Zonealarm Pro 9.3.037.000 Contacting Checkpoint

Decided to test ZA Pro 9.3.037.000. Successfully entered license key and did not register. Very careful to disable everything (including Smartadvisor, updater, sharing data, etc.) that could possibly phone home during install and configuration. Imported my saved xml config file from the last time I tried it and rechecked all settings. Noticed via TCPView that in spite of this, it was contacting Checkpoint @ 209.87.209.50 and 209.87.209.206 each time it starts up. Saw my license code when later sniffing http. Even after these IPs had been added to the Blocked Zone. After restoring pre-ZA drive image, tried fresh download from Checkpoint of previous version 9.3.014 and it did the same thing (even without xml settings import...just disabled everything that could possibly contact Checkpoint) Posted this to Zonelabs user forum and went back couple hours later to see if anyone has also seen this, but my post had been deleted.

(I just restored the image I made before installing it and don't have time to mess with it any more)

 

Hey,

Not trying to be nosy here but I believe this subject has been beaten to death in these forums. If I'm not mistaken the user whose nickname is Escalader started this subject 2 or 3 years ago and it escalated into an argument between him and this ZA Moderator [who also happens to post here] nicknamed Fax.


If you cannot trust software “XYZ” because it “phones” home you will have to either pull the network cable from your PC or stop using the “offending” software.

Windows phones home for updates, Antivirus phone home for definitions, firewalls phone home for updates, and so forth.

What I think about all these discussions that some people are just being a little overly paranoid.


Regards,


Carlos

 

I don't have any software phoning home actually and going to keep it that way. A few years ago ZA was "caught" phoning home and they said it was a "bug" and it was fixed in 6.1.744.000. That's why I was surprised to see it back. I know that not everyone cares if they have full control of their PC but I posted it for those who do. And I'm not saying it's anything more than a bug. Although I have "stop using the “offending” software" I didn't think it was right keeping silent.

 

Hello:

I am the guy who was working on a learning thread here several years ago involving ZA Pro (32bit) on xp at the time if memory serves.

The purpose of that thread was learning. I have zero interest in going over that old trail again it is in the stickies last time I looked if anybody wants to do that.

At that time, I was testing/learning about how to use the ZA privacy feature to avoid sending outbound packets containing my private data without my permission.

What I did was enter the ZA license code I had into the ZA tool along with SAS at the time. Both products had requested their licence codes while carrying out updates. There was a ZA dust up over reporting this but it did die down. SAS did not care about it. Maybe they felt that the less said the better.

I no longer use ZA so I don't know my self if it still does these things or even offers a privacy data feature.

I use OP FW Pro now and it has a similar feature called ID block. I load my privacy list with all my 3rd party license codes along with sin numbers bank account numbers etc.

SAS still asks for the code when updating and OP provides them a packet with the code replaced by ****'s ! Yet the vendor still gives me the update.
A few years back ZA did exactly the same thing. It's true that they didn't appreciate the posts on this.

I think it is sort of funny that these firms ask for these codes and yet when it is denied or replaced they still update! Maybe they don't want to admit to doing this but that is just my guess. It could be wrong.

On a related example Yahoo email service asks for my postal code/zip code and my FW sends them **** again they still provide the email service!


All these are just examples of firms asking for private data and my guess is 99% of user setups provide it and Joe User doesn't know it.

Take it easy guys block this stuff if it matters to you otherwise carry on trucking!

 

Yes it still does have a privacy feature. If I ever try the firewall again I'll try entering the license code as private data. I don't need the firewall updated and had turned off automatic updates so maybe this will keep them from minding my business.

 

Ended up going (way) back to 6.1.744. At least it can be kept quiet. Despite Zonealarm's assertions that this will no longer work due to expired security certificates (ie. you better pay us more money for an upgraded version) this is working just fine on XPSP3.

 

I think its not about expired certificate but for the lack of fixes related to potential undisclosed vulnerabilities. This is far more worrying that the certificate itself. I think there is plenty of good up-to-date free firewall for you to consider than running a 5 years old and vulnerable software especially if it is supposed to be your primary/secondary line of defense.

 

That's ok. Not primary defence. All usual listening ports are closed + using a router + using SBIE + other stuff so no worries. I wanted this to just alert to apps phoning home without having the alerter itself phone home. I don't like any of the "up-to-date" firewalls (free or paid) so this is working out fine for me...although I wouldn't recommend it for everyone.

 

Yeap brings the SYGATE PROXY BYPASS VULNERBILITY to mind.

When software like ADMUNCHER or Proximitron was used all the data passed via those two codes was not filtered by sygate and user had no idea that this was happenning. So all a trojan had to do is open a port 80 connection via the proxy IP and boom it was out.

 

Yeap