ZoneAlarm 7 or Outpost 4?

Gracie123.. if Windows FW is complicated to U maybe U should learn how to use it before U install something even more complicated..not knocking your intelligence because Iam a dummy...I use ZONE ALARM FW and it does a great job..I also use port watcher( not a brand name) to see whats coming and going and Zone Alarm doesn't CALL HOME unless U want it too..It will stop a Trojan in it's tracks frrom any source..Zone Alarm will tell U if it's trying to reach Zone labs, so don't be scared off from a great FW..later

 

Hello QuestionX

What exactly do you mean by this? Why would I 'want' ZA to call home?

No, it will not. This was the main issue with ZA in this thread. As I have already posted screenshots of a 3rd party software showing ZA's service calling out, and since you are currently using this firewall, would you mind showing the same warning from ZA? Just to substantiate your claims...

 

I am assuming Gracie123 is new to FWs, which makes me wonder how she could successfully manuaver through the daunting ZA clean uninstall, re-install procedure when doing an upgrade that requires it.

 

Hi!
can you show some sniffer logs about this? The only calling home that has been evidenced and verified by Stem (firewall expert here) on his setup, its a one time call after install... then if you turn off all advance features (updates, smartdefence, spysite blocking, etc...) there is NO calling home by ZA.

This was on version 337, don't know (and don't care personally) if it is the same in the latest 362.

Cheers,
Fax

 

Outpost ofcourse....lol

try both and see the diffrence..........

I try comodo beta, Kerio, but come back to outpost.....

 

Hi fax

Sure...



You are right fax, when I posted the screenshots with DSA alert, I thought that it would be better to show some Wireshark connections, but I just thought that DSA alerts would be clear enough for most as there is a connecting process there also. To indulge, I have downloaded the desired version (362) and tried the same, you can see that our dear old ZA still does it. The servers are different though.
Again, I was NOT warned from ZA on this. This is the key issue here, not the connection itself.

ZA does not call home after installation, it does so on EVERY reboot/startup (as I have already stated... in my previous post with that colorful DSA screenshots ).

Automatic updates have nothing to do with this outbound, as ZA uses another process for updating (zaupdclientsomething.exe, sorry, I don't remember the exact name). This is for TrueVector (the main ZA) process/service.

Cheers,

 

Hi!
just one clarification... did you disable all features (many) that connects out in ZA?

See here for a list of services:
http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html

Strange... can't reproduce it here...

Cheers,
Fax

 

I used to have outpost 3 in my machine and I absolutely loved it... Great firewall.. When my license expired i switched to comodo but i still think that outpost is better than zone alarm!

 

fax,

hi again

I will now post some detailed screenshots (again ). I have carefully followed ZA's instructions, even though they are for Security Suite v6. I used Za Pro v7, so my settings are slightly different.

from ZA site (link you posted)

This is for AS module, AV does not have "advanced" button...

This should be on previos screen, but Pro version (or v7, since these instructions are for v6) does not have this option

This feature is also missing from the Pro version, or I have not been able to find it (I am not very familiar with ZA settings BTW)

The result is this -



ZA says also this -

I will post more info if needed, but to me, this issue (bug) is not fixed yet. I will also like to see some correction on my findings from some higher instance.

My regards,

 

Seer

Any information on packets sent to the ZA home or the number of packets? A connection established but how or what much is communicated?

12fw

 

SEER..I use ZASS...not on start-up...I turn it on after I turn on my port watcher..after everything is loaded that way I can tell if anything is leaving out when I turn on ZA..I also have a stanby on my modem which I use before I crank up machine..Have the latest ZA with all updates..AM PROUD<<>>but still a DUMMY..later

 

Hi!
I am on ZASS... but these are my settings.

Spysite blocking should be turned OFF... Does ZAPRO have the spysite blocking? Please check...
Turn OFF spyware scanner...
And, in your case, turn OFF the antivirus monitoring feature.
Uuuhm, you don't have "share my settings" under the preferences tab (strange!!) and I have "Alert me with a pop-up" UNticked.

This way I get no contacts out...

Did you ever manually checked for updates? (overview --> preferences)
If not, try it before putting the switch to manual.

Cheers,
Fax

 

One OT post and subsequent reply removed.

Menorcaman

 

fax buddy,

do you have access to another PC or do you perhaps have VM or FDISR installed? I would really like someone (you, for example) to try and reproduce my findings with ZA Pro latest. Just follow the steps from my previous post.

I will check/try your last suggestions and post here later (or tomorrow in worst case), as I am very busy at the moment (job).

