spyware definitions etc.
-{ Quote: "Would I likely be better off buying the pro version once, and after the license expires, just keep what I have, without worrying about using the most current version, or keep using the most current versions of the free Zone Alarm as they come out ?" }-
The free version is a different product, it is just a basic FW without all the extras, such as the Operating System FW etc which helps keep out spyware.
-{ Quote: "With the Pro, I would have a better product with the OS firewall, "but" I would likely want to let my license expire after a year and then just keep using what I had bought. Is a newer version of ZA free better than an older version of ZA pro" }-
The product is constantly evolving to meet the latest threats; the current version is altogether more powerful than older versions.
-{ Quote: "I understand the ideal situation would be to keep buying new versions and subscriptions of ZA Pro forever, I'm sure that's what Zone Labs would recommend :-) but with all the bills nowadays, I don't want to pay for something I don't really need. In general, can most people just settle on a version of ZA pro that works for them and just leave it at that, or from a standpoint of protection, do most people need to always use the most current version of ZA ?" }-
I think most people would either choose the free version or else get the pro version and keep it up to date, unless they decide to change FW for whatever reason. But it is up to you, you have the choice.

Personal comment.
I have never had any problems(from view of conflicts) with the installation of this firewall. I think ZA can give very good protection, with many options, from simple application internet access, to the advanced rules. My only problem if with the inability to place rules on vsmon(ZA own process). If this control was given, then I would use this firewall myself.

Just to complicate your decision a little further...

I'm presently halfway thru a 15 day trial of ZAPro 7.0.337 and it is working pretty well alongside Spysweeper 5.3 and Nod32 2.7. But after reading this thread and checking the status of various modules in ZAPro, I find that I have the AS module turned off (using SS), the AV monitoring module off, the e-mail protection off (using Nod32's emon and imon), the privacy features off (cookie control, ad blocking, and mobile control) and the identity protection module off.

If you go to the ZA site, you can find a comparison page with the various packages and what features each contain. With all these ZAPro features turned off on my machine, it makes sense for me to purchase the ZA Antispyware package which is $20 cheaper. Just thought you might want to take a look.

Oldshep

Hi, folks: You are probably right on the mooney. I have read someone has mentioned before either here or elsewhere. And ZAAS is lighter than Pro.

-{ Quote: "Just to complicate your decision a little further...

I'm presently halfway thru a 15 day trial of ZAPro 7.0.337 and it is working pretty well alongside Spysweeper 5.3 and Nod32 2.7. But after reading this thread and checking the status of various modules in ZAPro, I find that I have the AS module turned off (using SS), the AV monitoring module off, the e-mail protection off (using Nod32's emon and imon), the privacy features off (cookie control, ad blocking, and mobile control) and the identity protection module off.

If you go to the ZA site, you can find a comparison page with the various packages and what features each contain. With all these ZAPro features turned off on my machine, it makes sense for me to purchase the ZA Antispyware package which is $20 cheaper. Just thought you might want to take a look.

Oldshep" }-

Hi again:

Your configuration is identical to mine with the exception of BD 10 instead of Nod32.

Do you see your choice then as ZA pro being dumped and getting ZAASW package? Where is the detection data on that product?

I'm confused again. I use the ZA Pro as a good FW and turn off it's add ons either as I don't use them or to avoid clashes.

With Nod32 or BD 10 I would doubt we need to spend the $20. We could run any number of proven online scanners including KAV or BD!

While trialing ZAP 70.737 I tried to plug my system directly into a cable modem rather than through the router, as I had been having a problem with the router. ZAP crashed and could not be brought back without a reboot. I went back to Comodo.

Hello Escalader,

ZAAS is just a less expensive version of ZAPro (at least that's the way I think of it). I would turn the AS function off in ZAAS like I do in ZAPro and just use the firewall. The difference between the packages (according to ZA website) is ZAAS does not have the "privacy protection" and "Identity theft protection" features. I currently have those off in ZAPro now anyway. Everything else is supposed to be the same.

I've got a trial download of ZAAS and will be installing in the next week or so. I'll let you know how it works.

Oldshep

-{ Quote: "Hello Escalader,

ZAAS is just a less expensive version of ZAPro (at least that's the way I think of it). I would turn the AS function off in ZAAS like I do in ZAPro and just use the firewall. The difference between the packages (according to ZA website) is ZAAS does not have the "privacy protection" and "Identity theft protection" features. I currently have those off in ZAPro now anyway. Everything else is supposed to be the same.

I've got a trial download of ZAAS and will be installing in the next week or so. I'll let you know how it works.

Oldshep" }-

Hi Oldshep:

I've got it! Never having looked at ZAAS before my feeble brain probably thought ZA Suite! That is not what you are talking about! :-[

I am very interested in your view of ZASS!

What needs to be learned is what is the future of ZAAS and ZA Pro wrt Vista. I would hate to renew or go the way you are (maybe) only to find it doesn't work on a new PC should I get that!

I owe you some updated scan times but will have to wait til after tax time is done:(

I have a license for ZoneAlarm AV and the firewall works very well, no problems encountered. Although I sometimes get annoyed by the frequent popups of "ZoneAlarm has blocked infiltration of your computer from blah blah" :P

It is very efficient as a firewall, and I would definitely recommend it as long as you live in the western part of the world. There's a gap of support and customer service for those living in eastern countries, but that is just my experience.

-{ Quote: "While trialing ZAP 70.737 I tried to plug my system directly into a cable modem rather than through the router, as I had been having a problem with the router. ZAP crashed and could not be brought back without a reboot. I went back to Comodo." }-

Hi Diver:

As everybody here knows I'm not popular at ZA since I ask nasty questions, so let me ask you, did you just do that direct to the cable bit while on line?

I had ZA pro working via cable direct during a test and ZAP stayed up. It would never have occurred to me to even try that physical an action while connected! I logged off, changed the connections to cable and then booted up.

Try the same thing with Comodo and tell us what happens. It's very interesting!

Friend Diver, how nice to see you. Good post Escalader. I look forward to his reply. :lurking:

I have ZAAS7.0.337 installed for a couple of days. It works great. I used ZA Pro 4.0 sometime back, so this ZAAS 7.0 is nothing really new to me. I never used those privacy functions in Pro version. That's why I select ZAAS. I have turned on Antispyware function as a bonus.

-{ Quote: "I have ZAAS7.0.337 installed for a couple of days. It works great. I used ZA Pro 4.0 sometime back, so this ZAAS 7.0 is nothing really new to me. I never used those privacy functions in Pro version. That's why I select ZAAS. I have turned on Antispyware function as a bonus." }-


Hi yahoo ( good name!)

Why did you not use the privacy features? was it you didn't need them to filter outgoing personal information or some technical issue?

I would like to try again on them????

-{ Quote: "
Why did you not use the privacy features? was it you didn't need them to filter outgoing personal information or some technical issue?

I would like to try again on them????" }-

I do not save important personal data on computer, so those privacy features are redundant to me.

While the good news is ZA now uses KAV 6.0, isnt KAV 6.0 an older or last years version of Kaspersky ?

-{ Quote: "While the good news is ZA now uses KAV 6.0, isnt KAV 6.0 an older or last years version of Kaspersky ?" }-
Nope. KAV 6.0 is the current Kaspersky engine.

It is interesting that ZA 7.0+ listed PCflank.com as a spyware site and non-accessible (or at least it was when I trialed it a month ago or so). ZA 6.5 did fairly well on PCflank's leaktests (22/24) but maybe ZA 7.0+ has not?

-{ Quote: "It is interesting that ZA 7.0+ listed PCflank.com as a spyware site and non-accessible (or at least it was when I trialed it a month ago or so). ZA 6.5 did fairly well on PCflank's leaktests (22/24) but maybe ZA 7.0+ has not?" }-

Yes ZA PRO does it now! I just tested it on ZA Pro 7.0.337. PCflank.com is now logged in ZA as a blocked site due to spyware.

It reminds me of a previous case when McAfee SiteAdvisor blocked a ZA site!

They applied huge pressure on McAfee to "fix" this and succeeded!

Who will now advocate for PCflank.com to force ZA to fix this error?

How does ZA 7.000.377 do on the pcflank leaktests? Does any ZA user here have actual detailed results they could share with the forum?

I hope this doesn't generate a lecture series on why leaktests don't apply to ZA!:gack:

I have been using ZoneAlarmPro since version 5. All without any problems to date. Currently using.........

ZoneAlarm Pro version:7.0.337.000
TrueVector version:7.0.337.000
Driver version:7.0.337.000
Anti-spyware engine version:5.0.162.0
Anti-spyware signature DAT file version:01.200704.1385

Have stayed away from the Suite but intend to give NOD Suite a try down the road.

Just edit spy site blocking part in the program (its under anti spyware). There should be pcflank site listed and change access part to allow. After that it will work normal.

Hi, folks: Who is PCFlank.com ? and What is PCFlank.com ? Has it been certified by any third-party independent organization as such? And how much does its test results or so-called reports affect your mood or decision of using a particular FW? Can its scientific(?) data be nothing more than tea-time materials? How important is this .com ? ??? ???

-{ Quote: "Just edit spy site blocking part in the program (its under anti spyware). There should be pcflank site listed and change access part to allow. After that it will work normal." }-

Sure.... after you edit the list and allow access to the PCFlank site.... then conduct PCFlank's leak test.... You'll find that Zone Alarm fails that leak test. To prevent you from conducting this leak test.... Zone labs just simply blocks the entire site.

-{ Quote: "Hi, folks: Who is PCFlank.com ? and What is PCFlank.com ? Has it been certified by any third-party independent organization as such? And how much does its test results or so-called reports affect your mood or decision of using a particular FW? Can its scientific(?) data be nothing more than tea-time materials? How important is this .com ? ??? ???" }-

Unless ZA has changed it's policy, it doesn't participate in or submit to 3rd party certification.

There are many leak test security scanners available this PCflank.com is one of.

For me, if I was choosing a FW today, (I'm facing this issue later) and it came down to a functional and service tie between say ZA's FW and brand X and brand x did better on more than one leaktest than ZA I would go with brand X. If they were still tie on that score I would go with X which was certified by a 3 rd party testing process and was open about it's plans and support issues. How they treat customers!

As to mood and value it is up to the user.

-{ Quote: "Unless ZA has changed it's policy, it doesn't participate in or submit to 3rd party certification.

" }-

What kind of certification your are talking about? Most of them is just pay and test and if fails, test again, up to when you get certified....

A typical example of certification that is basically meaningless is for CA AV. It is certified by different cert. 'authorities' , but have a look at www.comparatives.org (single AV test) and you will see that is one of the worst AV on the market.:blink:

Fax

Hi henryg

It is indeed very puzzling! I did some work on your question:

1) changed the ZA Pro setting to allow the web site to be viewed here it is

http://www.pcflank.com/leaktests_info_adv.htm

Here are the 3 tests that ZA pro 6.5 failed out of 18 different tests.

1 The test controls the browser's activity and dialog windows via the technique of OLE automation of application control.

2 The test creates a flood of erratic packets and sends them off to network adapter, bypassing standard TCI/IP stack monitored by a firewall. The test has a problem running on Windows XP machines with latest updates applied.

3 The second Breakout leaktest creates a locally-placed HTML page pointing to a certain URL and sets this page as Active Desktop so when it is turned on the default browser accesses the link contained in the HTML file.

The puzzling thing is ZA pro 6.5 did pretty well in these tests, so why block the site!:-X

Outpost Firewall Pro (v. 4.0.964.6926 (582)) in this set of tests did better so maybe that is what they are trying to avoid.

Note that Outpost is advertising on this site offering a free download.

Hi, folks: Thank you for all the tech testing. This will put a seal of approval to OUTpost and ZA pro. Then it comes the non-tech issues: all depends upon which club you belong to. Some clubs carry the so-called exclusivity, often anchoring member can dictate club's policy. Outpost did well in that test and subsequently allow the test site to d/l its product, a normal , human way to say "thank you", and perhaps its exclusivity clause has kept ZA out. Who cares, as long as these firwalls can perform their assigned duties, those test sites are just sprinkling stars in the far far sky, backdrop-style decro.

Anyone know how ZA Pro 7 performs on the PCflank tests?

EDIT-

This was found in the recent Matousec post in regard to ZA Pro's results of the PCflank test-

"Another strange thing with ZoneAlarm is that it might seem that it passes PCFlank test, but in fact it does not. This leak-test tries to establish network connection with www.pcflank.com. ZoneAlarm invisibly includes this Internet address in its Spy Site Blocking list. So, if PCFlank contacted another website instead of the original one, it would bypass the protection. ZoneAlarm does not block the technique PCFlank presents, it blocks the target website which is harmless in fact."

-{ Quote: "

The puzzling thing is ZA pro 6.5 did pretty well in these tests, so why block the site!:-X

" }-

Escalader, it's called: "cheating".


Here is a quote from Matousec:

"Another strange thing with ZoneAlarm is that it might seem that it passes PCFlank test, but in fact it does not. This leak-test tries to establish network connection with www.pcflank.com. ZoneAlarm invisibly includes this Internet address in its Spy Site Blocking list. So, if PCFlank contacted another website instead of the original one, it would bypass the protection. ZoneAlarm does not block the technique PCFlank presents, it blocks the target website which is harmless in fact."

-{ Quote: "While the good news is ZA now uses KAV 6.0, isnt KAV 6.0 an older or last years version of Kaspersky ?" }-
No, KAV 6 is the current engine. ZoneAlarm uses the latest available build of KAV 5.0, not 6.0. Last I remember, it was using KAV 5.0.676 as its base development product....

-{ Quote: "No, KAV 6 is the current engine. ZoneAlarm uses the latest available build of KAV 5.0, not 6.0. Last I remember, it was using KAV 5.0.676 as its base development product...." }-

Given ZA is at KAV 5.0, what do they lose in functionality that KAV 6 provides?

Sorry for poorly written question, I guess it comes down to what's the difference twixt KAV 5 and 6?

-{ Quote: "Given ZA is at KAV 5.0, what do they lose in functionality that KAV 6 provides?

Sorry for poorly written question, I guess it comes down to what's the difference twixt KAV 5 and 6?" }-
Basically, almost nothing. 6.x series scans files faster due to optimizations and also has support for Proactive Defense module. Also, I hear that 6.0 products are better at removal of some adware, spyware and rootkits (though detection rates are the same). :)

-{ Quote: "Basically, almost nothing. 6.x series scans files faster due to optimizations and also has support for Proactive Defense module. Also, I hear that 6.0 products are better at removal of some adware, spyware and rootkits (though detection rates are the same). :)" }-

Yep, scanning is slower also due to the fact that they did not implement the ichecker/iswift technology (available in the SDK KAV package)...

On the removal issue, its a bit more complicated given that ZASS has also other system drivers and scan engine to tackle spyware, adware, etc... removal (i.e. vsdant.sys). On the KAV 5/6, the most important thing to me is that the main KAV driver in ZASS/ZAAV (klif) is version 6 and not 5.

I think the more radical changes are happening with version 7. Scanning speed, heuristics and cleaning efficiency.
Will KL provide an SDK 7 package for OEM? Uuuhm, let see... for sure not in the near future, otherwise who would buy their products?

Fax

-{ Quote: "Basically, almost nothing. 6.x series scans files faster due to optimizations and also has support for Proactive Defense module. Also, I hear that 6.0 products are better at removal of some adware, spyware and rootkits (though detection rates are the same). :)" }-

Hi Firecat:

me thinks you have an understatement here:)

"....... 6.0 products are better at removal of some adware, spyware and rootkits (though detection rates are the same)"

If you will pardon my example, suppose KAV had 100% detection (impossible of course) but 0% removal! , then for sure no one would buy their products OEM or not! Kind of like a diagnosis with no prescription!

So if KAV 6 is better at removal at what it finds that is very significant IMHO

Scan speed is only important if it becomes so bad people loses patience and close off the scan.

I'm waiting for the next AV comparatives to see how the NOD's, KAV's and BD's all do when subjected to independent testing.

Now that ZA is using KAV does this mean they are now willing to participate in objective testing as does their partner?

-{ Quote: "Now that ZA is using KAV does this mean they are now willing to participate in objective testing as does their partner?" }-

Yep, it would be nice to have it tough the results will be equivalent to KAV6 as for the other KAV clones tested at av-comparatives.
I think IBK has limited resources and users have already suggested to test only products with 'original' engine... so, I beleive, it is unlikely to happen. :(

But, you never know! May be a single product test....

Fax

Hi thread posters.

Be very careful here. Best to wait till the mathematics is done correcly!

Wait for actual AV comparatives results. Never base technical actions on any predictions let alone an individual forecast. Comparatives are always better than single tests except for vendors who look good in the singles.

If any engines are not tested then they aren't tested.

Observations on the AV comparatives original engines are not automatically transferable to untested or modified engines. There would have to be proof from IBK that they apply.

Only IBK or his people can comment accurately on their resources or lack of same.

