ZA Pro blocking outgoing attempt-what is PC looking for and why?

Discussion in 'other firewalls' started by Galcoolest, Dec 16, 2004.

Thread Status:
Not open for further replies.
  1. Galcoolest

    Galcoolest Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    229
    Location:
    San Francisco
    My PC has been trying to connect with Port 80 at this location: http://hs2.zonelabs.com/

    WHen I went to see what it was, I got this, but I was too wary to hit the links in this:


    <?xml version="1.0" encoding="UTF-8"?>
    <SOAPENV:Envelope xmlns:SOAPENV="http://schemas.xmlsoap.org/soap/envelope/"
    xmlns:xsd="http://www.w3.org/2001/XMLSchema"
    xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance">
    <SOAPENV:Body>
    <SOAPENV:Fault>
    <faultcode></faultcode>
    <faultstring>java.lang.Exception</faultstring>
    <detail></detail>
    </SOAPENV:Fault>
    </SOAPENV:Body>
    </SOAPENV:Envelope>

    OKAY FOLKS< WHAT IS THISo_Oo_O?
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
  3. Galcoolest

    Galcoolest Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    229
    Location:
    San Francisco
    WOW, OH, WOW!!!!

    I thought i had a simple malware or misconfig issue, but 1 1/2 hours and scores of pages of posts later, I realize this is a big issue with ZA 5.5, the latest version. I am a member at the ZA forums, but posted here first because, as I suspected, the answer to the issue of ZA constantly trying to dial out would probably be found quicker in a non-ZA forum - and it was- sort of.

    Turns out the newest ZA is being accused of being virtual spyware- and though a couple of "affiliated" folks claim there is a definite fix to having your ZA dialing out all the time (when the whole reason you have it, for gosh sake, is to monitorand prevent that sort of thing), it seems that most folks are screaming that ZA's purported "fix" is ineffectual.

    I'm going to follow the advice I got from the threads CrazyM was kind erough to provide - saving me countless more hours jacking around in the ZA forum, which apparently is like chasing your tail, and I'll post back if I notice a change in the behavior of the ZA or not.

    Thnaks Crazy- you saved me some crazies tonight! For those who want more detail, below I have quoted a tidbit:


    %%%%%%%%%%%%%%%%%%%
    The reason we all use a software firewall in addition to NAT and/or our router firewall is (to a large extent) to ensure that desktop applications aren't allowed to phone home (or anywhere else) without our knowledge and permission. Bizarrely, or perhaps just ironically, what we find out in this thread is that the very program we use for this purpose phones home without asking permission and this apparently can't be turned off. Hmmm, well, should I really trust a company whose product violates its owned stated purpose and ethos? I don't think I have to wait around to find out if ZA is reporting back what sites I visit, or whether I have porn on my computer, or MP3s, or pirated software or even just how often I turn my machine on. No matter how benign the communication might be, the point is that this software circumvents the very reason I have installed it. Look at this thread, people are actually installing what amounts to another firewall to watch this firewall.

    Anyway, truth be told, I've had some suspicions about this software for a while due to the temptations a private for-profit company might have with so much software embedded in such a critical location. I think if you are truly paranoid, and let's face it many of us in this forum are, unless ZA decides to go open source, it's hard to see how they can be the product of choice. Yep!!! Zone Alarm phones home to 208.185.174.66 hs2zonelabs.com in both free (Spooler provided screen shots) and Pro. I have everything set to block. No AV monitoring. Soooo the question that remains is what data is sent and why? If we knew or could see/ approve what was being sent, there would be no concern.

    http://www.broadbandreports.com/forum/remark,11818674~mode=flat~days=9999~start=320
    ######################################

    FROM AN AFFILIATED PERSON (which fix supposedly won't work):


    The ZoneAlarm family of products offers a number of features and services that enhance your security by providing specific information about threats, configurations, and programs. To enable these services, ZoneAlarm security products communicate periodically with Zone Labs servers. Of course, this communication is done on an "opt in" basis; it is your choice to decide to take advantage of these features and services.

    Here are the steps to take to disable any contact between your ZoneAlarm product and Zone Labs servers. NOTE: Disabling these features will limit the functionality of the security product, in the ways described below.

    Turn off Antivirus monitoring found in ZoneAlarm, ZoneAlarm with Antivirus, ZoneAlarm Pro, and ZoneAlarm Security Suite. Choose Antivirus Monitoring (or Antivirus) | Main, and set Monitoring to Off. Disabling this feature will prevent the program from informing you when your antivirus solution from vendors like Norton, McAfee, Trend or CA is out of date or disabled.

