Full Disclosure mailing list archives
Re: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home]
From: "Ivan ." <ivanhec () gmail com>
Date: Tue, 7 Feb 2006 19:07:48 +1100
a refresh of what zonealarm had to say.
Despite the value of these services to our customers, we realize that a very limited number of users do wish to disable all communication and cut off all updates - even though this will weaken their security. We've done our best to accommodate these users over the years. We do currently have an issue where ZoneAlarm continues to ping a server when in fact a user has asked it to be disabled. It will be fixed as soon as possible.
and this is what Cringely was saying, that zonelarm is communicating with zonelabs.com even when the phone home options were disabled. Hence the workaround to edit the hosts file so all comms to zonelabs.com will be sent to the loopback address. No whether Cringely is spreading bullshit, as Dave thinks, is a matter for all the people on the list to decide for themselves. I sent the article to list as a FYI, so if you have a problem with the article send a email to the frikin editor. letters () infoworld com ************************************************************************* Fellow Full-disclosure readers: Zone Labs would like to clarify what's actually going on with communication to the Zone Labs servers. Please note, as with other security software, if you disable this communication, you will not get antivirus/antispyware signature updates, product updates, etc. There is a work-around to disable all communications to the Zone Labs servers -- along with other details included below if you are sure you want to disable the communications. [This is the press statement, but it includes information relevant to FD readers] A recent report in Infoworld included information that may be misleading, and we would like to assure all of our customers that the integrity of our security solutions and the privacy of our users are not only intact but of the utmost importance to us. To clarify, in order to ensure that users have up-to-date protection, the ZoneAlarm product family relies not only on powerful desktop technology but also a central server-based infrastructure. Security software is no longer a self-contained program that can be updated annually. For example, the ZoneAlarm SmartDefense Advisor service allows us to block rapidly propagating malware trying to enter a user's system - long before a signature can be written. These communications are not only essential to the effectiveness of our products, they are a significant part of the reason why most customers purchase our software. The only way to deliver those updates is to maintain some level of communication between the software on a user's PC and the Zone Labs servers. If a user disables that communication, they can significantly compromise the protection offered by their ZoneAlarm product. Our customers need their anti-virus product to update regularly. They want to know if a newly discovered keylogger is trying to install on their computer. Despite the value of these services to our customers, we realize that a very limited number of users do wish to disable all communication and cut off all updates - even though this will weaken their security. We've done our best to accommodate these users over the years. We do currently have an issue where ZoneAlarm continues to ping a server when in fact a user has asked it to be disabled. It will be fixed as soon as possible. For any users who are concerned about this communication between the user's PC and the Zone Labs servers, it is important to note that Zone Labs does not infringe upon the privacy of our customers. We don't save personal information. We don't do many other things that legitimate software companies do to enhance their marketing efforts, like use persistent Web cookies. This conservative approach is intentional because we take privacy extremely seriously. The actual communication in dispute is a GET request that is checking to see if the user's security software is current. We will continue to work with Mr. Borck and anyone else who might have any concerns about this issue. How to Disable ZoneAlarm Server Communications: http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html If you would like to report issues with Zone Labs software, please contact: security () zonelabs com Thanks, Zone Labs Security Team _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: Re: ZoneAlarm phones home Dave Korn (Feb 03)
- Re: Re: Re: ZoneAlarm phones home Ivan . (Feb 05)
- According to Ivan, the secret ZA phone-home server is located at 127.0.0.1 [was Re: Re: Re: ZoneAlarm phones home] Dave Korn (Feb 06)
- Re: According to Ivan, the secret ZA phone-home server is located at 127.0.0.1 [was Re: Re: Re: ZoneAlarm phones home] Frank Knobbe (Feb 06)
- Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re: Re: ZoneAlarm phones home] Dave Korn (Feb 06)
- Re: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re: Re: ZoneAlarm phones home] Ivan . (Feb 06)
- RE: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home] Greg (Feb 06)
- Re: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home] Ivan . (Feb 06)
- Re: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home] Ivan . (Feb 07)
- According to Ivan, the secret ZA phone-home server is located at 127.0.0.1 [was Re: Re: Re: ZoneAlarm phones home] Dave Korn (Feb 06)
- Re: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home] Dave Korn (Feb 07)
- Re: Re: Re: According to Ivan, the secret ZA phone-homeserver is located at 127.0.0.1 [was Re: Re:Re: ZoneAlarm phones home] Ivan . (Feb 07)
- Cringely's FUD-spreading leads to broken workarounds being suggested Dave Korn (Feb 09)
- Re: Re: Re: ZoneAlarm phones home Ivan . (Feb 05)