Jump to content

Who else uses Zone Alarm?


Sparda
 Share

Recommended Posts

Esentialy yes, but it's what it might be sending home that is worrying.

yehh =|

any other open source firewalls?

so we can dump ZA

Agreed, but I realy do need out bound control, and ZA Pro (at least) offers what I have found to be the best.

Link to comment
Share on other sites

bit of googleing

No phoning home

By Paul Hales: Friday 10 February 2006, 09:36

JIM BORCK of Infoworld having originally caught Zone Alarm 'phoning home', was kind enouh to send us the following work-around to stop the firewall connecting to four remote servers for whatever reason.

Jim's fix is better than the one we suggested previoulsy, as it only blocks Zone Alarm's connections to those servers which do only Zone Labs knows what.

To implement the fix, add the following to your Hosts file:

127.0.0.1 cm2.zonelabs.com

127.0.0.1 hs2.zonelabs.com

127.0.0.1 ls2.zonelabs.com

127.0.0.1 pa2.zonelabs.com

Thanks Jim. µ

http://www.theinquirer.net/?article=29616

Link to comment
Share on other sites

Yes, thats how I blocked ZA from accessing zonelabs.com (if you had read my blog carfully enogh you would have seen that ;)), and thats what lead me to finding that registar.asp entrie, becasue insted of setting the DNS entrie to point to no where, it points to my web server...

Link to comment
Share on other sites

OMG! Things have got worse, and whats worse, some thing else suspisiuse is happening!

First off, even when zonealarm is OFF, compleatly OFF, my computer still keeps querying my DNS server for Zonelabs.com! And whats worse every so offten my computer keeps sending a TCP packet or two to a ID address some where in russia, notably it was on a bittorrent port, but when i "collected" these packes bittorrent was thougholy off and my bitorrent port range on my router was closed!

I'm going to perform further tests and see what happens.

Link to comment
Share on other sites

The trafic to that IP on the bittorrent port has cessed (residual trafic???), but why was it there when bittorrent was off and ports on router where closed? I admite now that my reation was a bit over the top (i'm not afrade to admite when i get things wrong), it turns out that the querys where not DNS querys but NBNS (NetBIOS naming service) querys, but why is windows trying to use NBNS to resolve zonelabs.com?

Link to comment
Share on other sites

Hey,

My suggestion is to try and find out a few more facts before jumping to conclusions. If you can "sniff the line" (a skill i dont' have - yet) and build a profile of what your actions cause ZA to do, you will know if it is dialing home or just "auto-updating" or whatever.

A few other things to try might be to use some the sysinternal tools (tcpmon, diskmon come to mind) to see what program/process is triggering the network activity. Perhaps look at an outbound firewall connected to your NIC, I know some Nforce boards have them.

I hear Kerio personal FW is good, but i use ZA now, but that may change....

finally, just because a process is called "Zonealarm.exe" doesn't mean it is from ZA.... If i was going to write malware, i wouldn't call it malware.exe, but rather windowsupdate.exe or McAfee.exe or whatever.

Keep us informed, i will probably look at my install tonight..

Link to comment
Share on other sites

  • 2 weeks later...

grr... Sparda - would've checked out your blog, but I have IE atm, so no go... however, I read this thread with interest...

I've heard lots of funny things about ZA along my 'net travels, but I find it odd that no matter how many times I install ZA on my machine - it disappears... gone... no sign of it...

however, even with no visible sign (no tray icon, no config windows etc... it appears to be uninstalled) it still seems to be active - I used it with my Win XP SP0 fw off because the XP fw was playing at blocking traffic, so I used ZA (which worked)... though since its mysterious disappearance it still seems to be working - and still with the configuration it was last set to - maybe I missed something and turned something off but I don't remember doing so and without touching any related settings after a totally normal reboot it just... well... disappeared...

still, I guess since I don't use it any more it doesn't really matter lol... I'd be interested to hear how your situation ends up though... if you find out what it's sending, do tell!

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...