    Turn off automatic updates to Antivirus Protection, found in ZoneAlarm with Antivirus, ZoneAlarm Security Suite. Choose Antivirus | Main, and click the Antivirus Options button. The Advanced Antivirus Settings dialog appears. Select Updates from the list on the left, and uncheck "Disable Automatic Updates." Disabling this feature prevents your ZoneAlarm product from automatically updating its antivirus definitions, radically reducing its effectiveness against new viruses.

    Disable Program Advisor (security advice from the AlertAdvisor) found in ZoneAlarm Pro and ZoneAlarm Security Suite. Choose Program Control | Main, and set the AlertAdvisor slider to Off. This feature can normally be run in automatic or manual mode. If you shut it off entirely, you won't have program access permissions assigned automatically, and you won't receive recommendations in manual mode. You will instead be asked to manually confirm (without advice) whether each new program, when launched, can access the Internet.

    Disable sharing your security settings, found in ZoneAlarm Pro and ZoneAlarm Security Suite. Choose Overview | Preferences, and uncheck "Share my security settings anonymously with Zone Labs." With this feature disabled, you won't be sharing your configuration information with Zone Labs. Zone Labs aggregates and analyzes this anonymous information to improve performance of our products.

    Disable automatic Check for Update functionality, found in ZoneAlarm Pro and ZoneAlarm Security Suite. Choose Overview | Preferences, and set the Check for Updates button to Manual. With this feature disabled, you won't be automatically notified when Zone Labs releases a new version of our products. You should make sure you continue to click the manual "Check for Update" button every few weeks, so you don't miss a product update.

    http://www.broadbandreports.com/forum/remark,11818674~mode=flat~days=9999~start=80
     
  4. nod32_9

    nod32_9 Guest

    These features have been around since the 4.5 (minus the AV monitor subroutine).
     
  5. Galcoolest

    Galcoolest Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    229
    Location:
    San Francisco
    nod- yes indeedy--- but I never had any of this happen before, which is why so many folks are crying foul- the little fixes to turn off "phone home " are not working to stop the dialing out...see why folks are ticked?
     
  6. nod32_9

    nod32_9 Guest

    Hmmm...are you saying that ET "phone home" AFTER you disable all those items?

    I don't have that issue with my ZA Pro 4.5.594. Can you load ZA Pro 4.5.594 and retest?
     
  7. Galcoolest

    Galcoolest Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    229
    Location:
    San Francisco
    This issue pertains ONLY to the newest ZA. Have never, nor has anyone else, seen this nonsense before. Many have indeed become so frustrated with the inability to turn off the ET stuff that have reverted to previous versions!
     
  8. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Many have switched to other firewalls as well...
     
  9. nod32_9

    nod32_9 Guest

    Not sure why folks believe that newer is BETTER. Version 4.5.594.000 works great...without the security issue.
     
  10. Galcoolest

    Galcoolest Registered Member

    Joined:
    Jun 18, 2004
    Posts:
    229
    Location:
    San Francisco
    I have actually received as an Xmas gift a year of the newest Outpost firewall, and will load it up when my ZA expires in one month. The program has a like 130 pg. pdf manual--- YIKES! I have some serious tweaking learning to do!!! And I will unload the stupid ZA in the meantime and go back to my last one. It's ridiculous, the controversy and intractability of the company about it (won't admit STILL that one cannot get rid of the ET element- they keep swearing if you follow the steps, it will stop- but it doesn't in this version).

    So, I ain't sweatin' it too much. In fact, I'm sweatin' the reading I'm doing for Outpost, lol!!!! :eek: :D :cool:
     
  11. nod32_9

    nod32_9 Guest

    Okay, thanks for the confirmation.

    OP 2.5 is another resource hog. It's designed for tweakers and paranoids, not the average PC users. ZA Pro 4.5.594.000 is much easier to use with about 1/3 the memory load. Your ZA activation key should work with version 4.5.594.

    I understand that some users will FEEL safer if they have the latest release of firewall XYZ. In that case, I would definitely recommend Lock n Stop! Many informed PC gurus in this forum are still running the free version of Kerio 2.1.5.

    If you have to read a 130+ pg manual to use a product, then it's not for you. I'm no dummy in this game, but I still need to spend about 12 minutes to digest the manual.
     
  12. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Fellow Creatures,
    I know I have suffered the ZLs Forums too. I only :ninja: in silence most of the time now. I have on my older PC the last version of ZAP 5.1 before 5.5 came out with ET turned off and have not really had any problems.

    Does OP 2.5 really hog that much more resources?? o_O :eek:

    By the way I saved a copy of ZAP 4.5.594. ;)
     
  13. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,041
    Interesting thread. With the exception of the Program Advisor thread, I've always run Zone Alarm Pro with the other settings they suggest as fixes.