Hi, folks: I feel very sad for folks at ZA development team, they probably know by now that they have bought KAV's engine at their FACTORY OUTLET, good deal and yet not that good. Why not create their own, w/ so many bright and highly paid brains there ? Sometimes, you look, you pick but pick the recycled one. Bad luck, indeed.

-{ Quote: "Hi thread posters.

Be very careful here. Best to wait till the mathematics is done correcly!

Wait for actual AV comparatives results. Never base technical actions on any predictions let alone an individual forecast. Comparatives are always better than single tests except for vendors who look good in the singles.

If any engines are not tested then they aren't tested.

Observations on the AV comparatives original engines are not automatically transferable to untested or modified engines. There would have to be proof from IBK that they apply.

Only IBK or his people can comment accurately on their resources or lack of same." }-

Ehm, right... if you do not trust ZA then I agree on your statement. But KAV SDK engine is the KAV SDK engine for all OEM... so no reasons to beleive that "on demand" detection is not the same... it is the same for the 3/4 AVs tested in AV_comparatives... should be the same for ZA too, as for Online ArmorAV, etc...

Yes, IBK mentioned in one of his posts that he cannot test all AVs on the market, simple because it would take too much time so there is limited space to have new AVs to be added in the test... but I would be happy to hear from him directly. ;D

And, it remain to be seen how different is the cleaning capability between KAV 6 and SDK 5... Firecat can clarify that, in order to avoid any misunderstadings. As far as I can see av-comparatives concentrates on detection so even if ZA will be added to the tests, we will not know how different is from KAV 6 in cleaning capability.

I doubt there is any major difference and I would IMO give more value to detection than cleaning per se. Better to keep the malware out then clean afterwards... or to use IBK words: "Detection of the viruses is most important: if viruses are detected before they are run... they can be removed without having to clean/restore anything" (FAQ N.15)

Cheers,
Fax

The OP was requesting on ZA Pro 70_337-000.

So my applogies for going off topic! :-[

Just hit this link, so looks like KAV 5/6 have a short life expectancy anyway. KAV 7 beta is out. Always best to get product from original vendor anyway right?8)

http://www.filehippo.com/download_kaspersky_antivir/

As far as objective testing issues go, I may start another thread or contribute to it if someone else does it first.:thumb:

-{ Quote: "Hi Firecat:

me thinks you have an understatement here:)

"....... 6.0 products are better at removal of some adware, spyware and rootkits (though detection rates are the same)"

If you will pardon my example, suppose KAV had 100% detection (impossible of course) but 0% removal! , then for sure no one would buy their products OEM or not! Kind of like a diagnosis with no prescription!

So if KAV 6 is better at removal at what it finds that is very significant IMHO

" }-
Not really so significant. For me the main purpose of an AV is to pick stuff up real-time as it is written to HD (or keep it out, in the case of a web-scanner). If you have 100% detection then nothing will ever get into your system that would need removing. If malware is missed and installs on your system then that is another matter and I don't think AVs are necessarily the best at cleaning machines when that happens.

Regarding the cleaning thing, it is only something I heard, I cannot verify it. I was not aware that ZoneAlarm AV used its own drivers also for the cleaning process, that may turn things around I guess. :)

Anyway, the klif.sys file only relates to network protection and not for the file scanning. I have looked at logs of ZAAV and have verified that it uses KAV Workstation edition version 5.0.676 as its base.

Also, just because some product uses the Kaspersky engine doesn't guarantee that it will get the same detection rate as Kaspersky itself. There are often a few differences here and there, but it depends heavily on the test set used. IBK's test set does not show these differences, but I have personally seen some samples that were detected by Kaspersky and not by F-Secure. It couldn't really be a matter of updates because the samples in question were old ones which had been added into Kaspersky's database for around a year now.

A good example can be seen on the tests made on http://www.virus.gr. Antony Petrakis' sample set is flawed and contains many junk files, but Kaspersky is known to detect a lot of junk and corrupted samples. Now, any KAV clone should also detect the same as KAV itself as it uses the very same database (and hence theoretically detects the same junk and corrupt samples), but it is clearly seen in virus.gr that F-Secure is always some 1-3 percent behind or ahead of KAV (in one test it was ahead of KAV but the latest one shows it behind KAV). The same can be seen with MicroWorld's eScan (commercial edition), which is also some 3-4% behind KAV despite using the same database and the KAV 4.5 engine. I can't put it down to a matter of not configuring the AV as well because eScan by default comes with very stringent settings for the on-demand scanner, which you can call maximum protection. I think the same would be true for F-Secure as well.

So, there can be some differences in detection rates between KAV and clones, but it is usually not so much as to seriously threaten the protection level of the users (For example, if KAV scores 99% on the next AV-comparatives on-demand test and eScan scores 96%, then eScan will receive an "Advanced" rating only, but this doesn't mean its not going to protect you well. But IBK's test set has never shown this difference, and I have not known AV-test.org to test KAV clones other than F-Secure.)

-{ Quote: "
Anyway, the klif.sys file only relates to network protection and not for the file scanning. I have looked at logs of ZAAV and have verified that it uses KAV Workstation edition version 5.0.676 as its base." }-

Thanks Firecat for this...

Just to clarify, Klif is part of the proactive protection. As part of this defense, the driver hooks and screens various system calls, such as registry functions. This is the driver that hook on the kernel... The other main driver is Kl1 (network driver) that is not functional in ZA (it is not needed).

So, it is an essential part of the KAV SDK (on access control switches) not just a network drive... yes, no influence on scanning but influence on machine capability to detect and protect the system against damage from malware.

It is interesting to note that registry entry installed by ZASS have references to Kaspersky-AVP6, so not sure how this link to your worstation 5 reference.

Of course, if you look to the update log, you get KAV 5 references, but that is just a script. I mean there is a lot of KAV6 code/files/drivers in ZASS... so I am more inclined to think that KAV SDK has been updated meanwhile...

Am I missing something? I would welcome your feeedback on this...

Thanks,
Fax
P.S. Just copy fyi some klif/vsdatant.sys hooks... here below

SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwClose
SSDT \SystemRoot\System32\vsdatant.sys ZwConnectPort
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateFile
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateKey
SSDT \SystemRoot\System32\vsdatant.sys ZwCreatePort
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwCreateProcess
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwCreateProcessEx
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwCreateSection
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwCreateSymbolicLinkObject
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwCreateThread
SSDT \SystemRoot\System32\vsdatant.sys ZwCreateWaitablePort
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteFile
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteKey
SSDT \SystemRoot\System32\vsdatant.sys ZwDeleteValueKey
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwDuplicateObject
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadDriver
SSDT \SystemRoot\System32\vsdatant.sys ZwLoadKey
SSDT \SystemRoot\System32\vsdatant.sys ZwMapViewOfSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenFile
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwOpenProcess
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwOpenSection
SSDT \SystemRoot\System32\vsdatant.sys ZwOpenThread
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwQuerySystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwReplaceKey
SSDT \SystemRoot\System32\vsdatant.sys ZwRequestWaitReplyPort
SSDT \SystemRoot\System32\vsdatant.sys ZwRestoreKey
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwResumeThread
SSDT \SystemRoot\System32\vsdatant.sys ZwSecureConnectPort
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwSetContextThread
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwSetInformationFile
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwSetInformationProcess
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwSetSecurityObject
SSDT \SystemRoot\System32\vsdatant.sys ZwSetSystemInformation
SSDT \SystemRoot\System32\vsdatant.sys ZwSetValueKey
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwSuspendThread
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwTerminateProcess
SSDT \SystemRoot\System32\vsdatant.sys ZwUnloadDriver
SSDT \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS ZwWriteVirtualMemory
INT 0x20 srescan.sys B9C419D0
Code \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS FsRtlCheckLockForReadAccess
Code \??\C:\WINDOWS\system32\ZoneLabs\avsys\KLIF.SYS IoIsOperationSynchronous
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLOSE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_INTERNAL_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Ip IRP_MJ_CLEANUP [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CREATE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLOSE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_INTERNAL_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Tcp IRP_MJ_CLEANUP [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CREATE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLOSE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_INTERNAL_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\Udp IRP_MJ_CLEANUP [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CREATE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLOSE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_INTERNAL_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\RawIp IRP_MJ_CLEANUP [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CREATE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLOSE [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_INTERNAL_DEVICE_CONTROL [B20118A0] vsdatant.sys
Device \Driver\Tcpip \Device\IPMULTICAST IRP_MJ_CLEANUP [B20118A0] vsdatant.sys

-{ Quote: "Hi,

Please post your feedback on ZoneAlarm Pro 70_337_000

Any user of ZoneAlarm Pro 70_337_000 !!!" }-

ankupan:

Here is a link for you from ZA Pro site on known issues with product.

January 15, 2007

Thank you for choosing ZoneAlarm security software, the easy-to-use Internet security product that detects and controls both inbound and outbound Internet traffic, protecting you from known and unknown threats.

To obtain recent updates to this readme, visit http://www.zonelabs.com/readme-v7_0



This is feedback as requested in your OP. ;D

-{ Quote: "ankupan:

Here is a link for you from ZA Pro site on known issues with product.

January 15, 2007

This is feedback as requested in your OP. ;D" }-

Yep, be aware that it refers to ZA 7.0.302.000
Some of the 'know issues' has been fixed with ZA 7.0.337.000

It's a pity that they did not update the readme file...

Fax

Have been using ZoneAlarm Pro since version 5 and have regularly updated to newest version. I will however stay away from their Suite version as they are experiencing some difficulties at this time. I am very happy with the Program overall but will definitely give ESS a go when it is complete. I am a Senior Contributor on ZoneAlarm forums <aka pairofhearts>. I only have one complaint regarding CheckPoint and that is the one year renewal price of ZoneAlarm Pro. Last year it was 19.95 US for a one year renewal subscription. This year it is 29.95 US. A huge percentage increase. If you have to renew you can purchase ZoneAlarm Pro for 39.95 US including an extra years renewal. A savings of 20.00 over the two year period. However that being said, I still believe it is one of, if not, IMHO the best software firewall available. ;)

Hi Fax....nice to see you here!

-{ Quote: " I will however stay away from their Suite version as they are experiencing some difficulties at this time. I am very happy with the Program overall but will definitely give ESS a go when it is complete.
Hi Fax....nice to see you here!" }-

Hi!
Nice to see you here.... too ;D

I am running ZASS on two systems right now... no problems at all.
What kind of problems do you have?

Fax
EDIT: and yes, I agree, ZAPro is expensive...

-{ Quote: "Yep, be aware that it refers to ZA 7.0.302.000
Some of the 'know issues' has been fixed with ZA 7.0.337.000

It's a pity that they did not update the readme file...

Fax" }-

Fax:
Yes, it is an old date on the readme file.

Here again is the list of known issues, as you say some have been fixed, but users here need to know which one's are fixed and which ones are not.

Could you please indicate using this readme list detail which issues have been fixed? Or if easier highlite the issues still outstanding as April 2007?

-{ Quote: "Known issues January 15, 2007.
This section contains the following categories of known issues:

Upgrade / compatibility
Anti-virus / Anti-spyware
Privacy
MailSafe
IM Security
Hardware
Third-party software

Upgrade / compatibility
If you set up a proxy configuration, you will need to restart Zone Labs security software before your changes will take effect. [20924]
When installing Zone Labs security software over an existing installation of MailFrontier spam-blocking software, some MailFrontier settings will be lost after installation. [23315]
Expert rules not blocking traffic allowed by program permission. When you give a program permission to communicate and create an expert rule which is set to block, it is the program permission that takes precedence. For example, if you allow the "ping" program, make a rule to block ping replies from and ping another computer, the reply is allowed. Even though your rule said block, the fact the program was allowed means a reply to the (allowed) send is allowed. [26822]
When upgrading to a new version, close any open trial dialog boxes before beginning the upgrade. [40871]
The Flash tutorial is out of date. [CR00207455]

[COLOR="Red"]Anti-virus / Anti-spyware[/COLOR]
When trying to restore spyware that has been quarantined, you may receive an error if you attempt to restore spyware that was previously restored.
Before attempting to restore a file from the quarantine, make sure your computer has enough free disk space to accommodate the file. [40435]
If you close the scan window while a scan is running, then reopen the window to the same scan, the duration of the scan may display incorrectly. CR00207934
Sometimes ZoneAlarm starts an update during an antivirus or anti-spyware scan. This can lead to erroneous scan results. You should re-run the scan following the update. CR00207772
The list view is set to a specific size which may not show all data. You can select the right edge of the list view and expand the column to see all of the data. CR00207535
If a scan has detected many objects, and you decide to quarantine all objects, the ZoneAlarm user interfacewill update frequently when each item is quarantined. CR00207531
If you set an item to be ignored by a security scan, it is not displayed in the log viewer of the Alerts and Logs panel. CR00207421
If you minimize the update progress window to the task bar, clicking the view update button will not bring the window back up. To show the window again, select the update dialog from the task bar. CR00207344
The count of scanned files can be off by one or more. CR00207122
Occasionally the AV scanner cannot access a file due to the target file permissions. CR00206763
In rare cases, the Scan panel may not load at start up. Try restarting the client or rebooting the machine. CR00206728
ZA (IClient) doesn't check for absence of damaged spyware.dat CR00206627
Sometimes the last scan time can be displayed in error. CR00206605
New spyware scan starts with spyware count derived from previous scan CR00206562
ZoneAlarm Antivirus will automatically quarantine archives that contain "not-a-virus" files. [CR00207999]
ZoneAlarm may not display alerts when blocking programs. [CR00207952]

[COLOR="Red"]Privacy[/COLOR]
Web Filtering and Privacy protection may prevent some images from displaying correctly. On rare occasions, some Web page images may not display correctly when both Web Filtering and Privacy Protection are enabled.

[COLOR="Red"]MailSafe[/COLOR]
E-mail attachments with a .vcf extension with ".com" in file name are not quarantined - Zone Labs security software incorrectly quarantines .vcf files if the filename also contains ".com". For example, a .vcf file named smith.com.vcf would be renamed to smith.z16.vcf. [16046]
MailSafe does not display a warning dialog if you attempt to open a quarantined attachment in Mozilla Thunderbird. [27411]

[COLOR="Red"]IM Security[/COLOR]
If Yahoo Messenger's connection is configured as "Firewall with no proxies" then it will not be always "in use" in "Program History Log" located on IM Security's Main tab. [35061]
When IM is configured to be connected via HTTP protocol, it is not secured by IMsecurity component, it is secured by TrueVector the same way as web browsers that use HTTP(S). [35
Windows Live Messenger cannot synchronize its Shared Folders directory if IMSecurity is turned on. [CR00207912]
Windows Live Messenger does not show a buddy's image if IMSecurity is turned on. [CR00207910]
IMSecurity does not display an alert when blocking a video session in Yahoo 8 IM window. [CR00207600]112]

[COLOR="Red"]Hardware[/COLOR]
TabletPC users must manually assign trust level of "Super" to wisptis.exe or the pen won't work.

[COLOR="Red"]Third-party Software[/COLOR]
Built in XP firewall prevents FTP - The built-in XP firewall can interfere with Zone Labs Security software handling of active FTP traffic. This may result in incoming FTP traffic being blocked by Zone Labs Security software. To solve this problem, either use passive FTP, or turn off the XP firewall. [8456]
Problems with Zone Labs security software and GoToMyPC on Windows XP- If you are connecting to a Windows XP machine that has the "Protect the ... client" option selected, remotely opening the Zone Labs security software Control Center on the host machine will block all keyboard and mouse activity. To resolve this issue, on the host machine, select Program Control|Programs, and give Trusted and Internet access rights to the "GoToMyPC Screensharing Plugin" (g2host.exe), then reboot the host machine. [14624]
Running Zone Labs security software simultaneously with other firewall software may cause conflicts - We recommend that you not run other PC firewall products (such as PC-Cillin, Kerio, Sygate) simultaneously with Zone Labs security software. [12641, 17734]
Certain versions of McAfee antivirus software are incompatible with ZoneAlarm Antivirus and ZoneAlarm Security Suite. If you are using a version of McAfee that uses Layered Service Provider (LSP) technology you will not be able to turn on the Zone Labs antivirus feature. [18034]
When running a Zone Labs firewall product at the same time as Norton Internet Security (NIS), you may have problems viewing some HTML pages. To prevent these problems, disable the NIS Personal Firewall. [23244]" }-

Hi
Sorry, I can't I am not ZA...

I can speak for myself but then I will miss for sure something, since I have never experienced some of these issues listed that may be triggered only under certain circumstances...

Mine was only a warning that the file is OLD.

If you look to the zonelab download page, these is the release note (ZASS):


New Anti-spam version with enhanced image spam detection capabilities
Antivirus updates that were failing with some proxy settings have been restored
Antivirus licensing that allowed some customers’ antivirus to stop functioning has been fixed
Other enhancements to optimize antivirus scanning, treatment and updating
Fixed Microsoft Security Center notifications not being updated correctly
Fixed issue where expert rules disappeared after a restart
Added install gates for AV SKU’s to prevent BSOD for users that have not upgraded their Spydoctor and System Mechanic’s builds to the latest one that fixed the problem
A change was made to allow per application expert rules
Removed Google Desktop installation warning
Fixed issue with the parental control blocked page images not being displayed
Some rare reports of crashing have been isolated and addressed
Yahoo IM8 audio issue fixed
Formatting and translation improvements on non-English products
Program learning mode duration set to 21 days by default
Various other fixes


Fax

That's okay, some new detail there.

