Zone Alarm upgrade yields less user control...

Discussion in 'other firewalls' started by LowWaterMark, Nov 20, 2003.

Thread Status:
Not open for further replies.
  1. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    The recent release of a new version of the Zone Alarm software firewall (see this Update Alert regarding version 4.5) lowers the level of user control within the application in a single regard, that being the control of Automated Product Update Checks.

    Previous versions of Zone Alarm had an option within the user interface to set "Check for product updates:" to either "Automatically" or "Manually". With the v4.5 release this choice has been removed. The function is now permanently set to "Update checks are automatic for your protection."

    Clearly this will not be a problem for the people who use automated update processes on their systems. However, for people who prefer to check for updates manually and who like to fully control these processes and their software, this may be a concern.

    Automated update checks appear to be done at least once per session. Zone Labs has a workaround to prevent automated update checks. It involves setting the following two options: "Alert me with a pop-up before I make contact" and "Disable check for update backup channel". Once this has been done, the update checks will still be attempted but the user will be given a pop-up window to which they can respond "Do not send", effectively blocking the operation.

    The issue with this solution is that the user has to respond to this popup at least once per session. A better solution would be to return the user interface option for setting updates to manual. At the very least, this functionality should be returned to those people who have purchased one of the commercial products (ZAplus or ZAPro).

    In my opinion this change by Zone Labs is a mistake. Some people like to control their systems and applications as much as possible. Removing one level of control because they think it is for our own good is an arrogant position to take, especially given that we are the paying customers. This move causes me to lower my opinion of the Zone Alarm product set. While to me this is not a make or break level issue, it is important enough that from this point forward I will include this issue in any responses made to questions asking for recommendations involving Zone Alarm.

    To the best of my knowledge this is Zone Labs current position on this issue:

    http://download.zonelabs.com/bin/updates/cfu.html

    Update
    There appears to be another possibly more effective workaround for this issue, however it is not supported by Zone Labs! It is posted here. The workaround involves modifying an undocumented registry key to disable automatic updates. This is the same registry key that in past versions of ZA was changed when the user switched from automatic to manual update checks. Users who attempt this must understand that they do so at their own risk.
     
  2. sig

    sig Registered Member

    Joined:
    Feb 9, 2002
    Posts:
    716
    FWIW I also think it's a rather amazingly paternalistic move on ZL's part. (Not my first choice of words, but this is at least within the TOS of this site.) ZA is not an AV having or requiring almost daily updates that warrant per session update checks or nagging popups.

    Now this may be at most a minor irritation for those whose PC's are virtually on 24/7 with only a rare occasional reboot. But for those of us who boot up at least once daily or perhaps more often than that, it'll be a frequent reminder of how ZL evidently doesn't want us (or believe us to be capable enough) to be in charge of our own computing practices and the behavior of apps that run our PC's.

    If this "functionality" were limited to the freeware version (arguably the version used by most newbies or the kinds of folks ZL evidently thinks need this sort of pestering...although ZAF is by no means only used by neophytes) that would be one thing and bad enough. But to pay for a product and then to be told that I can't even disable a per session popup and attempt to check for nonexistent updates is a bit much IMO.

    I wonder how many people will not install this version or will roll back to an earlier version as a result of this move on ZL's part? Seems counterproductive to me. To date I haven't installed the update and likely will wait to see if they reconsider this....bonehead....move.
     
  3. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    The following is an exact copy and paste of the email that I received earlier this evening.

    Hello--

    There's been a lot of discussion about Zone Labs' implementation of the
    "Check for Update" feature in the new versions of ZoneAlarm, ZoneAlarm
    Plus, and ZoneAlarm Pro. We've heard your feedback that you want an
    easier way to completely disable--at your choice--"Check for Update".

    Obviously, we recommend that you always run the most up-to-date security
    products. However, the choice of how to check for such updates is
    entirely your decision--whether automatic or manual.

    So--we'll be making changes in our products. Engineering has to review
    and confirm the various timeframe and implementation options. When
    that's done--early next week--we'll report back to let you know what's
    going to happen when.

    Thanks for your patience and your feedback!

    --Corey

    Corey Bridges
    Chief Editor of E-Communities
    Zone Labs, Inc.
     
  4. LowWaterMark

    LowWaterMark Administrator

    Joined:
    Aug 10, 2002
    Posts:
    17,875
    Location:
    New England
    Good news. Thank you Marti. :cool:
     
  5. marti

    marti Registered Member

    Joined:
    Mar 25, 2002
    Posts:
    646
    Location:
    Houston, Texas, USA
    Update on the issue

    Zone Labs will be changing the "Check for Update" functionality in the
    ZoneAlarm family of products. Due to the strong feedback we have
    received from users, we are going to offer an easy way to switch "Check
    for Update" from automatic to manual control.

    Best of all, we will ALWAYS offer manual "Check for Update" control in
    all future versions! In the next few weeks, we'll release new versions
    of ZoneAlarm, ZoneAlarm Plus, and ZoneAlarm Pro that reflect this
    change.

    As we've stated before, it's especially critical that you keep your
    security software updated. Our "Check for Update" feature was designed
    to balance the needs of at least two groups of users: security experts
    and novice computer users. We had found that many novices had
    inadvertently disabled automatic "Check for Update", leaving themselves
    potentially vulnerable. We wanted to prevent that from happening. We
    sincerely apologize that our implementation offended and alarmed the
    security experts. We think we have the balance right in the updated
    products we're building right now.

    By the way, there are erroneous reports that Zone Labs actually sends
    you software automatically, or changes your software automatically. That
    has never been the case. "Check for Update" merely informs you that a
    new version is available. Whether or not to download and install it has
    ALWAYS been your explicit choice.

    Thank you very much for your continued support and trust in Zone Labs
    software--we hope always to be worthy.

    Zone Labs
     
  6. nameless

    nameless Registered Member

    Joined:
    Feb 23, 2003
    Posts:
    1,184
    If some careless users were inadvertently disabling automatic update checks, all Zone Labs had to do was have a dialog pop up warning users whenever that option was disabled. Problem solved. (And if they're careless enough to still screw up the automatic update checking setting, I'd bet good money the rest of their firewall configuration is hosed, too.)

    I have heard "We'll have an update, soon" from Zone Labs before. As a result, I don't believe it. So, I'm going to send an email about the automatic update setting anyway.
     
Thread Status:
Not open for further replies.