    I monitor my system with DCS's Port Explorer and I've never seen any part of Zone Alarm call home. Only have the two ZA processes running. Running the latest upgrade.
     
  14. Q Section

    Q Section Registered Member

    Joined:
    Feb 5, 2003
    Posts:
    771
    Location:
    Headquarters - London & Field Offices -Worldwide
    Not a resource hog at all. What leads you to think that?
    It is not necessary to read the manual at all. The firewall comes out of the box pre-set for good security and the manual is just for tweaking explanations. It is not necessary to read it to learn to tweak the firewall intuitively either.
     
  15. nod32_9

    nod32_9 Guest

    OP Pro 2.5...+20MB of RAM using the default configuration. ZA Pro 4.5...7MB.

    Well, I need to refer to the OP manual. Didn't have problem figuring out ZA, Lock n Stop, and Kerio on my own.

    Let's use our brain for a few seconds. Name three consumer products that come with a 130 pg instruction manual? Show me REAL-WORLD data to support the idea that hackers have a better chance of bypassing a properly configured FW like ZA, Sygate, or Lock n Stop. The FW is doing its job when the PC is in STEALTH mode!

    The average users don't need all the bells and whistles in OP 2.5, but they WILL benefit from the use of ZA Pro's automatic hard drive cleaner. ZA's HD cleaner isn't the best, but it's still much better than doing nothing.
     
  16. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Fellow Creatures of the Wilders,
    I got my Norton Personal 2004 Firewall manual here....one second....hold on...let's see....page 104 ends with Troubleshooting Ad Blocking...let me see...oh, yes the other pages are pretty useless something about "Service and Support Solutions." That gets me to the index which starts on 108. Well not exactly 130 pages. But close enough. O. K. hold on I got be careful I don't hurt myself on this one..... :( . Staroffice good program for those who do not like to fund GATES lifestyle. Sun makes this one for those who do not know. Wow I forgot 3 manuals :eek: Manual One 71 pages "Setup Guide" I did use this one but it is not really totally necessary. Next manual Two Binary Code License written in every language on the globe. Hmmm...first time I ever looked at this?? Let me find English. Forget this...[plot] on the floor that one goes. Just one second let me get the forklift for this one..... :doubt: Staroffice Users Guide.............. FOUR HUNDRED AND FOURTY pages :eek: :eek: :D Not only is that a consumer product. That is a PC software product. :D
     
    Last edited: Dec 21, 2004
  17. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Nod32_9,
    Is that Hard Drive Cleaner is that the thing you use to clean your Cache. Please imo what a partical of bloat :rolleyes:

    20 meg of RAM vs. 7 meg of RAM I would like to see this one resolved I am considering O.P. 2.5 ;)
     
  18. nod32_9

    nod32_9 Guest

    It's called Cache Cleaner. Handy little tool. I could do the same with CrapCleaner, but then I have to add CrapCleaner to the auto launch list.
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Last time I used OP Pro 2.5.370.370 it used 32 megs of ram. CPU usage was light though.. but ram was way up there...
     
  20. nod32_9

    nod32_9 Guest

    I tested OP 2.5 with a virgin copy of WXP Pro SP1. That may explain why the memory load was ONLY 20 MB!
     
  21. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    That's the one! I have other stuff within other programs that take care of this task I just would rather not have that as part of my firewall. Sorry a reread of my post after your reply... :doubt: I did not mean to be so harsh.
     
  22. nick s

    nick s Registered Member

    Joined:
    Nov 20, 2002
    Posts:
    1,430
    If I bring up the Outpost GUI (2.5.370.370) after startup and minimize it again, my usage drops from 24000K to 2000K. After that, under normal usage, it ranges from 3000K to 7000K. The issue has been mentioned in the Agnitum forum. I do have most plug-ins disabled because I don't need them.

    Nick
     
  23. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Nick_s ,
    Ah the plug ins I was wondering just now what effect they might be having maybe that could explain this high RAM useage. Hmmm.
     
  24. nod32_9

    nod32_9 Guest

    Not sure if this is a bug in OP or by design.

    I only run the FW and the AV email scanner during boot. Therefore, the ZA Pro's automatic Cache Cleaner is important to me. I set the clean up interval to 1 day. However, I still feel that the user should have the option to omit this feature during the installation phase of the ZA FW.
     
  25. nod32_9

    nod32_9 Guest

    You can run OP 2.5 in "hidden" mode. You won't see the OP icon next to the clock, but the memory load will go down to 8 MB.
     
Loading...
Thread Status:
Not open for further replies.