-{ Quote: "Hi,

Please post your feedback on ZoneAlarm Pro 70_337_000

Any user of ZoneAlarm Pro 70_337_000 !!!" }-

Here is more recent free update data from ZA. on improvements etc

http://download.zonelabs.com/bin/free/information/zass/releaseHistory.html

What I'm hoping to get is more information on the latest improvements to their identity protection and MyVault features. Many of the top experts there have posted not to rely exclusively on these ZA features.

But what is not known is what are the "holes" in these features in ZA Pro and the suite which I think are the only ZA versions offering this protection.

Does anybody here KNOW what works on these features and what doesn't.
You can't always assume that the user manual is correct!

BD 10 has a similar feature, but I haven't yet compared it via experiment to ZA Pro.

-{ Quote: "Here is more recent free update data from ZA. on improvements etc

http://download.zonelabs.com/bin/free/information/zass/releaseHistory.html

What I'm hoping to get is more information on the latest improvements to their identity protection and MyVault features. Many of the top experts there have posted not to rely exclusively on these ZA features. " }-

Hi!
I think this was pretty much discussed at the ZA forum... sometime ago with your input.

What for sure does not work is the filtering of SSL page (encrypted pages). Data leaves in encrypted form your PC and ZA cannot check the hash stored in Myvault.

Second, it monitors common ports used by web browser, e-mail and IMs.
Data sent on uncommon ports via the above mentioned means will not be detected. I guess the minimim it can filter is http traffic and pop3 traffic. On IM I have no idea on exact ports.. I guess port 1863 TCP for MSN messenger. But obviously not the ports used for video call (e.g. 6891-6900 UDP).

Many similar tools store on your HD the actual private information in encrypted form, ZA does not store any confidential information but only the corresponding hash value. So the risk of having MyVault stolen and information used is zero.

Similar tools can sometimes miss credit card info if credit cards are sent in truncated form, commonly used in many website (e.g. 1234 5678 9101 instead of 123456789101), ZA will detect also tructated forms like the example.

This is basically it... you can't protect your confidential data only using Myvault it is just another layer of defence that you can add to your system.

Fax

i have had very slow start-ups with ZAISS since 6.5 and no matter what i do,the situation remains so...

-{ Quote: "i have had very slow start-ups with ZAISS since 6.5 and no matter what i do,the situation remains so..." }-

Hi Legendkiller! I remember you!

First let me say my post here is OT since this thread is titled ZA Pro which I actually use. It is not slow on start up. So if our moderator wants to move ZAISS to a new thread that is okay as far as I'm concerned but this thread is not mine!

Have you sought advice from ZA Forum or their technical support?

If so what was suggested in detail? and what actually happened with what you tried?

There are many reasons for slow start up. But lets hit this straight on and do some work!

I have listed ZA offerings here for information.
Based on this list you most likely are referring to the last one the ZoneAlarm Security Suite ZASS or ZAISS?

ZoneAlarm (free)
ZoneAlarm Anti-virus
ZoneAlarm Anti-Spyware
ZoneAlarm Pro
ZoneAlarm Security Suite

The features extra over ZA Pro in ZAISS are:


IM Security,
Parental Control,
Identity Protection,
Kaspersky Anti-virus protection,
Junk E-mail Filtering,
Protection for mobile laptop users and wireless home networks.


If you have tried everything the experts have suggested and have still the same problem of slow start up I suggest the following more aggressive steps.
After each step you would try the start up and time it. This is work I know but it is not your fault it is slow.

1) Start up with no change to establish base case time and report it here.
2) Disable all ZA options you can plus 5 extra options in ZAISS except number 4 the KAV AV. reboot and start up again time the start up report results here.
3) If you still have slow start up, disable KAV (if they let you) reboot and time the start up again and report here
4) If you still have slow start up uninstall ZAISS and install ZA Pro on trial, add a top flight AV (NOD 32, BD or Antivir (there are many), reboot and report start up time here
5) If you still have the same issue, it wasn't a ZAISS problem and you need to do a full PC clean up, remove old programs games, run any and all cleanup tools, do a defrag, run a utility optimizer.
6) Try step 4 again and report.

Then we will have some facts to chew on!

Yep, Escalader posted a good list for starting troubleshooting problems with ZASS and if I may add, to troubleshoot also 'external variables' you may want to run your system clean with third party software other then the OS services/software and see if you still have slowdown... I guess you know how to do it, but in case not, here you have:

1.) Click Start -> Run
2.) Type MSConfig in the run box and click OK
3.) Once in MSConfig, click the Startup Tab
4.) Remove the checks from everything except ZLClient
5.) Click the Services Tab
6.) Place a check in "Hide All Microsoft Services"
7.) Now remove checks from everything other than TrueVector Internet
Monitor, and click OK.
8.) Restart your computer.

You can place your computer back into a normal startup process by
going back into msconfig and choosing the Normal Startup option on the
General tab.

Another check you can do is with the windows event viewer (system logs) and check if you have any service that is delaying your boot...

Start --> run --> eventvwr

These are two steps I usually sugget in ZA Forum.

However, if you are happily running your current suite (Norton Security Suite guessing from your signature) probably you are not interested in doing these tests... and I understand it!! ;D

For what it counts, I am using the latest ZASS 7 and I have not experienced any slowdown at startup.

Cheers,
Fax

i may not be able to do what escaleder suggested,but what i can say is that the there is some conflict with some software on my computer or something,coz i have tried using zass even on a completely new windows installation with only drivers installed and it still caused slow-startups...

-{ Quote: "i may not be able to do what escaleder suggested,but what i can say is that the there is some conflict with some software on my computer or something,coz i have tried using zass even on a completely new windows installation with only drivers installed and it still caused slow-startups..." }-

We are OT here as thread is about ZA Pro. But it seems is now a general ZA discussion forum so until the thread owner complains or the moderator does something I will treat the thread as dealing with ZA issues.

BTW, Fax my id is Escalader, to help think of it as Excalibur spelled wrong!

Legendkiller, when you did your "pure" windows only,you can provide the technical specifications of that PC? These then can be compared to the minimun specifications for ZASS. Fax, what are those minimum specs?

CPU, model speed
RAM, GB?
Hard drive GB, speed
Vista or XP

Legendkiller, your theory that there must be a conflict with ZASS and some software on your PC is confusing me.:-[

On a "pure" window ZASS test I would the PC clean to the metal first, then load windows and only ZASS to test it's speed of loading, all other software is then out of the equation.

Also, it is difficult to talk slow start up without the numbers, do you mean minutes? seconds? how many? What is the start up time on your PC with Norton? Otherwise without the data we are just talking around the water cooler.

BTW Fax, can you describe other cases of slow start up with ZASS and how they were resolved? Since you have the tool what is the start up time on your own PC. Where are your PC's spec on your signature? If we use Legends sig to detect Norton, it is only fair we display our own. IMO.;D

I have mine so the base PC and software set is transparent for all members to see and it avoids wasted posts such as what AV do you have etc etc.

-{ Quote: "Hi!
I think this was pretty much discussed at the ZA forum... sometime ago with your input.

What for sure does not work is the filtering of SSL page (encrypted pages). Data leaves in encrypted form your PC and ZA cannot check the hash stored in Myvault.

Second, it monitors common ports used by web browser, e-mail and IMs.
Data sent on uncommon ports via the above mentioned means will not be detected. I guess the minimim it can filter is http traffic and pop3 traffic. On IM I have no idea on exact ports.. I guess port 1863 TCP for MSN messenger. But obviously not the ports used for video call (e.g. 6891-6900 UDP).

Many similar tools store on your HD the actual private information in encrypted form, ZA does not store any confidential information but only the corresponding hash value. So the risk of having MyVault stolen and information used is zero.

Similar tools can sometimes miss credit card info if credit cards are sent in truncated form, commonly used in many website (e.g. 1234 5678 9101 instead of 123456789101), ZA will detect also tructated forms like the example.

This is basically it... you can't protect your confidential data only using Myvault it is just another layer of defence that you can add to your system.

Fax" }-

Very interesting for future reference. JOOC do you use the feature yourself?

well mine is 2.8ghz Pentium-D,1gb ram,Xp SP2...........i think thats a pretty decent config...
when i talk of slow........i mean its really slow.....i cannot be precise but it takes a long time for windows to even show my desktop.........but to my surprise whenever i did the usual "ctrl+alt+del"....it never showed any process of zonealarm taking high % of CPU usage...it use be 1 or 2%

As far as norton is concerned it takes a little longer than usual...it must 10sec or something...

-{ Quote: "Very interesting for future reference. JOOC do you use the feature yourself?" }-

Yes, I do... :)

-{ Quote: "BTW, Fax my id is Escalader, to help think of it as Excalibur spelled wrong! " }-

LoL, sorry... corrected...

Fax

-{ Quote: " BTW Fax, can you describe other cases of slow start up with ZASS and how they were resolved? Since you have the tool what is the start up time on your own PC. Where are your PC's spec on your signature? If we use Legends sig to detect Norton, it is only fair we display our own. IMO.;D " }-

They were basically resolved with MSCONFIG, sometimes it was other services delaying the startup... 80% of the time due to other security tools installed.

Well, there are many examples, but it does not happen on all PCs (this is the problem), so... it may works for some, but not for others.

Sometimes is the Nvidia nTunes or the Nvidia control panel, iTunes, Quicktime, DELL Support Service, Windows Desktop search, NERO, .... many of these programs do not need to start at ALL at boot and they are only wasting resources...

Delay at boot up?
Yes, I am sure I have a delay at boot (ZASS is an heavy program) but I cannot really notice it... May be 1 to 5 seconds?

My Spec?
Yes, here you have:

Core 2 Duo, 6700
4Gig. RAM
1 Tera HD
Nvidia 8800 GTX

Cheers,
Fax

-{ Quote: "well mine is 2.8ghz Pentium-D,1gb ram,Xp SP2...........i think thats a pretty decent config...
when i talk of slow........i mean its really slow.....i cannot be precise but it takes a long time for windows to even show my desktop.........but to my surprise whenever i did the usual "ctrl+alt+del"....it never showed any process of zonealarm taking high % of CPU usage...it use be 1 or 2%

As far as norton is concerned it takes a little longer than usual...it must 10sec or something..." }-

Yes, that is a decent config for sure, mine is slightly different 3.0 ghz 1.5 GB ram, xp sp2.

Was Norton fully uninstalled before doing the ZASS speed test?
It is a bear to uninstall, there is a uninstall utility from them to wipe out all vestiges of NORTON. That would have to have been done to avoid conflict between 2 AV's which as is widely known as a NO-NO;D If I could I would want to go straight to the metal and try to replicate your results, but that is not going to happen!

Fax, your config is huge on memory, so you should never have speed issues!;D Heck you could store everything (almost) in RAM and forgo the harddrive! (Only kidding8)

I still don't see why legendkiller should not have good load speed as ZA Pro and ZASS. This may have to remain one of life's little mysteries. :ouch:

-{ Quote: "Fax, your config is huge on memory, so you should never have speed issues!;D Heck you could store everything (almost) in RAM and forgo the harddrive! (Only kidding8)

I still don't see why legendkiller should not have good load speed as ZA Pro and ZASS. This may have to remain one of life's little mysteries. :ouch:" }-

Well, I forgot to mention that I have ZASS installed on two other systems... Intel Pentium 1,3/2 ghz 1G RAM... and no serious delays as experienced by Legendkiller. May be 5 to 15 seconds? Unless this is considered a serious delay.

Fax

-{ Quote: "...... May be 5 to 15 seconds? Unless this is considered a serious delay.

Fax" }-

Nope, seems fast enough IMO anyway... it only happens 1/day 8)

i haven't used ZASS now,it was in march when the latest update was released....but since it did not work i renewed my norton's license and have been using it since then....
i would however be testing the new beta when i install vista tommorrow...

-{ Quote: "i haven't used ZASS now,it was in march when the latest update was released....but since it did not work i renewed my norton's license and have been using it since then....
i would however be testing the new beta when i install vista tommorrow..." }-

Hi legend:

Do you mean beta ZASS? :-\

If yes, I would respectfully suggest you not try 2 new software tools (new to you) at the same time. You will never be able to tell which glitch is caused by what!:o

Also back up entire current working PC before you start, in case you have to fall back to where you are now!8)

Good luck!

thanks for your advice,i am still in two minds about installing vista....as for zass 7.0.337 i am not going to go through ordeal of installing it again on xp.....coz the huge start-up bugs not only me but my other family members as well who use the comp along with me....
as for vista i will decide only tommorrow..

-{ Quote: "thanks for your advice,i am still in two minds about installing vista....as for zass 7.0.337 i am not going to go through ordeal of installing it again on xp.....coz the huge start-up bugs not only me but my other family members as well who use the comp along with me....
as for vista i will decide only tommorrow.." }-


It's all OT but if you are stable on XP with Norton 2007 why change anything?

What is it you want to achieve?

If it is test ZASS on Vista at same time, only do that on 1 PC designated as a TEST PC only. Nothing on it of any value!

Depends on what your goals are software debugging for MS and ZA or use PC's for your own personal reasons?

These are just my own views of course!

-{ Quote: "Hi!
I think this was pretty much discussed at the ZA forum... sometime ago with your input.

What for sure does not work is the filtering of SSL page (encrypted pages). Data leaves in encrypted form your PC and ZA cannot check the hash stored in Myvault.

Second, it monitors common ports used by web browser, e-mail and IMs.
Data sent on uncommon ports via the above mentioned means will not be detected. I guess the minimim it can filter is http traffic and pop3 traffic. On IM I have no idea on exact ports.. I guess port 1863 TCP for MSN messenger. But obviously not the ports used for video call (e.g. 6891-6900 UDP).

Many similar tools store on your HD the actual private information in encrypted form, ZA does not store any confidential information but only the corresponding hash value. So the risk of having MyVault stolen and information used is zero.

Similar tools can sometimes miss credit card info if credit cards are sent in truncated form, commonly used in many website (e.g. 1234 5678 9101 instead of 123456789101), ZA will detect also tructated forms like the example.

This is basically it... you can't protect your confidential data only using Myvault it is just another layer of defence that you can add to your system.

Fax" }-

Another source provided this:

"My Vault only operates on a select number of TCP/IP ports including Port 80 (HTTP). Sending the same information out over other ports may not get detected (eg via FTP, SMTP etc) because it may not be checked on ports used for those kinds of tests.

I don't use My Vault because I think it creates more problems than it resolves and I really can't see a good use for it. But if you want to use it, you need to be aware of its limitations.

Like everything else in this world of software PC protection, it certainly lulls you into a false sense of security"

-{ Quote: "Another source provided this:

"My Vault only operates on a select number of TCP/IP ports including Port 80 (HTTP). Sending the same information out over other ports may not get detected (eg via FTP, SMTP etc) because it may not be checked on ports used for those kinds of tests.

I don't use My Vault because I think it creates more problems than it resolves and I really can't see a good use for it. But if you want to use it, you need to be aware of its limitations.

Like everything else in this world of software PC protection, it certainly lulls you into a false sense of security"" }-

Yep, basically the same I have reported but with a more "colored" tone...
Knowing Myvault limits its very important but I personally found it useful as an additional layer of defense, especially for the most common malware/phishing attacks.

For example, yesterday I was reading about this recent Trojan attack… here: http://www.dslreports.com/forum/remark,18285118

Imaging that your phishing filter would fail and your AV would not warn about it and you are so ‘naïve’ to input your credit card detail into the form, Myvault will prevent this information to be sent, since it uses standard http communication (as most of these phishing attempts).

Well, on the other hand, you really need to use common sense… why Microsoft would ask you about credit card and why Microsoft would allow this information to be sent on clear channels….??? and a completely ‘naïve’ user would still allow the information to leak through Myvault unless Myvault is set to HIGH instead of medium…. ;)

Fax

-{ Quote: "Yep, basically the same I have reported but with a more "colored" tone...
Knowing Myvault limits its very important but I personally found it useful as an additional layer of defense, especially for the most common malware/phishing attacks.

For example, yesterday I was reading about this recent Trojan attack… here: http://www.dslreports.com/forum/remark,18285118

Imaging that your phishing filter would fail and your AV would not warn about it and you are so ‘naïve’ to input your credit card detail into the form, Myvault will prevent this information to be sent, since it uses standard http communication (as most of these phishing attempts).

Well, on the other hand, you really need to use common sense… why Microsoft would ask you about credit card and why Microsoft would allow this information to be sent on clear channels….??? and a completely ‘naïve’ user would still allow the information to leak through Myvault unless Myvault is set to HIGH instead of medium…. ;)

Fax" }-

Fax:

It is possible for any of us yes, me, you etc to be naive, (a good word).

