ZASS: A Perfect Spy?

Story

 

Ho ho ho. You can't even block that with the firewall because it is your firewall. Bug indeed... Trust No-One.

I sense a huge migration to Sunbelt Kerio firewall very shortly...

 

My response on this:
http://forum.zonelabs.org/zonelabs/board/message?board.id=security&message.id=14302#M14302

We've had discussions on the ZA forums on this quite a long time back (before ZASS, AV came out). And the rumour that ZL may be helping the U.S. government. A guru had even posted the official response from ZL regarding this and how to totally stop the communication if one wanted to do so, although its not advisable as you would not be able to receive things like automatic Av and AS updates etc. (this post is slightly outdated since it does not address the antispyware component):
http://forum.zonelabs.org/zonelabs/board/message?board.id=security&message.id=9675#M9675

Also when a person installs ZA, the person had to agree to ZA's EULA and the EULA has stated what the communication between the program and ZL's servers are used for. I don't think there is going to be a mass exodus just because a bug is found. I don't see people leaving Kaspersky or other AVs when a security vulnerbility was found last year.

 

It seems to me you have to trust someone. In this case it would be ZA to do what is right and protect your computer. If ZA is gathering information for purposes other than personal computer protection they need to put out of business.

 

There have been a lot of speculations about ZA spying on users or integrating secret backdoors for NSA, using svchost as carrier, etc...So far, all of this has remained speculations.

Its known that ZA collects information on programs but to the benefit of the user and its security. They should however allow user to stop this flow or advise user that using their product means also communicating with ZA servers...

Fax

 

Fax, do you know were to find information about these communications, like wich servers etc. etc.
Could not find anything on the link mentioned in the first post

 

I had Zonealarm pro and Safe'N'Sec installed on my computer and had disabled everything in Zonealarm from any contact with their servers.
Safe'N'Sec kept catching Zonealarm trying to connect out to Zone Lab's servers, nevertheless after having my suspicions confirmed I uninstalled Zonealarm.
I think Zonealarm is an excellent firewall but I can't trust it 100%.
This is not a new problem with Zone Labs, it has been going on from version 2 as far as I can remember from reading the comments at Grc.com.

 

Again as I have mentioned, the type of communication that the program makes with Zone Labs servers were written down in the EULA to which a user has to agree to install(if you don't agree, why install it in the first place?)

Basically, the communication is used to:
a) check for antivirus updates
b) check for antispyware updates
c) check for newer versions of ZA
d) to get information for its SmartAdvisor feature.
e) Sending information to Zone Labs about the type of permissions user give to their programs. This enables ZL to quickly analyse which are the most frequently used programs (hence should receive more priority in ZL's analysis). It also enables the analysis to proceed at a quicker rate since knowing the settings of different users allows investigtors to get a good idea if the program is legitimate or not.
When ZL started with a revamped SmartDefence Advisor database with the introduntion of ZA 6, the programs in the database started from a mere 3 preograms to a whopping hundreds of the most common programs used and malware present in a span of just about 6 months. This wouldn't havce been if none or a few users send ZA feedback and it has helped millions of users worldwide to make the correct configurations for a safer internet experience.

 

yes i am sure it was for our own good.
They just do not want us to know in order not to become upset...
How thoughtful...

I am trader and every day i play thousands of $ in forex.
I have the right of privacy and thats why i installed a firewall at the first place.After learning that ZA does these things reported above, before a couple of hours, i uninstalled it and I purchased outpost pro which was my second choice at the first place.
Whats this thing with information collecting?
Its very annoying and antidemocratic .I dont trust ZA to collect data from my system and transmit them without me being able to aythorize the transmission of this data.
Oh and stop this crap for making the program better...
Is the same thing when they tell you "Oh well lets restrict your rights...its for your own good.Those bad bad terrorists want you dead."
As a great american has said.
"Who he exchanges freedom for safety deserves neither."

 

Hi SSK,

I don't use ZA right now ( ) but as far as I remember were all to ***.zonelabs.com (where '***' can be different such as, for example, ps2.zonelabs.com, pa2.zonelabs.com, etc...).

You could check in Zonealarm forum, it was discussed many times in the past...

Cheers,
Fax

 

Zone Alarm is an excellent project of security.
Nothing to worry, guys, only for a few bugs or even free You Become Member of a Zombie Laborers . Ups, my keyboard (not only) makes me crazy…
Golden rule:
Profit + Security = d…(amn smart) user + Money

 

Hello Chaos,

Which part to the types of communications do you object to?

I use ZA Pro and I shut off looking for newer versions and opted out of the Smart Advisor or any other communications.

If you object to Anti spyware updates, or AV updates, then why did you get the suite? - if that's what you had, not clear from your post.

Regards - Charles

 

Again they let you what the communication is for in the EULA. And you are free to decide if you agree to the EULA (nobody is stopping you). ZL cannot be faulted for a user pressing the 'Yes' button at the EULA screen if he or she does not properly take the the time to read. If you press 'Yes', you wholly agree to ZL's communication policy and every ZA user is aware of this. If you don't feel comfortable with the EULA, press 'No', the installation will stop and you won't have a pece of ZA on your PC. Then just ask for a refund. ZL is an American company so they are pretty aware of the 'freedom of rights' rule there.

