The Truth About ZoneAlarm

Discussion in 'other firewalls' started by Michael Glenn Smith, Oct 20, 2002.

Thread Status:
Not open for further replies.
  1. I haven't seen a lot of discussion here about ZoneAlarm and it being a complete joke on their claiming to block all outbound packets. Leave it to the people who exposed Evidence Eliminator to expose in living color the truth about ZoneAlarm. Radsoft has it all documented with emails on their site and it reads like a novel.
    http://www.radsoft.net/resources/software/reviews/za/
    michael
    Switched to Look 'N Stop for good!
     
  2. controler

    controler Guest

    Here comes the Blaze ... I can see it now :D
     
  3. Primrose

    Primrose Registered Member

    Joined:
    Sep 21, 2002
    Posts:
    2,743
    :rolleyes: :rolleyes:


    needs "proper link layer filtering"...." silently 'eating' the packets it cannot control." ;)

    Makes me hungry..what is Blaze going to be cooking up this weekend...cruchy potato chips..or a four layer wedding cake.

    Do not give him indigestion. :p
     
  4. eyespy

    eyespy Registered Member

    Joined:
    Feb 20, 2002
    Posts:
    490
    Location:
    Oh Canada !!
    Michael,
    Any test results on ZAP 3.1 ? That link shows logs/comments for ZAP 3.0 !
    Another interesting link....http://www.radsoft.net/news/20021016,00.html

    bill :mad:
     
  5. root

    root Registered Member

    Joined:
    Feb 19, 2002
    Posts:
    1,723
    Location:
    Missouri, USA
    Well Michael, that was a book. :eek:
    A rather interesting read in some spots, but its old news. I had not come across the McAfee connection before, so I thank you for posting the link. Interesting info about McAfee and Gibson when you look at the big picture.
    I have always had some concern as to how all of the firewalls are "fixing" the leaks.
    I will not belabor the point that I am not a strong ZA fan. I do however advise some very new people to use it simply for its ease of operation. The information about the "fix" in version 3 although troubling, does not seem to be of monumental importance. I am somewhat concerned about Gregor Freunds attitude towards all of this. I suppose that is the tact anyone in his shoes would take. Sigh!
    I'm interested in Martis and LWMs reply to this.
    MRBLAZE, take a valium and rest for 20 minutes before replying. :D
     
  6. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    No great surprises here, though it is put together in a great "dated log" type format. Thanks for posting this.

    For myself, I've never been one to count on any single piece of software to defend my system, or to even defend itself against attacks by other privileged programs running on the same box. I'm glad other firewall vendors are out there improving their products to respond to these threats. (I'm waiting for TPF 4.0 to stabilize and come out of Beta to see if I want to switch my firewall component over and not just use the sandbox.) I believe that competition will eventually force other vendors to improve, as well, with the result being better products for everyone.

    I've seen and been part of the discussions regarding the complaints that many have made about some vendors, Zone Labs in particular, spending so much time on bells and whistles and pretty GUIs, while ignoring the core product and its primary mission - firewalling.

    As to any replies or disputes with the linked presentation - I couldn't possibly make any, as I have not the tools or ability to test it all for myself. So, I'll end my this post by linking to other recent related discussions and responses.

    The latest discussion here at Wilders relating to this topic is probably Andreas Haak's here:

    http://www.wilderssecurity.com/showthread.php?t=3840;start=15

    Also, there was this discussion and sub-linked threads at DSLR:

    http://www.dslreports.com/forum/remark,4556755~root=security,1~mode=flat

    As to the last radsoft.net item linked by eyespy above, the Zone Labs response posted here by Marti:

    http://www.wilderssecurity.com/showthread.php?t=4268

    Best Wishes,
    LowWaterMark
     
  7. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
  8. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :Dhe's comeing
     
  9. Pieter_Arntz

    Pieter_Arntz Spyware Veteran

    Joined:
    Apr 27, 2002
    Posts:
    13,312
    Location:
    Netherlands
    :D
     
  10. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Be calm!! :)
    Be cool!! :cool:
    Be Blaze - er, well, maybe not that one. ;)
     
  11. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    :D1-2 blazeys comeing for you
    :D3-4 better lock your doors
    :D5-6 better stay alwake threw the rambleings
    :D7-8 get a check out and z team to stop blazey lol
    :D9-10 get an admin to edit blazeys post lol

    nah lmao im just here to have fun guys only issue i have with zap is the uninstall issue and thats it

    low water mark said it himself they concentrate to much on bells and whistles and not the real issues.

    zap is a good fire wall and dont belive the hyp on that post and there always vunrabilitys to every program no program is absolute.

    Zap gets picked on cause its the most populer fire wall.

    if you want a 99.9 sure thing get zap working with a hardware fire wall and your perty good to go
     
  12. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    Very restrained Blaze ;) Your points are correct though, in the internet world many popular programs get hammered on a daily basis by knockers trying to pick fault.
    Whilst I love Mozilla and Opera I dont believe that they are so much more secure, its probably just because IE has such a huge market share that its targetted alot more.

    The same seems true with ZA.

    The way I see it, if you like a program and it works well 'for you' then use it, learn its weaknesses and if possible 'patch' it and lock it down but dont be persuaded to ditch it just because you read horror stories.

    Just my 2 penneth.
     
  13. CARCHARODON

    CARCHARODON Registered Member

    Joined:
    Oct 1, 2002
    Posts:
    68
    Location:
    Portland, Or. USA
    The problem I have with this is the ZA people are aware of this issue and they haven't let us know that they are going to fix the issue properly. Leaks in firewalls should be their top priority! That is what a firewall is suppose to do, not block ads & filter out java script. If they don't take these issues seriouly I say its time to find a company that does & use their software.
     