Trying to visualize a user that had enough wisdom to use MyVault set to medium then to high, with the experience to set up a phishing filter and then at the same time shove their credit card into an open form on a non https well..... nope I can't get the image focused. ;D

As usual here are some specific questions ,

(1) What do you use for phishing filters? 1 or more? Rational is...?
(2) On My Vault there were some improvement made with 7, what were those? If you don't know that's okay.

My Opinion Piece: Even if users use all the best security practices, if a vendor misuses your private information in the course of honest business with flawed practices then none of this matters. Your id is blown!

Online purchases I use a second credit card with a minimum credit level, this minimizes risk. I recommend this to ALL posters.

-{ Quote: " As usual here are some specific questions ,

(1) What do you use for phishing filters? 1 or more? Rational is...?
(2) On My Vault there were some improvement made with 7, what were those? If you don't know that's okay. " }-

1. No phishing filter, I use ZASS junk mail that works very well in filtering crap/phish... and never trust any e-mail asking me to input password/credit card etc...
2. No idea, sorry

-{ Quote: " My Opinion Piece: Even if users use all the best security practices, if a vendor misuses your private information in the course of honest business with flawed practices then none of this matters. Your id is blown!

Online purchases I use a second credit card with a minimum credit level, this minimizes risk. I recommend this to ALL posters. " }-

Yes, 100% agree... vendor can be the weak point in the chain.
Though while compromised machines on the NET are in the order of millions... compromised vendors are hopefully less... so the probability of been using one of them is low (but still exist!)

Fax

Hi all ZA Pro Posters;

My PC connected to hs2.zonelabs.com, it was logged for me.

Must be a ZA server but there is no way to tell? or is there?

What is the reason this is needed? What type of information was exchanged?

I have auto updating turned off for the software and the ASW tool so it is unclear why this occurred? No I don't believe in the old story about ZA spying since that was disposed of a long time ago.

Any information will be appreciated

-{ Quote: "Hi all ZA Pro Posters;

My PC connected to hs2.zonelabs.com, it was logged for me.

Must be a ZA server but there is no way to tell? or is there?

What is the reason this is needed? What type of information was exchanged?

I have auto updating turned off for the software and the ASW tool so it is unclear why this occurred? No I don't believe in the old story about ZA spying since that was disposed of a long time ago.

Any information will be appreciated" }-



You can work around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.

Also, you can check this out:
http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html

I have the same problem with ZoneAlarm making unwarranted outbound even when all auto updates and share info are checked off.


208.185.174.65 > this seems to be the problem Zonelabs IP

209.87.209.52 > this is the Zonelabs program update


I blocked 208.185.174.65 by adding it to the host file; hopefully this will solve the outbound problem while still able to update.


--

Hi!

these are the main servers used by ZA.

cm2.zonelabs.com assists in the functioning of various services including the AlertAdvisor, antivirus updates, and antivirus monitoring.
hs2.zonelabs.com helps your client keep its services up to date.
ls2.zonelabs.com manages information relating to program configuration.
pa2.zonelabs.com manages the Program Advisor functionality.
ps2.zonelabs.com helps with updates to services and client functionality.
update.zonelabs.com supports the "Check for Update" functionality.
register.zonelabs.com handles product registration.

Disabling communication will disable most of the features in the paid product.
Automatic settings of known programs, automatic block of malware, updates, etc... Your are, more or less, using the ZA free firewall features.

If you do not trust the security tools you have installed better to remove it and choose a product you feel confortable with and a product with which you can use all features you are paying for...

Cheers,
Fax

-{ Quote: "You can work around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.

Also, you can check this out:
http://www.infoworld.com/article/06/01/13/73792_03OPcringley_1.html" }-

Henry: thanks, but the basic question remains unanswered.

Any or all of these servers can be blocked but there are no technical reasons given to do so. At least not in this thread.

What are the technical details and real examples of exactly what/why data is passed to and from these many servers ?

for example ...helps your client keep its services up to date.... what exactly does that mean? it is too vague to act upon.

what client? what services, there are 2 update functions both are off, does the FW bypass of these 2 off's? Are there updating components that try to connect outside of the 2 blocked ones? It seems so but I want to know before just blocking something that is quite valid and explainable.

What are the facts?

-{ Quote: "Henry: thanks, but the basic question remains unanswered.

Any or all of these servers can be blocked but there are no technical reasons given to do so. At least not in this thread.

What are the technical details and real examples of exactly what/why data is passed to and from these many servers ?

for example ...helps your client keep its services up to date.... what exactly does that mean? it is too vague to act upon.

what client? what services, there are 2 update functions both are off, does the FW bypass of these 2 off's? Are there updating components that try to connect outside of the 2 blocked ones? It seems so but I want to know before just blocking something that is quite valid and explainable.

What are the facts?" }-

Probably the best is to contact ZA support directly...
They may have additional info available or a better explanation (may be)

Fax

-{ Quote: "I have the same problem with ZoneAlarm making unwarranted outbound even when all auto updates and share info are checked off.


208.185.174.65 > this seems to be the problem Zonelabs IP

209.87.209.52 > this is the Zonelabs program update


I blocked 208.185.174.65 by adding it to the host file; hopefully this will solve the outbound problem while still able to update.


--" }-

In reference to the following, 208.185.174.65 > this seems to be the problem Zonelabs IP. Why is Zonelabs connecting to Abovenet Communications, Inc, in the first place? Any reason to that?

-{ Quote: "In reference to the following, 208.185.174.65 > this seems to be the problem Zonelabs IP. Why is Zonelabs connecting to Abovenet Communications, Inc, in the first place? Any reason to that?" }-

Abovenet Communication? What are you talking about??

canonical name cm2.zonelabs.com.
aliases
addresses 208.185.174.65

canonical name update.zonelabs.com.
aliases
addresses 209.87.209.52

Fax
Better to leave this thread before it will be trasformed in.. the mossad is spying you... Keep ZA away.. LOL

-{ Quote: "Abovenet Communication? What are you talking about??

canonical name cm2.zonelabs.com.
aliases
addresses 208.185.174.65

canonical name update.zonelabs.com.
aliases
addresses 209.87.209.52

Fax
Better to leave this thread before it will be trasformed in.. the mossad is spying you... Keep ZA away.. LOL" }-


I am talking about this. Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255

Btw, this is an discussion, NO NEED for an attitude problem.

-{ Quote: "

Disabling communication will disable most of the features in the paid product.
Automatic settings of known programs, automatic block of malware, updates, etc... Your are, more or less, using the ZA free firewall features.

" }-

Thanks for the inputs, I searched and found similar responses here:

http://forums.zonealarm.com/zonelabs/board/message?board.id=cfg&message.id=46795

http://forums.zonealarm.com/zonelabs/board/message?board.id=gen&message.id=17380


I understand that softwares need updates in order to be effective, but the basic questions and concerns remain the same:

1. If the ZA outbound in question is for update, why does it do that even after all updates are set to manual?

2. If it's not update, then what is it?? ???


It can't possibly be a bug since the issue was known long ago, and Zonelabs would had fixed it if it's just a technical thing.


--

-{ Quote: "I am talking about this. Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255

Btw, this is an discussion, NO NEED for an attitude problem." }-


Network Whois record
Queried whois.arin.net with "!NET-208-185-174-0-1"...

CustName: Zone Labs, Inc.
Address: 1060 Howard Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US
RegDate: 2003-01-16
Updated: 2003-01-16

NetRange: 208.185.174.0 - 208.185.174.255
CIDR: 208.185.174.0/24
NetName: MFN-B709-208-185-174-0-24
NetHandle: NET-208-185-174-0-1
Parent: NET-208-184-0-0-1
NetType: Reassigned
Comment: abuse@zonelabs.com
RegDate: 2003-01-16
Updated: 2003-01-16

RTechHandle: NOC41-ORG-ARIN
RTechName: AboveNet NOC
RTechPhone: +1-877-479-7378
RTechEmail: noc@above.net

OrgAbuseHandle: ABOVE-ARIN
OrgAbuseName: AboveNet Abuse
OrgAbusePhone: +1-888-636-2778
OrgAbuseEmail: abuse@above.net

OrgNOCHandle: NOC41-ORG-ARIN
OrgNOCName: AboveNet NOC
OrgNOCPhone: +1-877-479-7378
OrgNOCEmail: noc@above.net

OrgTechHandle: ABOVE1-ARIN
OrgTechName: AboveNet Engineering
OrgTechPhone: +1-888-636-2778
OrgTechEmail: arin@above.net

# ARIN WHOIS database, last updated 2007-05-08 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

ZA is probably using above.net as service provider, so what?

Fax

-{ Quote: "Probably the best is to contact ZA support directly...
They may have additional info available or a better explanation (may be)

Fax" }-

Maybe later... best to try selective blocking 1st to see if there are any ill effects. Sometime vendor support points users to FAQ page and wastes time.
I'll test Maysky's idea first to see if I get the same outward packets.

The approach is when we find which/if servers are not needed for updates publish the results here. Sort of like 3rd party testing for the forum.

Using ZA Pro's excellent FW zones page enter theses sites and block them one by one day by day it should be easy :-\


BTW Fax, is Berge01 pointing out that the Abovenet Communications, Inc is where the outward is going ?

"I am talking about this. Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255" .

and you are saying this is a service provider? Most ZA users are not aware of that linkage. Thanks for the extra data.

-{ Quote: "ZA is probably using above.net as service provider, so what?" }-This, for me, on a security forum is somewhat disturbing. For a statement that "probably" using an IP, to "So what", is to me a need for concern.

When a member of this forum asks a question, then either the answer is unknown, or the answer is given. For a reply "So what", I give concern as to the ability/knowledge of that member to give info.

-{ Quote: "This, for me, on a security forum is somewhat disturbing. For a statement that "probably" using an IP, to "So what", is to me a need for concern.

When a member of this forum asks a question, then either the answer is unknown, or the answer is given. For a reply "So what", I give concern as to the ability/knowledge of that member to give info." }-


The answer was given and the "so what" was directed to the poster...;D
So what? You don't like ZA is using a service porvider?

"Probably" means: I am not working for ZA!!!! So I don't know why they have choosen that provider instead of XXX!

Fax

-{ Quote: "I am talking about this. Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255

Btw, this is an discussion, NO NEED for an attitude problem." }-

Hello all posters:

Just added hs2.zonelabs.com to the blocked sites list in the ZA FW.

It translated to 208.185.174.66 which is the range of ip's under review.

More testing data to follow.

I just did a manual update and ZA Client was blocked from trying to reach 17.112.152.32 which translates to www.apple.com. akadns.net. But the update ran okay.

Question: Why was an attempt made to apple?

I then ran an ASW update, and it ran without any pop ups.

I kind of like pop ups now since they teach us things we can't get any other way!

Now I'm adding 208.185.174.65 to the list, wait for it...

It is Abovenet Communications, Inc, just as Bergo1 said, good confirmation of facts. Very refreshing.

I again did an update of product, got the apple connect attempt blocked again but update was done.

The ASW ran okay no blocks or messages! Just think if we lowered the logging factors or eased the FW security these information would be lost or not poped up!

Does anybody want to test that?

Sorry my BD 10 just did it's automatic update, no messages, I can only assume they didn't try the apple connect or the Abovenet site.

Enjoy !

I'll return latter after adding more sites to block!

-{ Quote: "This, for me, on a security forum is somewhat disturbing. For a statement that "probably" using an IP, to "So what", is to me a need for concern.

When a member of this forum asks a question, then either the answer is unknown, or the answer is given. For a reply "So what", I give concern as to the ability/knowledge of that member to give info." }-


I think because you and Fax disagree in another thread you have taken this personal and now have taken what I call a "cheap shot ". Come on now we are all better then this.

-{ Quote: "gre87y says...I think because you and Fax disagree in another thread you have taken this personal and now have taken what I call a "cheap shot ". Come on now we are all better then this." }-

-{ Quote: "Rodney King said it best... Can't we all just get along?" }-

Seriously, I for one appreciate the frank discussion here on this forum. I prefer it to the ZA forums where I find that disagreements w/ ZA forum officials are stifled.

-{ Quote: "I think because you and Fax disagree in another thread you have taken this personal and now have taken what I call a "cheap shot ". Come on now we are all better then this." }-

And I think saying Cheap shots phrase is cheap is a cheap shot. ;D

When things get tough posters should provide reasonable and consistent answers to the questions put and accept that they may be shown to be wrong. If that is not the style of that poster then they are trying to answer a question best left to others. IMHO.

If posters use 'You" it gets personal if read to closely, but that should be no surprise. Here we have to remember that it's not posters who moderate we just post Q and A's and carry on!

Oldshep has it right again.

But what is the answer to the posted question?

If the Fax doesn't know, that's acceptable maybe you know?

If not provided answers will come out anyway, in time. Is there a reference to the source of the answers please provide it That would be a contribution to knowledge and clarity.

If not others will guess and speculate and draw unpleasant conclusions and it would have been better not to guess in the 1st place.

Solid, complete, logical facts are the only thing we need can anybody help with the answers and just forget the static?

-{ Quote: "If not provided answers will come out anyway, in time. Is there a reference to the source of the answers please provide it That would be a contribution to knowledge and clarity." }-

Detailed information about IPs registrants and ISP are publicly available on the net...

You go here: http://centralops.net/co/DomainDossier.aspx
Input your IP, check all boxes and you will get full info.

This address is registered to ZA since 1998...
This is not speculations, just recorded information:

------------------------------------------
Address lookup
canonical name cm2.zonelabs.com.
aliases
addresses 208.185.174.65


Domain Whois record
Queried whois.internic.net with "dom zonelabs.com"...

Whois Server Version 1.3

Domain names in the .com and .net domains can now be registered
with many different competing registrars. Go to http://www.internic.net
for detailed information.

Domain Name: ZONELABS.COM
Registrar: GO DADDY SOFTWARE, INC.
Whois Server: whois.godaddy.com
Referral URL: http://registrar.godaddy.com
Name Server: DNS1.ZONELABS.COM
Name Server: DNS2.ZONELABS.COM
Status: clientRenewProhibited
Status: clientTransferProhibited
Status: clientUpdateProhibited
Status: clientDeleteProhibited
Updated Date: 22-dec-2006
Creation Date: 10-nov-1998
Expiration Date: 09-nov-2013


>>> Last update of whois database: Wed, 9 May 2007 22:09:03 UTC <<<

NOTICE: The expiration date displayed in this record is the date the
registrar's sponsorship of the domain name registration in the registry is
currently set to expire. This date does not necessarily reflect the expiration
date of the domain name registrant's agreement with the sponsoring
registrar. Users may consult the sponsoring registrar's Whois database to
view the registrar's reported date of expiration for this registration.

TERMS OF USE: You are not authorized to access or query our Whois
database through the use of electronic processes that are high-volume and
automated except as reasonably necessary to register domain names or
modify existing registrations; the Data in VeriSign Global Registry
Services' ("VeriSign") Whois database is provided by VeriSign for
information purposes only, and to assist persons in obtaining information
about or related to a domain name registration record. VeriSign does not
guarantee its accuracy. By submitting a Whois query, you agree to abide
by the following terms of use: You agree that you may use this Data only
for lawful purposes and that under no circumstances will you use this Data
to: (1) allow, enable, or otherwise support the transmission of mass
unsolicited, commercial advertising or solicitations via e-mail, telephone,
or facsimile; or (2) enable high volume, automated, electronic processes
that apply to VeriSign (or its computer systems). The compilation,
repackaging, dissemination or other use of this Data is expressly
prohibited without the prior written consent of VeriSign. You agree not to
use electronic processes that are automated and high-volume to access or
query the Whois database except as reasonably necessary to register
domain names or modify existing registrations. VeriSign reserves the right
to restrict your access to the Whois database in its sole discretion to ensure
operational stability. VeriSign may restrict or terminate your access to the
Whois database for failure to abide by these terms of use. VeriSign
reserves the right to modify these terms at any time.

The Registry database contains ONLY .COM, .NET, .EDU domains and
Registrars.

Queried whois.godaddy.com with "zonelabs.com"...

The data contained in GoDaddy.com, Inc.'s WhoIs database,
while believed by the company to be reliable, is provided "as is"
with no guarantee or warranties regarding its accuracy. This
information is provided for the sole purpose of assisting you
in obtaining information about domain name registration records.
Any use of this data for any other purpose is expressly forbidden without the prior written
permission of GoDaddy.com, Inc. By submitting an inquiry,
you agree to these terms of usage and limitations of warranty. In particular,
you agree not to use this data to allow, enable, or otherwise make possible,
dissemination or collection of this data, in part or in its entirety, for any
purpose, such as the transmission of unsolicited advertising and
and solicitations of any kind, including spam. You further agree
not to use this data to enable high volume, automated or robotic electronic
processes designed to collect or compile this data for any purpose,
including mining this data for your own personal or commercial purposes.

Please note: the registrant of the domain name is specified
in the "registrant" field. In most cases, GoDaddy.com, Inc.
is not the registrant of domain names listed in this database.


Registrant:
Zone Labs, L.L.C.