I am on a accountat at my company and so my company's wealth is sort of in my hands. I pretty much trust ZA more than any other firewall. I have seen the effects of feedback back to ZA and approve it because it helps so many more people out there to make correct decisions instead of granting server rights to everything. I think people these days get too easily paranoid over things. If you want the better security for your share trading, get Mac or Linux. Greb49er, a senior contributor at the ZA board said this(sor at least somewhere along the lines).
Windows itself is inhenrently dangegerous. No matter what piece of security software you install, you are always going to be at a higher risk than Linux users. If you want much better security than what your firewall, antivirus and antispyware programs currently provide you, then switch.

 

Why is everyone calling this a bug ? It is not a bug . It was purposely inserted in the program . So , Unhappy Viewer , people leaving would not be due to a bug . It would be due to the fact that people want to be private and do not like this type of business practice . That is all . if it were me , I would leave it anyway . But , to each his own . ZAP is easy to use and besides the " spying " people are referring to , not a very good choice . There are much better ones . ZAP still has a ways to go but , that has been the case for quite sometime .
Again , I do not know why you are calling this a bug . It is just a business practice of theirs . Nothing more . And some people do get funny about things like that . Does not bother me but , I do not use it anyway .

 

We don't know if its a bug or not. The gurus have not heard anything from Zone Labs nor has Zone Labs postd a security advisory. But this is just bringing back an age-old topic maybe because of the "attack against big boys syndrome". We have instructions in the ZA forums on how to stop the comunications if one wishes to do so.

I believe ZA still provides the best protection out there (otherwise I would have jumped ship by now). When you have a excellent product, reputation spreads very quickly and is demonstrated by the many millions of people in the world. When Sygate firewall was still being supported by sygate, it was a runner-up to ZA but its user base was still way below that of ZA. Now with Syagte out of the competition, the runner-up is probably Outpost or Kerio but they have even fewer number of users.

 

Like I said before, I followed the directions on how to disable any type of communication and if it wasn't for Safe'N'Sec, I would have never known that Zonealarm was still connecting out. This surprised me considering that I was supposed to have turned off all means of calling back.
I had heard of the rumours before and was willing to give Zonealarm the benefit of the doubt until my HIPS program alerted me to the calling out which I looked up the address and it was to Zonelabs.

 

Hi Unhappy .
Just a side note here . Just because millions use something , does not make it worth anything other than possible stupidity . Ask and you will find that many , if not most , users of Norton use it because they read about it or it came on their computer and just renewed it . It is the person that KNOWS more than the average user that uses better programs . Case in point :ZAP offers alot . Their performance however , is lacking . You trust them and think they are at the top . Good for you . I assure you that they are not . They WERE many years back , before the takeover . I do not push one particular firewall but , I am amazed at the # of people that think ZAP is great . But , you have used it and see no reason to look elsewhere . If you did , and know what to look for instead of believing others of less intelligence , you would find much better protection is available . ZAP is very easy to use . No doubt . It offers alot of nice options . No doubt . The problem is , they continue to offer more new features without making the ones that came before , work securtely . And , have you ever tried their support ? Wo0oooHoooo .
Bottom line is , it is people like you that keep many lower class programs toward the top when it comes to user numbers . When a movie debuts over a weekend and made , say , 50 million dollares . it is considered a GREAT movie . WHY ? Because of the money spent on hype . It does NOT mean it was a great movie . ZAP is hyped mostly due to ease of use . More people go to it knowing this . They like the look and feel and before long , it is difficult to change whether it works well or not . If you cannot , or do not know how to ,test a firewall thoroughly , you feel secure enough with what you have . ZAP works for you and that is fine . It makes no difference to me . Just letting you know that there ARE many better options .

 

When I've used ZAP, it seems just as secure as any other firewall to me. If you make advanced rules, you can tighten things up more. If you say that there are better options, you have to be specific.

 

Hollywood,

I personally thinkthat Norton is good in terms of its detection rate although not at the top with NOD32(which has also been shown on AV Comparatives). Its just heavy in usage for people who don't have fast computers. On my wife's laptop, I have Norton installed while on my main computer, I use Kaspersky. Does that make me stupid? Does that make BigC also stupid since he is one of here that supports NAV? Ultimately it comes down to a personal choice.

ZA is pretty much one of the most(if not the most) secure firewall out there (in fact some people have complained that its even too over-protective). I don't know where your facts come from but if we look at Secunia, ZA has one of the safest records out there for firewall. Even for its version 6, the 'vulnerbility' listed there should not even be there since "Secunia does not normally regard this kind of security bypass in personal firewalls as a vulnerability.". I think one would be very hard -pressed to find a much more secure firewall especially one that is targerted my alot of hackers since its the most used. I am not saying other firewalls are crap. In fact I respect them because they too are are very secure and cotinually pushing Zone Labs to continually up their ante. In my opinion, I just feel that ZA is better after I tried out the other firewalls. It has probably one of the best protection, coupled with an eay-to-understand UI but still allows people who want more contro to make the appropriiate changes in ZA.