Just to add - I would also like to see this issue solved, and this outbound stopped by regular means (through ZA's settings), as I do like this firewall. I have not tried the suggested patch from ZA site (your link), I left this as a last resort. So, let's try to stop this from ZA settings first...

Regarding "Alert me with a popup" setting, this was not default, I turned it on.

See you later,

regards,

 

Nope, no VM installed and I am busy testing some betas right now...
But few suggestions. That server is cm2.zonelabs.com

According to ZA "... it assists in the functioning of various services including the AlertAdvisor, antivirus updates, and antivirus monitoring."

Given that you have disabled alert advisor and antivirus updates I would guess that only the antivirus monitoring is missing. The sentence is pretty vague so please try to disable what suggested before.

And if you didn't check for updates just give a go.... Stem reported that after checking for updates, ZA was silent.

On the "Alert me with a popup"... on the manual you can read the following:

"... There are certain situations in which you will not be notified before contact is made. Those include sending DefeneseNet data to ZoneAlarm, contacting ZoneAlarm for program advice, when an anti-virus update is performed, or when monitoring your anti-virus status. The "Share setting anonymously..." setting below, turns off the DefenseNet transfer. All other settings can be disabled from the main tab of their respective panels. "

Another strange thing is that you do not have "the share my setting" under the preferences... Is this normal in ZAPRO?? ZAPro has Smarftdefense and should also have this option....



Cheers,
Fax

 

I am on a night of testing, so will install the latest ZA(Pro) onto VM and recheck.

This is basically true. From my earlier setups, ZA did connect out to register, and also connected out through vsmon via https (I posted all info on this to this forum), after that, with all updates etc disabled, I only logged outbound for a DNS lookup (for zonelabs) during boot, but no outbound connections where attempted. (vsmon just made (r)DNS after that for logging)

I will take another look.

Regards,

 

Hi guys

This was just a quick check...

fax, I did just this (stopped AV monitor), and the outbound attempt on https is no more!
I am pleased now, but I would also like to hear what Stem says...

 

Hi Nick / fax,

I have setup ZA pro 70_362_000 onto VM (private lan IP). I am only currently seeing a DNS lookup for "zonelabs.com", no attempt at outbound connections at all (not even the registration/unknown https I have seen before).

I will play with it for an hour, just to check for any possibilities, but all looks OK.

Regards,

 

Hi Stem

I did it again from the beginning...
I fired up a fresh VM (Parallels), clean updated XP (only DHCP disabled). I install DSA and set it to high-alert mode ("Require user approval for each alert"). I then install ZA Pro 362 and touch nothing in the settings after the installation. I also delete vsmon process from DSA "approved processes" lists. I do get an alert from DSA for updclient.exe on some 213 IP, as I have not disabled auto-updates for ZA. But, after a while, 30 seconds or so after a reboot, I always get a popup from DSA for vsmon on 208 IP on port 443, out. Only disabling AV monitor stops this. Now, what am I doing wrong here?

 

U recon gracie123 is confused by now?...

 

Hi Nick,

IMHO this is not an issue. This could be seen as possibly a check on the installed AV with the ZA servers, if having this option disabled (and I dont think this is really needed) stops the connections, then I feel this to be OK.

My main problem was the fact that with all of these options disabled, ZA still connected out (in earlier builds). As from all my setups, I disabled everything before allowing connection to the internet (just for this "phoning home" issue). This now appears to be resolved.

 

Hello

Well, yes. As I said, if this outbound can be stopped from within ZA (even by disabling AV monitor, and I agree that it's not needed), then I am pleased. OK, case closed as far as I'm concerned. I (we) have learned something new, and I do apologize if I made a big fuss over this.

Cheers to all.

 

I do not think an apology is needed, you had concerns and posted these.

I think this issue will always be in our minds, simply because vsmon can connect out without popup/logging from ZA.

Regards,

 

Stem/Seer et al:

What does this mean to users like me who need a solid In/Out FW that doesn't make unauthorized phone homes?

It seems to me reading this thread that the ZA Pro 362 is fixed so as to not do these silent phone homes and yet the last post says that vscom can connect out without logging from ZA. So as usual I'm confused?

The OP was which would be best ZA 7 or Outpost 4.

Stem what would you say now to this question for yourself personally and then again for me?

Seer, what is your own view?

I have a high regard for both your views and don't want to put you on the spot!

This is a technical question!

BTW if memory serves ZA pro didn't have an AV but did have an ASW feature on or off at user choice.

 

Please refer to my post 14