Registered through: GoDaddy.com, Inc. (http://www.godaddy.com)
Domain Name: ZONELABS.COM

Domain servers in listed order:
DNS1.ZONELABS.COM
DNS2.ZONELABS.COM


For complete domain details go to:
http://who.godaddy.com/whoischeck.aspx?Domain=ZONELABS.COM
Network Whois record
Queried whois.arin.net with "!NET-208-185-174-0-1"...

CustName: Zone Labs, Inc.
Address: 1060 Howard Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US
RegDate: 2003-01-16
Updated: 2003-01-16

NetRange: 208.185.174.0 - 208.185.174.255
CIDR: 208.185.174.0/24
NetName: MFN-B709-208-185-174-0-24
NetHandle: NET-208-185-174-0-1
Parent: NET-208-184-0-0-1
NetType: Reassigned
Comment: abuse@zonelabs.com
RegDate: 2003-01-16
Updated: 2003-01-16

RTechHandle: NOC41-ORG-ARIN
RTechName: AboveNet NOC
RTechPhone: +1-877-479-7378
RTechEmail: noc@above.net

OrgAbuseHandle: ABOVE-ARIN
OrgAbuseName: AboveNet Abuse
OrgAbusePhone: +1-888-636-2778
OrgAbuseEmail: abuse@above.net

OrgNOCHandle: NOC41-ORG-ARIN
OrgNOCName: AboveNet NOC
OrgNOCPhone: +1-877-479-7378
OrgNOCEmail: noc@above.net

OrgTechHandle: ABOVE1-ARIN
OrgTechName: AboveNet Engineering
OrgTechPhone: +1-888-636-2778
OrgTechEmail: arin@above.net

# ARIN WHOIS database, last updated 2007-05-09 19:10
# Enter ? for additional hints on searching ARIN's WHOIS database.

DNS records
name class type data time to live
cm2.zonelabs.com IN A 208.185.174.65 86400s (1.00:00:00)
zonelabs.com IN A 209.87.209.44 86400s (1.00:00:00)
zonelabs.com IN MX preference: 10
exchange: usmail-as.zonelabs.com
86400s (1.00:00:00)
zonelabs.com IN MX preference: 20
exchange: cale-as.checkpoint.com
86400s (1.00:00:00)
zonelabs.com IN TXT v=spf1 a:hqjump.zonelabs.com a:mfnbm1.zonelabs.com ip4:66.35.244.0/24 ip4:66.35.193.0/24 ip4:64.152.127.0/24 mx -all 86400s (1.00:00:00)
zonelabs.com IN NS dns1.zonelabs.com 86400s (1.00:00:00)
zonelabs.com IN NS dns2.zonelabs.com 86400s (1.00:00:00)
zonelabs.com IN SOA server: dns1.zonelabs.com
email: hostmaster.zonelabs.com
serial: 2006071052
refresh: 21600
retry: 3600
expire: 604800
minimum ttl: 86400
86400s (1.00:00:00)
65.174.185.208.in-addr.arpa IN PTR cm2.zonelabs.com 36705s (10:11:45)

-{ Quote: "The answer was given and the "so what" was directed to the poster...;D
So what? You don't like ZA is using a service porvider?

"Probably" means: I am not working for ZA!!!! So I don't know why they have choosen that provider instead of XXX!

Fax" }-


This would be a typical answer one would get from Z.A's forum. ::)

-{ Quote: "This would be a typical answer one would get from Z.A's forum. ::)" }-

And this would be a typical answer when you post at wilders ;D
Nothing better to say on this ???

Fax

henryg has made a good observation, but we are here not there, so here we go again...

Text from internet is data, it doesn't become information until validated by more than one source or confirmed by repeated experiment.

My question was for gre87y most posters answer questions themselves. That is a puzzle it self.

Berge01 you seem to know about these outbound details can you expand on these concerns? The DNS names don't seem to line up here?

I used ZA site lookup in block to translate 208.185.174.65 it was the same as Berge01's firm name? Abovenet. I will look them up name wise in the financial databases to see what can be learned there, more later.
_________________________________________________________________
Originally Posted by Berge01
I am talking about this. Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255
_________________________________________________________________

Here are my the testing results and questions repeated to stay OP.

Hello all posters:

Just added hs2.zonelabs.com to the blocked sites list in the ZA FW.

It translated to 208.185.174.66 which is the range of ip's under review.

More testing data to follow.

I just did a manual update and ZA Client was blocked from trying to reach 17.112.152.32 which translates to www.apple.com. akadns.net. But the update ran okay.

Question: Why was an attempt made to apple?

I then ran an ASW update, and it ran without any pop ups.

I kind of like pop ups now since they teach us things we can't get any other way!

Now I'm adding 208.185.174.65 to the list, wait for it...

It is Abovenet Communications, Inc, just as Bergo1 said, good confirmation of facts. Very refreshing.

I again did an update of product, got the apple connect attempt blocked again but update was done.

The ASW ran okay no blocks or messages! Just think if we lowered the logging factors or eased the FW security these information would be lost or not poped up!

Does anybody want to test that?

Sorry my BD 10 just did it's automatic update, no messages, I can only assume they didn't try the apple connect or the Abovenet site.

Enjoy !

I'll return latter after adding more sites to block!

-{ Quote: "henryg has made a good observation, but we are here not there, so here we go again...

Text from internet is data, it doesn't become information until validated by more than one source or confirmed by repeated experiment.

" }-

Hi!
Vaildated? ??? Do you know what is internic.net? And arin.net?
More validated than this I don't know what to post here. :-\

What is ICANN?
The Internet Corporation for Assigned Names and Numbers (ICANN) is responsible for managing and coordinating the Domain Name System (DNS) to ensure that every address is unique and that all users of the Internet can find all valid addresses. It does this by overseeing the distribution of unique IP addresses and domain names. It also ensures that each domain name maps to the correct IP address.

ICANN is also responsible for accrediting the domain name registrars. "Accredit" means to identify and set minimum standards for the performance of registration functions, to recognize persons or entities meeting those standards, and to enter into an accreditation agreement that sets forth the rules and procedures applicable to the provision of Registrar Services.

ICANN's role is very limited, and it is not responsible for many issues associated with the Internet, such as financial transactions, Internet content control, spam (unsolicited commercial email), Internet gambling, or data protection and privacy.

What is InterNIC?
The InterNIC website is operated by ICANN to provide the public information regarding Internet domain name registration services.

Fax

Gre87g:

Here is another question with a link to help you.

https://www.icsalabs.com/icsa/criteria.php?crit=44

Checkpoint is listed as member of the developer consortium.

What were the results of ZA Pro being tested against these criteria?

It's okay if you don't know. But since the OP is a request for feedback on ZA Pro you are the best person to explain this DATA (not=information)

Teaching what validation means is OT.

Text from internet is data, it doesn't become information until validated by more than one reliable and consistent source and confirmed by repeated experiments and more than 1 researcher.

Validated means proven to be true by more than one source and then confirmed.

But I won't divert the ip id question is still unclear. I will wait for Berge01's answer.

-{ Quote: "Teaching what validation means is OT.

Text from internet is data, it doesn't become information until validated by more than one reliable and consistent source and confirmed by repeated experiments and more than 1 researcher.

Validated means proven to be true by more than one source and then confirmed.

But I won't divert the ip id question is still unclear. I will wait for Berge01's answer." }-

I am confused... ???
Is that referring to the information present in ICANN databases?
What you actually need to verify?
If the information is correct?

Fax

yes, I know.

.....wait for Berge01's answer

-{ Quote: "yes, I know.

.....wait for Berge01's answer" }-

The question still remains, why is Zone Labs contacting Abovenet Communications?

You can block the following and still be protected by Zone Alarm, which will NOT have any type of effect on the software.

Search results for: 208.185.174.65

Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255
Zone Labs, Inc. MFN-B709-208-185-174-0-24 (NET-208-185-174-0-1)
208.185.174.0 - 208.185.174.255

-{ Quote: "The question still remains, why is Zone Labs contacting Abovenet Communications?

You can block the following and still be protected by Zone Alarm, which will NOT have any type of effect on the software.

Search results for: 208.185.174.65

Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255
Zone Labs, Inc. MFN-B709-208-185-174-0-24 (NET-208-185-174-0-1)
208.185.174.0 - 208.185.174.255" }-

Uuuhm, running in circles...
Your ZA software is contacting an IPs that is registered and owned by Zonelabs. AboveNet is the technical handler.
i.e. your ZA software is contacting a ZA server.

Looks like my posts are sort of transparent, not in term of clarity but in terms of invisibility :(

If you simply input the IP in the ARIN database you will get only basic information. For full details of the IP just add a "+" in front of the IP.

http://www.arin.net/whois/
You should write "+208.185.174.65" (without "...")

-----------------------------------------
CustName: Zone Labs, Inc.
Address: 1060 Howard Street
City: San Francisco
StateProv: CA
PostalCode: 94103
Country: US
RegDate: 2003-01-16
Updated: 2003-01-16

NetRange: 208.185.174.0 - 208.185.174.255
CIDR: 208.185.174.0/24
NetName: MFN-B709-208-185-174-0-24
NetHandle: NET-208-185-174-0-1
Parent: NET-208-184-0-0-1
NetType: Reassigned
Comment: abuse@zonelabs.com
RegDate: 2003-01-16
Updated: 2003-01-16

RTechHandle: NOC41-ORG-ARIN
RTechName: AboveNet NOC
RTechPhone: +1-877-479-7378
RTechEmail: noc@above.net

Fax

-{ Quote: "I think because you and Fax disagree in another thread you have taken this personal and now have taken what I call a "cheap shot ". Come on now we are all better then this." }-Not at all. I would of responded the same to any member who makes a reply to a question with "Probably / so what" type answer.
If the answer is known, then the answer can be given, I see no point in a reply as "Probably / so what".

-{ Quote: "Not at all. I would of responded the same to any member who makes a reply to a question with "Probably / so what" type answer.
If the answer is known, then the answer can be given, I see no point in a reply as "Probably / so what"." }-

I am sorry if "probably" and "so what" have somehow annoyed you.
I thought information from ICANN was comprehensible to anyone here in the forum. I have however tried to explain them as much as possible, up to the limit of my imperfect knowledge about the subject.

Cheers,
Fax

-{ Quote: "I am sorry if "probably" and "so what" have somehow annoyed you.
I thought information from ICANN was comprehensible to anyone here in the forum. I have however tried to explain them as much as possible, up to the limit of my imperfect knowledge about the subject.

Cheers,
Fax" }-You are simply posting info on where the connection is being made to. The question is -{ Quote: ""why is Zone Labs contacting Abovenet Communications"" }-
Is the connection being made due to an update option enabled? If so, which one?.
If all update options are disabled, then ZA simply should not be making these connections.

-{ Quote: "You are now simply posting info on where the connection is being made to. The question is
Is the connection being made due to an update option enabled? If so, which one?.
If all update options are disabled, then ZA simply should not be making these connections." }-

I know that you like to divert the subject on ZA calling home.
But the original question was "-{ Quote: " Why is Zonelabs connecting to Abovenet Communications, Inc, in the first place? Any reason to that?" }-

And I wanted to clarify that ZA is not connecting to Abovenet Communications but is connecting to a ZAlabs IP that is technically handled by Abovenet.

Why would ZA software contacting a ZA server, I have no idea and actually I don't care... as explained before. Either you trust the application you use or better you choose another one (I think we already discussed about it). I prefer to concentrate my efforts into securing my systems from external threads then securing my system from ZoneLabs connections ;)

But that's my approach and what I posted was not related to ZA contacting ZA home but ZA contacting Abovenet. ::)

Fax

-{ Quote: "The question still remains, why is Zone Labs contacting Abovenet Communications?

You can block the following and still be protected by Zone Alarm, which will NOT have any type of effect on the software.

Search results for: 208.185.174.65

Abovenet Communications, Inc ABOVENET-6 (NET-208-184-0-0-1)
208.184.0.0 - 208.185.255.255
Zone Labs, Inc. MFN-B709-208-185-174-0-24 (NET-208-185-174-0-1)
208.185.174.0 - 208.185.174.255" }-

Berge01,

Right, I have now blocked

208.185.174.65 which ZA Site feature translates to cm2.zonelabs.com
208.185.174.66 which ZA Site feature translates to hs2.zonelabs.com

hs2 was the start on these outbounds. As Stem knows, my concern on optimizing ZA Pro has always been to prevent any and all unapproved outbound packets that have no business leaving my PC. But I digress, that is another thread.

Fact 1:With both these blocked, zaclient.exe trys repeatedly 5 -6 times in a row to connect to www.apple.com.akadns.net.

Question 1: why is fact 1 really happening in ZA or trying to happen? If you don't knows why please either say so (refreshing thought) or don't say zip!

Fact 2: With both these blocked, zaclient.exe trys repeatedly 5 -6 times in a row to connect to cm2.zonelabs.com.

Question 2 : Why is fact 2 really happening in ZA or trying to happen?

BTW I can still update both the product and the ASW add on.

So the facts say to me ZA Pro is trying connecting and apparently not to update anything I know about.

What exactly is the total list of detailed reasons why these connect bypass attempts are being made?

I really don't know what 5 pages of arguments & paranoia are about but I am fed up with nonsense reports saying someone is being rude to someone else

Either wear a tin foil beanie or stop using ZA if you don't like it phoning home

Nobody forces anyone to use it and NO_ONE here can answer with any authority why it phones home all the time

ZA has a support forum which gives some help but obviously won't answer this one

Just because one member says he doesn't know and doesn't care why it phones home isn't being rude or offensive to anyone

The I don't care by Fax is an Honest and appropriate response and is exactly what I say

IF you don't like it don't use it

There are numerous alternatives out there

-{ Quote: "I really don't know what 5 pages of arguments & paranoia are about but I am fed up with nonsense reports saying someone is being rude to someone else

Either wear a tin foil beanie or stop using ZA if you don't like it phoning home

Nobody forces anyone to use it and NO_ONE here can answer with any authority why it phones home all the time

ZA has a support forum which gives some help but obviously won't answer this one

Just because one member says he doesn't know and doesn't care why it phones home isn't being rude or offensive to anyone

The I don't care by Fax is an Honest and appropriate response and is exactly what I say

IF you don't like it don't use it

There are numerous alternatives out there" }-

Brilliant!!
Some fresh air finally...
I thought I was an alien. :wacko:

Thank you!!
Fax

And As to the abovenet/zonelabs confusion

Very few companies can afford to have their own direct connection to the internet & use a hosting company or network to supply bandwith & connection

Zonelabs have chosen to use abovenet as their network in the same way as Nod/eset use Rackspace as their provider/network

Nothing to get worked up about because a company uses a network provider ( ISP)

-{ Quote: "

Either wear a tin foil beanie or stop using ZA if you don't like it phoning home ...

IF you don't like it don't use it

There are numerous alternatives out there" }-

I do not dislike ZoneAlarm, in fact, I enjoy using the software and want to continue using it.

I just don't like the way it's "phoning home", and want to find out more about it.

Am I wrong to try?


--

nobody is saying you are wrong to try to find out but you won't get a definitive answer here

The only people who can tell you why it is phoning home is ZA itself & they won't from what I am reading

All we can do here is go round in circles and create conspiracy theories

I stopped uisng ZA years ago when it stopped being afirewall & went into being a HIPs & AV & Antispam & everything else

As soon as you have multiple functions it needs to make more connections itself & the most likely reason I can see is to either update or to check websites for antiphishing or spam or exploits against lists held on their servers rather than using downloaded lists

There will be a legitimate & honest reasonable answer for why it does it BUT as I keep saying WE DO NOT KNOW and are guessing and the more we guess or supposize the more the conspiracy theories come out

-{ Quote: "I do not dislike ZoneAlarm, in fact, I enjoy using the software and want to continue using it.

I just don't like the way it's "phoning home", and want to find out more about it.

Am I wrong to try?


--" }-

Maysky: Keep trying.

I am holding with ZA until and if something better can be shown to work better. None will be perfect!

Dko1 has dropped ZA for another FW. There are many many to choose from probably too many. Which FW is strongest on application level outbound packet screening? If not ZA Pro which then?

We have not learned much about these outbound packets by posting. That's for sure but that is no reason to stop work on the matter.

A user could assume all is fine and there are good reasons for this phone home process or the user could assume we don't know why and needs to satisfy themselves that all is okay. Dko1 is right that ZA won't likely tell us either. Not telling actually adds to paranoia. Has anybody with good contacts to the technical higher up's there actually asked them? Just a crazy idea I guess. I am not that person I mean higher way higher up!

So if you really want to satisfy yourself then conduct tests of your own like I am or go outside Wilder's and ZA to try to find out more. It's just work. Problem is the outside sources have to be professional as well!

What about a SheildsUp or other tests! would that shed light? :-\

......earlier we read this

Disabling communication will disable most of the features in the paid product.
Automatic settings of known programs, automatic block of malware, updates, etc... Your are, more or less, using the ZA free firewall features. .....