 

It is as secure as any other, moreso if you take the time to set up the advanced rules. I'm not sure why hollywoodpc has such a vendetta against ZA, but that's his opinion and his opinion only. He can hate it all he wants but that doesn't change the fact that ZA is one of the best firewalls as you can use, if set up properly, simple or not.

I'd also like to hear some specifics from hollywood on what he uses and what is the better solution in his mind.

 

Hi Chuck .
I am saddened that you think I hate ZAP . I do not . I have a very soft spot in my heart for it . It was one of my first . I actually learned alot from it and it started me on my way to being who I am in computer and network security . No hate at all . Much more than an opinion but , you choose to believe as you wish . You should always look at posts with a grain of salt anyway . I know that ZAP has problems . Not bugs . Actual security problems . That is not to say it sucks . Their biggest problem , IMHO only , is they add features without making them as secure as possible before adding something else . Many are amazed at the wording of " 3 layer defense " and OS Firewall " . Nothing to it actually . Oh , they could be GREAT . Zone Labs will not make it so though . But , again , believe as you wish . As for a different solution ? Nope . You like ZAP so stick with it . I cannot change your mind nor do I wish to . Please refrain from saying I hate ZAP . I do not . I like it . I just wish someone would buy it and secure everything it has to offer . THEN the only thing better would be Tiny . ZAP is fine for the average user .

 

Ok, if you think it has security problems. please substantiate your statement and explain what the security issues are(other than the issue of calling home, which this thread was about). If there really are security issues, then I'm sure people would like to know about them.

I am always open to something better, hence why continually look at new software. If you know of better solutions, please share them with us.

 

Could Unhappy_Viewer address this posters point;
Like I said before, I followed the directions on how to disable any type of communication and if it wasn't for Safe'N'Sec, I would have never known that Zonealarm was still connecting out. This surprised me considering that I was supposed to have turned off all means of calling back.
I had heard of the rumours before and was willing to give Zonealarm the benefit of the doubt until my HIPS program alerted me to the calling out which I looked up the address and it was to Zonelabs.

and could he tell us if that was in the EULA?

 

Why don't you all just get a router? at less than $50 it would actually be about the same as a copy of ZA and with a router you can block all the ports you want. Am I missing something here is a router no longer enough?

 

Zone Labs response to spying claims

http://forum.zonelabs.org/zonelabs

Zone Labs has a variety of solutions, including the ZoneAlarm Internet Security Suite, that offer consumers protection against Internet threats such as spyware, viruses, Trojans, rootkits, keyloggers and more. A recent report in Infoworld included information that may be misleading, and we would like to assure all of our customers that the integrity of our security solutions and the privacy of our users are not only intact but of the utmost importance to us.

To clarify, in order to ensure that users have up-to-date protection, the ZoneAlarm product family relies not only on powerful desktop technology but also a central server-based infrastructure. Security software is no longer a self-contained program that can be updated annually. With zero-hour threats emerging, consumers need dynamic ongoing updates. For example, the ZoneAlarm SmartDefense Advisor service allows us to block rapidly propagating malware trying to enter a user’s system - long before a signature can be written. These communications are not only essential to the effectiveness of our products, they are a significant part of the reason why most customers purchase our software.

The only way to deliver those updates is to maintain some level communication between the software on a user’s PC and the Zone Labs servers. If a user disables that communication, they can significantly compromise the protection offered by their ZoneAlarm product. Our customers need their anti-virus product to update regularly. They want to know if a newly discovered keylogger is trying to install on their computer.

Despite the value of these services to our customers, we realize that a very limited number of users do wish to disable all communication and cut off all updates - even though this will weaken their security. We’ve done our best to accommodate these users over the years. We do currently have an issue where ZoneAlarm continues to ping a server when in fact a user has asked it to be disabled. It will be fixed as soon as possible.

For any users who are concerned about this communication between the user’s PC and the Zone Labs servers, it is important to note that Zone Labs does not infringe upon the privacy of our customers. We don’t save personal information. We don’t do many other things that legitimate software companies do to enhance their marketing efforts, like use persistent Web cookies. This conservative approach is intentional because we take privacy extremely seriously.

After being contacted by James Borck of Infoworld, we maintained an ongoing dialogue with him to discover the source of his issue. Initially, we were unable to reproduce it in our labs, until he submitted his log files. At that point, we were able to identify the bug and provided Mr. Borck with a temporary workaround. We never refuted his contention that an issue existed, although it did take some time to replicate it.

The actual communication in dispute is a simple encrypted GET file that is checking to see if the user’s security software is current. We will continue to work with Mr. Borck and anyone else who might have any concerns about this issue.

With the Internet threat environment having evolved to the point where viruses can propagate around the world within hours, we must recommend that people do not disable their ZoneAlarm product features that connect your PC to Zone Labs’ servers. Security software today can no longer be perceived as a static product. It is a service, and only through dynamic updates can we ensure that consumers have relevant, proactive protection.