  14. luv2bsecure

    luv2bsecure Infrequent Poster

    Joined:
    Feb 9, 2002
    Posts:
    713
    Hello All!!

    I was alerted to this thread and just wanted to make a quick point with tinribs that maybe he hadn't clearly thought through. I don't usually venture "up here" too often and stay "down" there helping to moderate the privacy discussions.

    However, this is a huge privacy issue. Before a string of calamities in my personal life, I had a very good exchange of emails with Rickster w/radsoft (who I believe has posted here from time to time) concerning this ZoneAlarm issue. I have known about this for some time and frankly, would never use ZA because of it.

    Think about it: We go to extraordinary lengths to keep trojans out of our systems. When they slip by and are caught by one of the good ATs available, we take some measure of peace in knowing that our firewall would not let have let the trojan call home because of its not being able to get past the outbound protection of the firewall.

    But ---- what if you don't really have the complete outbound protection you thought you did?

    So, back to tinribs post, this isn't just a "picking on issue" - it's a known problem with ZoneAlarm! If it truly does not block all outbound traffic (as it advertises) that is more than something you can just "learn its weakness," and continue using the program.

    I hope Rickster will come on the forum and discuss this issue and the unbelievable cover-up, runaround, and finally, quiet silence regarding this issue as the press quickly backed off. ($$$$$) It makes one wonder.

    The entire shadowy involvement of Mr. McAfee - in itself - is enough to make you wonder about why the media backed off the ZoneAlarm issue. Do you know how much $$$ McAfee spends on advertising his companies own products in these very magazines that were prepared to blow the ZA issue out of the water? The complete disappearance of the media -- just as it was to break all of this -- was too much to swallow.

    People pay good money for true security from many products and not partial security, as is the case with Zonealarm on the outbound issue. It's my feeling those who care - as we on this forum do - cannot pretend this is not an issue and just assume they're being picked on. I would dare anybody to read the chronology of information on the site mentioned in the first post and still recommend the product to anyone for any reason.

    It's a serious privacy issue that still has not been answered without double-talk. Just because the media runs doesn't mean we have to be quiet here. I hope, tinribs, (and I have a feeling after you think about how serious this is) that you will reconsider the advice concerning ZA in your last post.

    Hope everyone's week is starting off well!!
    Take care and come visit us down in the privacy forums sometime!

    (add-on edit) at 6:32PM PDT:
    I realize how strongly some people feel about ZoneAlarm. Please - I beg you to take a look at the evidence and not blame the messengers. I couldn't, in good conscience, read this thread and not tell you what I know about this. It's not pretty.

    John
    Luv2bSecure
     
  15. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    A question to anyone who's been able to fully digest this issue, and who understands overall, all that's linked at radsoft's site...

    Is the issue at this point that the newest versions of Zone Alarm are still vulnerable, or, is it that people are mainly upset (and rightly so, I agree) at Zone Labs for all the denials and the run-around regarding this issue?

    If I read this correctly:
    http://www.radsoft.net/resources/software/reviews/za/1.html
    and this:
    http://www.radsoft.net/resources/software/reviews/za/2.html
    It seems ZL worked around the problem by just dropping all the packets it couldn't handle. This certainly breaks any apps that need non-standard network access, but, doesn't it also stop the exploit? I'll grant that they never admitted to the exploit, but, does this particular change in ZA actually stop it?
     
  16. Tinribs

    Tinribs Registered Member

    Joined:
    Mar 14, 2002
    Posts:
    734
    Location:
    England
    True, I maybe passed the comment a bit lightly, my views were made for the 'average' user of ZA, this I feel is someone who has read that they need a firewall and have gone to , maybe, download.com and looked for the most popular and installed it.

    True it has serious issues but I doubt the 'average' user is either aware or bothered. It seems to be doing what it says on the tin and so they are happy. I did suggest they learn its weaknesses and 'if possible patch it and lock it down', if they do read into it and decide its not for them then sites like this can help them greatly in the search for knowledge and a better product.

    But I fear the 'average' user will not. I take onboard the seriousness of security violations as we all do, but I stand by my comment that joe average will not be aware or even bothered,sad but true.

    I dont wish to deviate from the thread and make an issue of this, we all know the implications of violations to our security but then we are 'involved' in it daily.

    My initial post was a bit dismissive, and I take on board your comments. :)
     
  17. CARCHARODON

    CARCHARODON Registered Member

    Joined:
    Oct 1, 2002
    Posts:
    68
    Location:
    Portland, Or. USA
    LowWaterMark, you have the same interpretation of these comments that I do. This is ZA's hack of a solution.. So even if you have a trojan that is attempting to use this exploit you will never get notified.
     
  18. Mr.Blaze

    Mr.Blaze The Newbie Welcome Wagon

    Joined:
    Feb 3, 2003
    Posts:
    2,842
    Location:
    on the sofa
    well lets talkabout a solution on patchs or security fixs to easly remedy the problem otherwise there will be alot of newbys at risk and i hate to see anything bad happen to me or my fellow newbys lol.

    how we fix this a work around the issue with out haveing to give up za

    thers always a way maybe in security settings or a filtering software ect
     
  19. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,842
    Location:
    New England
    Agreed. It is a hack of a solution. The current versions of ZA will not tell you if something (malware or special network software) is using a non-standard network interface trying to get out. But, it also sounds like it won't get out, either.
     
Loading...
Thread Status:
Not open for further replies.