If you do not trust the security tools you have installed better to remove it and choose a product you feel confortable with and a product with which you can use all features you are paying for...

_________________________________________________________________

But ZA tells us more:

It seems you can opt in or not as your see fit, there was no need for FUD about totally disabling it. So turn things off or on selectively.


Got this from ZoneLabs today and I thought I would share it as some of you have been asking about what these servers do.

Q: Why does Zone Labs software contact Zone Labs?

A: The ZoneAlarm family of products offers a number of features and services that enhance your security by providing
specific information about threats, configurations, and programs. To enable these services, ZoneAlarm security
products communicate periodically with Zone Labs servers. Of course, this communication is done on an "opt in"
basis; it is your choice to decide to take advance of these features and services.

Zone Labs is committed to your privacy, and never collects any personally identifiable information about our users.
Any information that does come to Zone Labs servers is used in aggregate form. For Zone Labs' full legal statement on
privacy, please refer to http://www.zonelabs.com/store/content/company/privacy.jsp The information that is exchanged
with the servers below is stripped of identifying data, and is not saved.



Each one of these features and services is voluntary; you can easily choose not to use any or all of them.
Following is a list of the servers that your client might contact, and the functionality they provide.

cm2.zonelabs.com assists in the functioning of various services including the AlertAdvisor, antivirus updates, and
antivirus monitoring.

hs2.zonelabs.com helps your client keep its services up to date.

ls2.zonelabs.com manages information relating to program configuration.

pa2.zonelabs.com manages the Program Advisor functionality.

ps2.zonelabs.com helps with updates to services and client functionality.

update.zonelabs.com supports the "Check for Update" functionality.

register.zonelabs.com handles product registration.

-{ Quote: "Hi,

Please post your feedback on ZoneAlarm Pro 70_337_000

Any user of ZoneAlarm Pro 70_337_000 !!!" }-

Are you lost in your own thread? The water is warm and choppy!

Are you going come back with your comments on you OP? ;D

I don't expect to find out the real deal here or anywhere, and I'm sure conspiracy theories are juicy.

But if I can just figure out how to properly block the ZA outbounds while still being able to functionally update, it's all good enough for me - and the reason I'm here in the first place - pooling wisdom for solutions.

I digged a little and found some relevant links:

Zonelabs' own directions for Disable ZoneAlarm Server Communications (apparently you can also download a "patch" if the following directions don't work):

http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html


As for juicy stories, read them at your own leisure:

http://www.theinquirer.net/default.aspx?article=29157

http://en.wikipedia.org/wiki/Check_Point


--

-{ Quote: "
I stopped uisng ZA years ago when it stopped being afirewall & went into being a HIPs & AV & Antispam & everything else
" }-

A lot of the new firewall programs coming out appear to contain multifunctional features that make them have properties over a simple firewall. Following this reasoning, then we should just ignore all of the new firewall releases and use programs back some 10 years ago? ;D ???


http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html

Thanks for the link from Zone Alarm. My program still occasionally pops up with a request to download the new version, but I just ignore it because I already have done it (but can't install it). :P

Zone labs aren't making it clear enough in their publicity & instructions the reason for all the connections

From what I can see they are using a central server technology in the same way as Microsoft, Firefox, and dedicted anti-phishing companies like netcraft where all info is kept on a central server and everytime you connect to a website you go via the central server which compares the request against it's always up to date database & alerts if it is a problem site

This is almost impossible to do with downloaded definitions especially in phishing sites and malware download sites which change by the minute

That is what you are paying for, an upto date always current protection

I agree ZA should have made this clearer and that is where the problem lies

However I personally don't see why anybody would BUY a product and then not use it's protection they are paying for and only use what facilities are in the free version because they don't like the idea of it connecting to the central server


I know if I used ZA I would prefer a connection to ZA servers constantly rather than allowing an unsuitable connection and me being infected or my identity stolen and tehn me saying how useless ZA was because it didn't block the site, when in fact it would be my own fault for disabling that part of its protection


All too often we lose sight of why we have computers and what we need security programs for

Computers are supposed to make life easier & are supposed to be a good form of entertainment

Our security protection should in normal circumstances be invisible & only tell us if there is a problem.

When it comes to the stage that our security programs are running us and we are no longer enjoying computing then we need to step back and think are we using the right security for what we want

Yes be careful out there, life is dangerous but have a life and don't get so bogged down with the detail and looking for problems that you forget to have a life

-{ Quote: "A lot of the new firewall programs coming out appear to contain multifunctional features that make them have properties over a simple firewall. Following this reasoning, then we should just ignore all of the new firewall releases and use programs back some 10 years ago? ;D ???


http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html

Thanks for the link from Zone Alarm. My program still occasionally pops up with a request to download the new version, but I just ignore it because I already have done it (but can't install it). :P" }-


I am not saying that, but there is a such a thing as overkill and I prefer my antivirus to do much of the things some firewalls attempt to do and would much prefer if a firewall did its job of allowing or blocking web access and nothing else

Too often we don't realise that it is duplicating the work of our antispyware/antispam/antivirus or checking emails and wonder why things go wrong

But there does need to be clear information given by the program makers as to what it does & why and whether it clashes with other security programs

-{ Quote: "I don't expect to find out the real deal here or anywhere, and I'm sure conspiracy theories are juicy.

But if I can just figure out how to properly block the ZA outbounds while still being able to functionally update, it's all good enough for me - and the reason I'm here in the first place - pooling wisdom for solutions.

I digged a little and found some relevant links:

Zonelabs' own directions for Disable ZoneAlarm Server Communications (apparently you can also download a "patch" if the following directions don't work):

http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html


As for juicy stories, read them at your own leisure:

http://www.theinquirer.net/default.aspx?article=29157

http://en.wikipedia.org/wiki/Check_Point


--" }-

Thanks for the juicy links, I will add them to my collection.

The following quote are from Escalader's post. "Each one of these features and services is voluntary; you can easily choose not to use any or all of them.
Following is a list of the servers that your client might contact, and the functionality they provide."

If you have ZA Pro installed, you can BLOCK all of these servers. I have the Pro version and all these servers are BLOCK and my ZA Firewall is running correctly and I am still receiving my Anti-Spyware updates when they are available. I will continue to keep an eye out for any type of problems, but as of now, there is NONE. If there should be a problem, I will post back ASAP and advise of the settings that needed to be changed.

Hope this helps, the red highlighting on the v6 bug is mine so those who have that version are aware.

"How to Disable ZoneAlarm Server Communications

In order to ensure that users have up-to-date protection, the ZoneAlarm product family relies not only on powerful desktop technology but also a central server-based infrastructure. Security software is no longer a self-contained program that can be updated annually. With zero-hour threats emerging, consumers need dynamic ongoing updates. These communications are not only essential to the effectiveness of our products, they are a significant part of the reason most customers purchase our software.

Despite the value of these services to our customers, we realize that a limited number of users do wish to disable all communication and cut off all updates - even though no personal information is shared and even though doing this will weaken their security. Because of this, we have included features to turn off communications with ZoneAlarm’s central servers. Here is a list of the various features and settings within the product where you can turn off communication with ZoneAlarm central servers.

* SmartDefense Advisor: In "Program Control", set SmartDefense Advisor to "Off". See screenshot.
* Anti-virus / Anti-spyware: In "Anti-virus / Anti-spyware", click "Advanced Options", then "Update", and deselect both options. See screenshot.
* Check for Updates: In "Overview", click the "Preferences" tab, and select "Manually". See screenshot.
* Share my security settings: Also in "Overview" under the "Preferences" tab, at the bottom deselect the "Share my security settings anonymously with Zone Labs." See screenshot.
* Email Protection: In "E-mail Protection", set Inbound MailSafe Protection to "Off". See screenshot. Next, under "Junk E-mail Filter", click the "Advanced" button. Then click the "Settings" tab and deselect the one option under "Auto Report Fraud Email" and deselect both options under "Show Confirmations". See screenshot.

(Note: Screenshots above are from the ZoneAlarm Internet Security Suite. The user interface may be slightly different for other ZoneAlarm products.)

Unfortunately, we have discovered a bug in these features for our customers using 6.0 or 6.1 versions of ZoneAlarm products. Even after making these manual changes, the client will occasionally communicate with the centralized servers anyway. We will fix this in the product as soon as possible. Until then, concerned users can go through the following steps to turn off all communications with the ZoneAlarm central servers.

* Adjust settings to prevent communication with ZoneAlarm central servers as described above.
* Go to http://download.zonelabs.com/bin/free/plugintool/RegisterPluginCam.exe to download "RegisterPluginCam.exe". After downloading, double-click on the icon. And that's it - after the program runs, your server communications will have been disabled. (There will be no confirmation.)
* If you want to restore your communications with ZoneAlarm central servers, use the command line to run the application (click the Windows "Start" button, choose "Run") by typing "RegisterPluginCam.exe –r". "

Escalader,

You should use quote tags when quoting from another site and provide a link to the site.

Thanks.

-{ Quote: "Escalader,

You should use quote tags when quoting from another site and provide a link to the site.

Thanks." }-

Thanks Ron:

Right, I got the quotes and the link was just posted one post before. I wanted the bug warning to show for the sake of the members with that version who may not click. Thats the trouble with links.

Here is the link again:

http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html

-{ Quote: "Fixed - Service stability issue
Fixed - Communicate with the centralized server issue
Fixed - Overlapped text in support and update information
Fixed - Various other bug fixes " }-

This was one of the update comments from the Zone Alarm website. I wonder if it addressed the previously cited communication problem.

-{ Quote: "This was one of the update comments from the Zone Alarm website. I wonder if it addressed the previously cited communication problem." }-

Here is the latest test results, others will draw there own conclusions.

Following the advice ....In "Program Control", set SmartDefense Advisor to "Off". See screenshot", I turned off all their settings as outlined.

Now expecting to lose the advisor pop ups, they are still happening! ???

I will now restart PC, maybe that will lock in the change. BTW I also still get all event shown on log repeatedly turning off! This software doesn't seem to like being told what to do on logging or it has a bad memory!;D

More later

-{ Quote: "Here is the latest test results, others will draw there own conclusions.

Following the advice ....In "Program Control", set SmartDefense Advisor to "Off". See screenshot", I turned off all their settings as outlined.

Now expecting to lose the advisor pop ups, they are still happening! ???

I will now restart PC, maybe that will lock in the change. BTW I also still get all event shown on log repeatedly turning off! This software doesn't seem to like being told what to do on logging or it has a bad memory!;D

More later" }-

Okay, last post today!

After restart the smart adviser switch is off, but I still get the adviser service.

ZA needs to access a server to provide this advice so the off switch is broken or maybe the link information is unmatched to what actually happens.

The cheapest way is to fix this is to change the manual to say the smart adviser cannot be turned off!

I've got an old lite switch like that, to turn it off I either have to take bulb out or cut the power line feed. OTOH it would be better to have an electrician fix it before the bulb burns out or starts a fire and the house burns down.

-{ Quote: "Thanks for the juicy links, I will add them to my collection.

The following quote are from Escalader's post. "Each one of these features and services is voluntary; you can easily choose not to use any or all of them.
Following is a list of the servers that your client might contact, and the functionality they provide."

If you have ZA Pro installed, you can BLOCK all of these servers. I have the Pro version and all these servers are BLOCK and my ZA Firewall is running correctly and I am still receiving my Anti-Spyware updates when they are available. I will continue to keep an eye out for any type of problems, but as of now, there is NONE. If there should be a problem, I will post back ASAP and advise of the settings that needed to be changed." }-

Post back asap Berhe01! see post 138. My light switch won't turn off and so and so on

-{ Quote: "Post back asap Berhe01! see post 138. My light switch won't turn off and so and so on" }-

Are you talking about the Privacy Advisor? If you are, go into the firewall to the Privacy tab, then to Cookie Control, click on the Custom button, scroll down until you the box that says Show Privacy Advisor, remove the check mark, click on Apply and then OK. Presto done. No more pop ups for the Privacy Advisor.

-{ Quote: "

My program still occasionally pops up with a request to download the new version, but I just ignore it because I already have done it (but can't install it). :P" }-

Just a heads up for those still using Version 6 of ZoneAlarm:

-{ Quote: "
ZoneAlarm 6 driver input buffer validation problem (2007/05/01 11:45)

We have published an advisory, which describes the security issue in ZoneAlarm 6.x series. This vulnerability allows attacker to crash the operating system by sending malformed data to ZoneAlarm's driver vsdatant.sys. The vulnerability has been fixed since ZoneAlarm 7. " }-
http://www.matousec.com/


Generally, if you're not upgrading to a version with anti-virus, shouldn't have too much of a problem. ZoneAlarm forum has more detail instructions on how to do a clean uninstall and upgrade. Just make sure you're offline during the process.

http://forums.zonealarm.com/zonelabs/board?board.id=inst


--

-{ Quote: "Okay, last post today!

After restart the smart adviser switch is off, but I still get the adviser service.

ZA needs to access a server to provide this advice so the off switch is broken or maybe the link information is unmatched to what actually happens.

The cheapest way is to fix this is to change the manual to say the smart adviser cannot be turned off!

I've got an old lite switch like that, to turn it off I either have to take bulb out or cut the power line feed. OTOH it would be better to have an electrician fix it before the bulb burns out or starts a fire and the house burns down." }-

I don't see this behaviour here...
I think there is some confusion on how SmartDefense works

Everything below refers to known programs to the ZA central database.

Automatic settings: ZA will contact ZA server and automatically configure your programs without any pop-up

Manual setting: ZA will contact ZA server and automatically configure your programs with a pop-up. A traffic light will be displayed (green= Known good; Red=known bad), "remember this action" is checked. You can change permissions if you do not want to follow Smartdefense.

OFF settings: ZA will not use ZA server information and you will get a pop-up asking about access, "remember this action" is not checked.

Summing up: getting the pop-up has nothing to do with SmartDefense but with the basic firewall in ZA. i.e. for programs not listed in the program list that needs access, ZA will pop-up asking you if you want to allow/deny access.

If you do not want the pop-up you need to turn OFF the program control (i.e. outbound protection). ;D

Fax

EDIT: A couple of screenshots to show the differences.

Manual Settings. Known Program
189720

OFF settings: ZA does not use the central server information
189721

SmartDefence is a real time protection (Together with spysite blocking). Known bad executables will be killed.
Setting SmartDefence OFF will basically render useless one of the nice features included in the ZA triple defence firewall technology.

Hi!I use ZA Security Suite 70 337 000 , it's pretty good.

-{ Quote: "Are you talking about the Privacy Advisor? If you are, go into the firewall to the Privacy tab, then to Cookie Control, click on the Custom button, scroll down until you the box that says Show Privacy Advisor, remove the check mark, click on Apply and then OK. Presto done. No more pop ups for the Privacy Advisor." }-

Hi Berge:

I have done that change, thanks for your solid detail and steps. Very refreshing.

I will wait the day and see what actually happening.

Then I will report back actual results

-{ Quote: "Just a heads up for those still using Version 6 of ZoneAlarm:


http://www.matousec.com/


Generally, if you're not upgrading to a version with anti-virus, shouldn't have too much of a problem. ZoneAlarm forum has more detail instructions on how to do a clean uninstall and upgrade. Just make sure you're offline during the process.

http://forums.zonealarm.com/zonelabs/board?board.id=inst


--" }-

Thanks, Maysky:

Good links to solid sources.

The thread is about V7 Pro, but our fellow members deserve to be warned (as you have done) about V6. Not every body clicks on links!

Thanks again for the detail.

-{ Quote: "I don't see this behaviour here...
I think there is some confusion on how SmartDefense works

Everything below refers to known programs to the ZA central database.

Automatic settings: ZA will contact ZA server and automatically configure your programs without any pop-up

Manual setting: ZA will contact ZA server and automatically configure your programs with a pop-up. A traffic light will be displayed (green= Known good; Red=known bad), "remember this action" is checked. You can change permissions if you do not want to follow Smartdefense.

OFF settings: ZA will not use ZA server information and you will get a pop-up asking about access, "remember this action" is not checked.

Summing up: getting the pop-up has nothing to do with SmartDefense but with the basic firewall in ZA. i.e. for programs not listed in the program list that needs access, ZA will pop-up asking you if you want to allow/deny access.

If you do not want the pop-up you need to turn OFF the program control (i.e. outbound protection). ;D

Fax

EDIT: A couple of screenshots to show the differences.

Manual Settings. Known Program
189720

OFF settings: ZA does not use the central server information
189721

SmartDefence is a real time protection (Together with spysite blocking). Known bad executables will be killed.
Setting SmartDefence OFF will basically render useless one of the nice features included in the ZA triple defence firewall technology." }-


Berge01:

Can you verify/test the above quote for this thread?

This post seems to have missed the point that turning off "smart" defense is a test dealing with ZA connection servers. And having done that I still get to their server and receive the benefit of the advice.

I'm going to follow your advice now on ZA not only on how to turn it off, so I will wait for the results and report back for you and others who are reading.

-{ Quote: "Berge01:

Can you verify/test the above quote for this thread?

This post seems to have missed the point that turning off "smart" defense is a test dealing with ZA connection servers. And having done that I still get to their server and receive the benefit of the advice.

I'm going to follow your advice now on ZA not only on how to turn it off, so I will wait for the results and report back for you and others who are reading." }-

My error on reading your original post, as I missed seeing the smart advisor, therefore giving instructions about the Privacy Advisor. SORRY!

In reference to the Smart Advisor to stop it, if by manual changing the controls do not work, therefore you will have to block the connection in your firewall, which I have already done in mine and results NO MORE Smart Advisor Alerts. But remember, I have ZA Pro version installed, therefore I don't really need this feature, but if you have the ZA Suite, then you may have problems receiving your Anti-Virus definitions from ZA. You can test it first, if you are not receiving the definitions, therefore you need to remove the block from the firewall.

-{ Quote: "My error on reading your original post, as I missed seeing the smart advisor, therefore giving instructions about the Privacy Advisor. SORRY!

In reference to the Smart Advisor to stop it, if by manual changing the controls do not work, therefore you will have to block the connection in your firewall, which I have already done in mine and results NO MORE Smart Advisor Alerts. But remember, I have ZA Pro version installed, therefore I don't really need this feature, but if you have the ZA Suite, then you may have problems receiving your Anti-Virus definitions from ZA. You can test it first, if you are not receiving the definitions, therefore you need to remove the block from the firewall." }-

No sweat, I have Pro like you and can't seem to turn Smart off as it is a dumb broken switch. But I can leave privacy on as it is one of the positives of Pro, yes those exist. optimizing it is another matter.

I don't use the AV just the ASW on demand but it never finds anything!

Not that that proves the PC is clear of parasites;D

Escalader & Berge01

can I ask you something that puzzles me?

You both obviously use ZA pro or suite and have paid a not inconsiderable sum for all its additional functions and protections so why do you go to such extents to cripple it & prevent it doing what it is designed to do

Why don't you just use the free version that hasn't got all these functions in it

If I pay good money for a product and it either doesn't do what I want it to or I am unhappy with it, I either send it back for a refund or when it expires I uninstall it & use a different product that does what I want


Don't get me wrong I am not criticizing you just wondering why you go to all this effort & expense

-{ Quote: "Escalader & Berge01

can I ask you something that puzzles me?

You both obviously use ZA pro or suite and have paid a not inconsiderable sum for all its additional functions and protections so why do you go to such extents to cripple it & prevent it doing what it is designed to do

Why don't you just use the free version that hasn't got all these functions in it

If I pay good money for a product and it either doesn't do what I want it to or I am unhappy with it, I either send it back for a refund or when it expires I uninstall it & use a different product that does what I want


Don't get me wrong I am not criticizing you just wondering why you go to all this effort & expense" }-


Same question here... ;D

If you don't like SmartDefense you can still tune existing programs as you want (setting Smartdefense to "custom" and program list) and still be protected if new known bad programs will try to install...

Or if you want control on settings, just set General SmartDefense to "Manual", so you will have your chance to change settings you don't like.

Fax

See my PM please

-{ Quote: "See my PM please" }-

Uhm, well.. must be some secrets... sorry for asking.

Fax

-{ Quote: "dvk01: Why don't you just use the free version that hasn't got all these functions in it
" }-

The latest free version is now nagware that contains the full suite with elements (KAV for example) turned off. If you try to install it, it can produce conflicts with existing AV installations. So it is difficult to get "just" the ZA firewall anymore.

I appreciate the discussions here about how to tweak ZA for optimum performance. I am presently stuck for 3-4 months with a ZAISS subscription so I need to learn how to make the best of it.

I hope that open discussion and argument does not become stifled here on this forum as it is in the ZA forum.

-{ Quote: "The latest free version is now nagware that contains the full suite with elements (KAV for example) turned off. If you try to install it, it can produce conflicts with existing AV installations. So it is difficult to get "just" the ZA firewall anymore.

I appreciate the discussions here about how to tweak ZA for optimum performance. I am presently stuck for 3-4 months with a ZAISS subscription so I need to learn how to make the best of it.

I hope that open discussion and argument does not become stifled here on this forum as it is in the ZA forum." }-

Well, yes... I agree ... but unfortunately this has become an "how to disable ZA effectively" thread.

Fax

-{ Quote: "Fax:Well, yes... I agree ... but unfortunately this has become an "how to disable ZA effectively" thread." }-

That is your opinion. I completely disagree

-{ Quote: "That is your opinion. I completely disagree" }-

Uuuhm, I probably missed something and fortunately I am not the only one ;)

Seven pages of posts half of them about ZA phoning/not phoning or similar unhelpful inputs...
If you think this is ZA optimisation... I completely disagree.

Fax

-{ Quote: "fax:ZA phoning/not phoning or similar unhelpful inputs-{ Quote: "

Again, "unhelpful" is your opinion and again I disagree. Additional information is rarely unhelpful.

But if you are in the mood for an argument, then lets talk philosophy. What do we use a firewall for anyway? I look at a firewall as the last line of defense for my PC... If any malware gets past my Nod32 and my Spysweeper and tries to phone home, I count on ZA to stop it. I am not truly worried that ZA contacts some server somewhere and updates something or reports status on something else. I have some level of trust for ZA. The same is true for Msoft. But I don't trust anything completely. Several Msoft programs are constantly accessing the internet and I don't lose sleep over that. I'm not paranoid enough to think that bill gates is sitting in his office monitoring my communications. But there is always a twinge of paranoia when I see some program communicating with the internet even if it appears to be a safe app. when I don't understand what its doing. The reason for that is I know Msoft writes crappy code from time to time. And so does ZA on occasion. And this crappy code is subject to abuse by hackers. So I think it is incorrect to blindly trust any application completely.

Others take this much further and have committed themselves to complete control over their PC's communications. For them, all communication must be understood and controlled. This is probably borne from past bad experience, but I won't argue the merits of this approach. It is a perfectly valid choice for any PC user. So these folks rightly question what ZA is communicating and methods to control it.

Your statements saying this approach is not useful or saying information gained regarding internet communications from ZA is "unhelpful" is merely your opinion. And you know what they say about opinions...

-{ Quote: "
So I think it is incorrect to blindly trust any application completely.
" }-

The only applications that I trust completely are the ones that I produced. ;D ;) 8)

Hello: I have put my Q and C's in red inside your post.

-{ Quote: "The latest free version is now nagware that contains the full suite with elements (KAV for example) turned off. If you try to install it, it can produce conflicts with existing AV installations. So it is difficult to get "just" the ZA firewall anymore.

With the free version, does it provide update connects as with ZA Pro?

All forums I'm in agree and practical experience confirms it 2 AV's are a "no no" as well. If you wanted to use KAV, the other AV would have to be removed. If you wanted an on demand AV scan you could use an on line scanner from time to time. They don't get installed! I think KAV and others offers that but I've never used them myself.

A client had 2 AV's on her machine at the same time Norton and McAfee. The PC froze. Had to use the open forums to locate the removal tools. I got her the free updating BD 8 since she is a low risk internet users. Wilder's has taught us that 2 AV's are always at risk of conflict

I appreciate the discussions here about how to tweak ZA for optimum performance. I am presently stuck for 3-4 months with a ZAISS subscription so I need to learn how to make the best of it.

You understand. Be careful though, I'm "tweaking" as you put it ZA Pro, not ZAISS. There is no promise anybody can give that the results from ZA Pro work are transferable to ZAISS. Why are you stuck? Maybe you could ask ZA to let you trade for ZA Pro, then you can use any non conflicting AV you want, KAV, NOD32, BD 10 etc? Try it they may say yes. Let us know what happens if you do that!

I hope that open discussion and argument does not become stifled here on this forum as it is in the ZA forum.

Free flowing debate and exchange of opinions should continue. Any poster, as I understand, it is providing their own view/opinion or answers to questions raised. Those views are their own not the forum's. The forum itself has no responsibility for the content. What is going at ZA Forum is probably OT subject. Maybe we should start a separate thread on what an "Optimized Forum" would offer and provide as services to it's members. I'm not in that river yet, but if I wanted to do that I would draft it and pass it by the moderators first. Not that interesting really, IMO.

Anyway, moving along I use testing and validation of all security related opinions before acting on them. That is particularly true of vendor's advice and their representatives. It's not a matter of trusting or not trusting that is incorrect. As Ronald Reagan advised "trust, but verify".

If the security view of a poster is trust and you don't need to verify because it is vendor x,y or z that is their view and I agree with their right to say it. Once would be enough, but that is OMHO.

When the results of tests are posted, some posters will/may be unhappy and want to argue and complain. They must have concerns that don't match up or a different purpose in posting here or a different view of how to secure PC's. But, that is their right to say they disagree and I for one would defend their right to disagree with any post of mine or ignore them if they don't like them! They could even block my id so they don't have to read them. That service is offered on here Wilder's.

There is no reason for members not to post their own questions, approach, ideas and findings and I would hope all posters here would defend all members rights to do the same. Make the counter point with proof or a reference and move on. If posts are base the moderator can snipe or even delete offenders posts. That happens too!

I would request all posters on this thread to indicate if they agree with this or not!







" }-

Hello Escalader,

couple of points in reply...

I have not used the latest ZA free so I don' know about the update connects with that version. My point was that ZA free contains the KAV engine which is disabled until you pay for the full suite version. So even though you can't use the KAV in ZA free, it still conflicts with your existing AV app.

I have 2 pc setups - the desktop setup is contained in my sig. My laptop setup is ZAISS 7.0.337 and SS 5.3. I don't want to downgrade to ZAPro because I would then need to purchase another AV app.

Finally, I would say that you are correct that ZAPro probably has some differences with ZAISS regarding firewall operation but I suspect these are small since ZAPro is a subset of ZAISS.

Regards,

COMMENTS

-{ Quote: "Hello Escalader,

......

I have 2 pc setups - the desktop setup is contained in my sig. My laptop setup is ZAISS 7.0.337 and SS 5.3. I don't want to downgrade to ZAPro because I would then need to purchase another AV app.,

There are some very strong free AV's out there that could go on your laptop!

antivir, even as mentioned BD 8 does a reasonable job. Unless your lap top goes to airports that may be good enough, you are the only one what is best for your PC!



......

Regards," }-

@Escalader

-{ Quote: "Escalader:If the security view of a poster is trust and you don't need to verify because it is vendor x,y or z that is their view and I agree with their right to say it. Once would be enough, but that is OMHO.

When the results of tests are posted, some posters will/may be unhappy and want to argue and complain. They must have concerns that don't match up or a different purpose in posting here or a different view of how to secure PC's. But, that is their right to say they disagree and I for one would defend their right to disagree with any post of mine or ignore them if they don't like them! They could even block my id so they don't have to read them. That service is offered on here Wilder's.

There is no reason for members not to post their own questions, approach, ideas and findings and I would hope all posters here would defend all members rights to do the same. Make the counter point with proof or a reference and move on. If posts are base the moderator can snipe or even delete offenders posts. That happens too!

I would request all posters on this thread to indicate if they agree with this or not!
" }-

I agree 100% with the free speech sentiments contained in this message.

:) :thumb:

-{ Quote: "Originally Posted by Escalader

I use testing and validation of all security related opinions before acting on them. That is particularly true of vendor's advice and their representatives. It's not a matter of trusting or not trusting that is incorrect. As Ronald Reagan advised "trust, but verify".

If the security view of a poster is trust and you don't need to verify because it is vendor x,y or z that is their view and I agree with their right to say it. Once would be enough, but that is OMHO.

When the results of tests are posted, some posters will/may be unhappy and want to argue and complain. They must have concerns that don't match up or a different purpose in posting here or a different view of how to secure PC's. But, that is their right to say they disagree and I for one would defend their right to disagree with any post of mine or ignore them if they don't like them! They could even block my id so they don't have to read them. That service is offered on here Wilder's.

There is no reason for members not to post their own questions, approach, ideas and findings and I would hope all posters here would defend all members rights to do the same. Make the counter point with proof or a reference and move on. If posts are base the moderator can snipe or even delete offenders posts. That happens too!" }-

--

Back a few versions I entered all of the ZA servers as blocked zone and casually found another web site (flyerservices.homehardware.com AT THE TIME) was blocked by this change. I don't know the technical reasons for this...I supposed it was due to akamai servers/aliases/DNS...the blocked zone sites causing the problem were pa2.zonelabs.com and/or ps2.zonelabs.com. I can't remember the version of ZA Pro it was at the time but I came to the conclusion that if I didn't trust the firewall enough that I had to enter xxx.zonelabs.com to the firewall's blocked zone I shouldn't be using it.

Later, I was satisfied with 6.1.744.001 until I tried importing an .xml settings I had just saved to my hard drive and discovered that after importing it, it had changed the network (Rogers cable) I had previously set to Internet Zone to Trusted Zone! With bugs like that, I dropped back to 4.5.594 Plus...I can no longer personally trust them to produce reliable current software.

If I was "brave" enough (I'm not) to try their latest stuff and wanted Free, I would install Pro trial and let it revert to Free, rather than installing Firewall+ an inactive Antivirus bundled up into a conflicting mess.

-{ Quote: "Hello: I have put my Q and C's in red inside your post.

Anyway, moving along I use testing and validation of all security related opinions before acting on them. That is particularly true of vendor's advice and their representatives. It's not a matter of trusting or not trusting that is incorrect. As Ronald Reagan advised "trust, but verify".

If the security view of a poster is trust and you don't need to verify because it is vendor x,y or z that is their view and I agree with their right to say it. Once would be enough, but that is OMHO.

" }-

Testing? Are you testing? Let's take the example of Smartdefense.

Your SmartDefense is simply broken. How you did it. I don't know...
But I explained you how it should work normally.

Smartdefense module is the same in ZAPRO and ZASS. So, there is no reason for you not to work, unless your ZAPRO is broken.

I have not seen anyone taking the time to verify you findings. I did and posted the results... But I was the only one. You think that if Smartdefense was broken you would not see hundreds of e-mail in the ZA support forum?

Let talk facts please and stop posting paranoia, validation BS and just broken results!

Fax

I am just going to say one very important thing here and hopefully we can bring this chapter to a satisfactory conclusion

All software on your computer needs an element of trust from you towards its developer

That is even more so when it is a security software & if you feel you cannot trust the security software or it's developer then I seriously suggest that you change to a program or company that you do trust


The majority of people use a computer to make life easier for them NOT to deliberately cause problems for themselves by crippling the functions within a security software

While discussions about the advantages and disadvantages of any security software are very welcome and is what this entire forum is based on. I am, not seeing any logical discussion here, just "it is connecting to its server. I don't like it connecting. I don't care why it connects but I want to stop it".

This thread is now decending into what appears to me and several others as a paranoic fear and hatred of zone alarm as is not really serving any very useful purpose and I do wonder whether there is any ulterior motive in knocking ZA so vehemently in this thread

It has been quite clearly stated in several posts here what the connections do and why they connect
There have also been links to Zonelabs explanation with their approved method to disable the connections from within the program

I really feel I need to repeat myself and ask Why do you use the software if you don't like it or don't trust it ?

You need to trust your security software 100% and if you don't then it isn't the right software for you

I am not trying to stop discussion about anything, just trying to bring a dose of reality into this subject

dvk01, well said.

Even I do understand the mistakesn mentality of installing a software and then the user gets upset when the application goes to it's server. The AV, AS and many other security softwares plus applications (browsers, etc) do this. Many get updates and upgrades or inform the user of updates and upgrades. Doesn't FireFox or Opera contact their home servers to check for upgrades or in the case of FireFox updates for it's addons? Maybe, these users who are afraid of software updates/upgrades/contacting the home server should uninstall the rest of the applications that does this "dodgy" actions. It would be funny to see what is remaining on the PC and what they end up using in the very end of their trials and tribulations!

The Smart Advisor is working hard for the user to help the user, not to infect the user. Many people actually enjoy that there is a software that does so much and they actually have appreciation. Not the gloom and doom as discussed in this thread.

Much of what has been said so far is in fact not valid or false or just hearsay. From what I understand the ZA did have a bug that let it contact the servers in some versions, but that was fixed long ago in the version 6.1.744 or something like that. I know that even though there has been all kinds of facts drawn from the ZL sites, this was never mentioned. Just an other example of selective showing to present an arguement for the sake of arguing.

If any user was leery or doubtful of his applications or security, they should be immediately remove that software. Without a second thought. Even if they still had valid subscriptions, their doubts should be stronger than just a few dollars. No excuses.

12fw

Well, between the posters who are (as infered) "having a go" at ZA, and the posters who are then (which could be seen as) "Having a go" at those "Having a go", I will admit I am a little lost in this thread.

So, if possible, I would like a bit of order, meaning: I would actually like to know what the main points of the "problems" are, so at least I/the forum can (if possible) check on any findings/problems.
First, as you will know, I have had ZA(latest version) installed on test PC for the last 2 weeks or so, and yes I have seen some possible bugs, mainly related to the hardware in use, certainly not uncommon due to the vast amount of hardware used.
For the unauthorized outbound mentioned: well, from my own setup I did see an initial outbound that I am unsure of, which I have mentioned, but since then I have logged nothing that would give me concern that ZA was doing any "Phoning home".

So let us get to some points of facts on this:

Please, those with problems, post these as you have found, then myself, and possibly others can then try and check.

Come an all, I know we all have out differences, but let us work together to try and solve any possible problems with the security software we use. At the end of the day it will be better for all.

-{ Quote: "Even I do understand the mistakesn mentality of installing a software and then the user gets upset when the application goes to it's server. The AV, AS and many other security softwares plus applications (browsers, etc) do this. Many get updates and upgrades or inform the user of updates and upgrades. Doesn't FireFox or Opera contact their home servers to check for upgrades or in the case of FireFox updates for it's addons?" }-12fw,

The underlying current in the thread is that the primary function of a firewall is to allow a user to manage all communication between their PC and the outside world. That's all communication, not some. A communication from a module within a firewall product should really be treated no differently than any other packet.

Now, as an aid to casual users, a lot of things have become automated and assumed over time. Sometimes the user has ready access to these preordained tasks, sometimes not. Firewalls have also incorporated added functionality that can require time dependent content, so there's reason to communicate with remote content servers. The current crop of ZA products have tended in this direction and ZA's treatment of the communication aspect is much more obscure than necessary. As noted above, the communication can be disabled at the user's discretion. Unfortunately, in the past, disabling this type of communication has been compromised by bugs which apparently allowed the "disabled" communication to occur. That shortfall was addressed, but trust took a hit. That's a reality ZA has to deal with.

Whether or not other products contact home servers for information is somewhat irrelevant to the discussion in that management of all communications is not a part of their primary function, whether they are a security related product or not. However, it is the primary function of a firewall. That is what needs to be plainly understood within the thread. So, if there is a level of communications that are not transparently controllable by the user of a firewall, it is to everyones benefit to understand what is does and does not represent, if it is or is not controllable, and what's the impact if it is manipulated.

I agree, if you don't trust a product, don't use it. That's not entirely what this discussion is about. I view this discussion more as assessing and confirming the trust currently in place. Is this something I'd worry about? No, but that's a reflection of how I utilize my system and not a reason for everyone to have my approach.

Finally, one person's paranoia is another user's due diligence. Let's not label intentions of which we have little in the way of direct information and focus on the operational questions instead.

At least IMHO....

Blue

Blue I see what you are sayimng and agree in principle with you BUT in my experience a firewall is normally NOT designed to block itself and many firewalls will override or not allow in the first place any block being set thinking it might be malware attempting to corrupt it

That is where the element of trust comes in & you must trust your firewall to do what it is designed to do or use the controls inbuilt to it by its developers

Otherwise you need 2 firewalls ( which isn't recommended) one to do the normal firewall job & one just to block the other firewall's connections which it won't block itself

Software firewalls will contact the DNS servers and will contact the router. I am sure the ZA is no different. DNS lookups and such are done. It may by some to be a security risk. Even the Kerio 2.1.5 does contact the DNS. Come to think of it, many AV will do DNS lookups. Am I worried? No. I want it to do it's job for me. If the Kerio 2.1.5 was still current and could do updating and did more than the mere packet/application filtering, I would like it to do the same contact of it's server to get some updates and new info. The same applies to the ZA. I want it to do the job it is doing. I have no intentions of hindering it or being suspicious.

The bug in which the ZA did make the call home when even not desired has been fixed. Even though the packets sent were not a large number or being constantly sent. Just a bug. That was fixed or so it seems. If the user cannot forgive the ZL or Checkpoint for this glitch, then they should definitely uninstall the ZA. But apparently some users in this forum do not even trust the router. Maybe they should change the router or remove their routers.

12fw

-{ Quote: "Blue I see what you are sayimng and agree in principle with you BUT in my experience a firewall is normally NOT designed to block itself" }-I'm thinking less of pre-emptive blocking and more along the lines of the standard notification on initial call out that "I'm calling out, is that OK?", which would require explicit user approval, just like for any other application.

Blue

I think the ZA updater does that have feature at the present time.

12fw

-{ Quote: "Software firewalls will contact the DNS servers and will contact the router. I am sure the ZA is no different. DNS lookups and such are done. It may by some to be a security risk. Even the Kerio 2.1.5 does contact the DNS. Come to think of it, many AV will do DNS lookups. Am I worried? No. I want it to do it's job for me. If the Kerio 2.1.5 was still current and could do updating and did more than the mere packet/application filtering, I would like it to do the same contact of it's server to get some updates and new info. The same applies to the ZA. I want it to do the job it is doing. I have no intentions of hindering it or being suspicious." }-12fw,

If you wish to work that way, that absolutely fine. It tends to be the way I work as well.

However, I also use some specialized technical applications that want to phone home on every launch and, frankly, when I launch them I don't want to spend a minute or two while they do a dance with their all too slow servers, so I block them as a matter of course and work with MP1 levels of major upgrades. This works for me and I don't get annoyed when time is tight and superfluous vendor based features are slowing me down. Obviously the vendor doesn't understand my desires, nor do I understand why this isn't a user initiated connection. We have different views of what's best.

This discussion is similar. You might want all that communication to happen as a matter of course. Someone else might wish to provide initial approvals as a matter of course. While I'm more like you, I'm fine with someone else following a different path. It's not about hindering or being suspicious. It's about control and the granularity of the control that the user desires.

Finally, if there is a fundamental mismatch between the user and vendor expectations, and neither side wishes to compromise, that's a relationship that should end.

Blue

yes I agree BlueZannetti

But the user expectation and the particular vendors expectations each have their own valid point of view. One is a business venture, the other is interested insecurity and all at different levels os experience and ideas.

12fw

-{ Quote: "But the user expectation and the particular vendors expectations each have their own valid point of view." }-The user will survive without the vendor, can the vendor survive without a user?(unless there is only one vendor)
Who is most important can be lost, I do see as I believe, the members of this forum, to me, are more important than any vendor.

Welcome back Stem.

Special thanks to Blue for the help here and clarifying that there can be 2 perfectly valid views on a subject.

I'm rejoining learning thread,on to "How to Optimize Settings in ZA Pro?"

I will folllow Blues and Stems wisdom there and hope others will do the same.

"I'm fine with someone else following a different path. It's not about hindering or being suspicious. It's about control and the granularity of the control that the user desires." Blue

"The user will survive without the vendor, can the vendor survive without a user? (unless there is only one vendor) Who is most important can be lost, I do see as I believe, the members of this forum, to me, are more important than any vendor." Stem

For myself I've NOT concluded that my user and customer needs cannot be met by ZA Pro. Had I concluded that I would not invest time in tweaking it and learning how to optimize it. Hitting a few puzzles along the way makes it interesting.

Learnings from that thread may provide feedback for the original poster here.

But I will not be bouncing back and forth. I will record my learnings and feedback for this thread off line. When the work is completed anyone who wants it can have it. From my pov that work can take as long as it takes there is no deadline in my mind.

Since a handful of people are constantly stating that in this thread on how I should run my firewall, so it will perform correctly. Plus, if I don't like the product I should find another one. Okay, I don't want to get into a verbal fight, which will be in ToS Guidelines Violation, as I am only trying to find answers to my questions, without the accusations of thinking that ZA is doing something wrong. First of all, what I do with my firewall is my business, as I WILL set it up to run the way I WANT it to run. Second, I DID NOT say that I was unhappy with the vendor product in any of my postings.

My question still stands, why is the firewall trying to call out to sites that are not related to updating, etc. of the product?
GoDaddy is the web host, NOT Abovenet Communications. I also have attempted connections to the following IP Addresses that I have researched and found to very interesting to me, maybe not for you as you may know the answer. I don't know, that is why I am here to find out. Here are the IP Addresses and what I have found on them.

67.27.222.151 Level 3 Communications AKA MarkMonitor.com

194.29.32.199 Checkpoint Software Technologies Country: IL

216.228.148.29 NS8.CHECKPOINT.COM Irving State: TX

Okay, a little help here, on what these connections maybe related to?

-{ Quote: "GoDaddy is the web host, NOT Abovenet Communications. I also have attempted connections to the following IP Addresses that I have researched and found to very interesting to me, maybe not for you as you may know the answer. I don't know, that is why I am here to find out. Here are the IP Addresses and what I have found on them.

67.27.222.151 Level 3 Communications AKA MarkMonitor.com

194.29.32.199 Checkpoint Software Technologies Country: IL

216.228.148.29 NS8.CHECKPOINT.COM Irving State: TX

Okay, a little help here, on what these connections maybe related to?" }-I'm really not sure what you're asking here. You have an IP addressed assigned to an enterprise level provider and two IP's connected to ZA's parent company. There's really on one party who can provide an unambiguous answer as to why those particular contacts are made without a detailed examination of the communications going on between them (even then, you're not assured of an answer), and that is to ask the vendor.

Blue

-{ Quote: "I think the ZA updater does that have feature at the present time.

12fw" }-

Speaking of updating I have a question about installing ZA.

Should all ZA users complete a new install on upgrades or just
download the new version on top of the old version?

Thanks

-{ Quote: "
Should all ZA users complete a new install on upgrades or just
download the new version on top of the old version?

" }-
I haven't kept up on the newer versions of ZA the last few years but installing over the top caused a lot of folks grief in the past. This is going back sometime and i'm curious if this is still the case. When i was updating ZA then i would always do a fresh install just in case.



snowbound

-{ Quote: "I haven't kept up on the newer versions of ZA the last few years but installing over the top caused a lot of folks grief in the past. This is going back sometime and i'm curious if this is still the case. When i was updating ZA then i would always do a fresh install just in case.



snowbound" }-

YES, i highly agree with snowbound. If you want to get Zone Alarm working with no problems, you will need to remove all the old registry files/keys, etc. Then use CCleaner to make sure all the old files are gone from your computer. It may be a real pain, but the ending results will be worth it.

-{ Quote: "YES, i highly agree with snowbound. If you want to get Zone Alarm working with no problems, you will need to remove all the old registry files/keys, etc. Then use CCleaner to make sure all the old files are gone from your computer. It may be a real pain, but the ending results will be worth it." }-

Steel and Snowbound if it is not too much could you provide what your set up are (see my config of software and H/W) in the signature. ?

I know some members don't do it but it saves time and saying maybe you have this or that conflict.

Steel do you still use ZA FW at all now? or old version?;D

-{ Quote: "YES, i highly agree with snowbound. If you want to get Zone Alarm working with no problems, you will need to remove all the old registry files/keys, etc. Then use CCleaner to make sure all the old files are gone from your computer. It may be a real pain, but the ending results will be worth it." }-

The OP asked for feedback on ZA Pro. Here is a question for other ZA pro users here. Does anybody else get this symptom? Run latest CCleaner and let me know if you get it as well?

What is the ZA Mailsafe Default Icon?

When running CCleaner it defines it as an "issue" and suggests deleting the registry key. Did that each day, but it seems to return after routine updates to product.

Is this a ZA Pro bug?

-{ Quote: "The OP asked for feedback on ZA Pro. Here is a question for other ZA pro users here. Does anybody else get this symptom? Run latest CCleaner and let me know if you get it as well?

What is the ZA Mailsafe Default Icon?

When running CCleaner it defines it as an "issue" and suggests deleting the registry key. Did that each day, but it seems to return after routine updates to product.

Is this a ZA Pro bug?" }-

I have the same issue as what you described. It could be a bug. Best bet would be to contact their tech support for an answer or go over to their forum to see if anyone had problems. Myself i will leave it alone, until it gets on my nerves, then i will remove it from the entire program. It could be a simple registry key that needs to be changed.

-{ Quote: "I have the same issue as what you described. It could be a bug. Best bet would be to contact their tech support for an answer or go over to their forum to see if anyone had problems. Myself i will leave it alone, until it gets on my nerves, then i will remove it from the entire program. It could be a simple registry key that needs to be changed." }-

Hi Cold, I see you are new?

Good idea on the forum do you use same id there?

I just ran CCleaner again and it popped up again! So this is bugging me. I could be a bug but whose? CCleaners or ZA's?

The register indicates it as an executable named

updclient.exe,-279 does that give you any clues? I opened up the binary saw some interesting stuff. Have a look at yours.

-{ Quote: "Hi Cold, I see you are new?

Good idea on the forum do you use same id there?

I just ran CCleaner again and it popped up again! So this is bugging me. I could be a bug but whose? CCleaners or ZA's?

The register indicates it as an executable named

updclient.exe,-279 does that give you any clues? I opened up the binary saw some interesting stuff. Have a look at yours." }-

Yes, i am new here. NO, i am NOT a member of that other forum, just looked around to see what the other people were having issues with their firewall, etc.
Wasn't ALL to happy how the members were treated by some of the Guru's, but that is a different forum, so i will drop this discussion about it.
In reference to your inquiry about a possible bug in either CCleaner or ZA. Looking at that updclient.exe, i believe it belongs to the updating of ZA, but i could be wrong. I will check it out, and if i find anything more, will post back.

-{ Quote: "Speaking of updating I have a question about installing ZA.

Should all ZA users complete a new install on upgrades or just
download the new version on top of the old version?

Thanks" }-


I think everyone has different problems. I never uninstall the old version,I stop ZA from loading at start up and upgrade and reboot. Not once have I had any problems.

-{ Quote: "The OP asked for feedback on ZA Pro. Here is a question for other ZA pro users here. Does anybody else get this symptom? Run latest CCleaner and let me know if you get it as well?

What is the ZA Mailsafe Default Icon?

When running CCleaner it defines it as an "issue" and suggests deleting the registry key. Did that each day, but it seems to return after routine updates to product.

Is this a ZA Pro bug?" }-
No it is not a bug (at least I don't think so!). Everytime you click the email-protection tab Zlclient.exe will set a value on the following Key:-

HKLM\Software\Classes\Zamailsafe\Defaulticon

and every hour, when an auto-update occurs, Updclient.exe will also set a value on the same Key. If you run a Reg cleaner after one of these events, it will find the Key and clean it 'cos the path no longer exists. You get a lot of this sort of thing if a Reg cleaner is set to look at 'transient' positions that are constantly written to. The answer is not to bother to clean this sort of entry - it is pointless (though no harm will come from doing so).

-{ Quote: "No it is not a bug (at least I don't think so!). Everytime you click the email-protection tab Zlclient.exe will set a value on the following Key:-

HKLM\Software\Classes\Zamailsafe\Defaulticon

and every hour, when an auto-update occurs, Updclient.exe will also set a value on the same Key. If you run a Reg cleaner after one of these events, it will find the Key and clean it 'cos the path no longer exists. You get a lot of this sort of thing if a Reg cleaner is set to look at 'transient' positions that are constantly written to. The answer is not to bother to clean this sort of entry - it is pointless (though no harm will come from doing so)." }-

Thanks TopperID.

Thing is I don't use auto-update, preferring to use manual updates. As well, I have turned off email protection on ZA Pro in favor of BD 10 doing that job. So it looks like that choice has no impact on the updating that I don't use!

As a new test for ZA Pro. I put 1 item in MyVault it was my license # for ZA.
I then triggered a manual update. You might expect they would want the license and they did! it was blocked as protected and then I expected the update to fail.

Wrong again, the update proceeded as if the blocked license # didn't matter!:o

I'm gone now!

-{ Quote: "Thanks TopperID.

Thing is I don't use auto-update, preferring to use manual updates. " }-
If you do a manual update you will run Updclient.exe and the first thing that'll do is create the Defaulticon Key and set a value on it. You will then delete the Key with CCleaner and the whole thing repeats itself over and over - so there's no need to clean that Key out!

No problem, I agree.

What did you think of the license # test? Can you duplicate it on your set up to make sure?

-{ Quote: "I think because you and Fax disagree in another thread you have taken this personal and now have taken what I call a "cheap shot ". Come on now we are all better then this." }-

To Guru Greb49er of ZA Forum:

....and speaking of cheap shots, why not worry about treating ZA members
with more respect, instead of deleting their posts?

Escalader/ArrowPilot

-{ Quote: "I think because you and Fax disagree in another thread you have taken this personal and now have taken what I call a "cheap shot ". Come on now we are all better then this." }-

Try learning!

http://www.matousec.com/projects/win...ewalls-ratings

ZA is not # 18)

Read the pcflank test site blocking story!;D

-{ Quote: "Try learning!

http://www.matousec.com/projects/win...ewalls-ratings

ZA is not # 18)

Read the pcflank test site blocking story!;D" }-

Try reading... ;D

Matousec did not test ZA 7 but ZA 6.1
Only leaktests were tested against 7 and that score is still in the first three...
and, by the way, you can't assess a firewall only based on leaktests performances ;)

-{ Quote: " .....Since we reviewed ZoneAlarm Pro 6.1, its vendor have noticeably improved this product, fixed many bugs we have reported and released ZoneAlarm Pro 7, which would probably score much better in our tests than its older version...." }-

Correct link: http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php

Anyway, good luck with your quest for a ZA replacement :)

Cheers,
Fax