 
CTCNetwork
join:2003-05-17
Notts
| Bye-Bye ZoneAlarm Sorry, but a security product, designed to protect your PC shouldn't be bugged with this sort of problem.:o
Hello Kerio, here I come.:D
--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~I drive a Volvo, Please Don't Get In My Way!I owe, I owe, 'tis off to work I go. . . . . . . . . | |
|
 | 
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Bye-Bye ZoneAlarm said by CTCNetwork  :
Sorry, but a security product, designed to protect your PC shouldn't be bugged with this sort of problem.
It's not entirely certain that ZoneAlarm is even doing this: what if some badware is doing it with data patterns designed to make it *look* like ZA was doing this?
Only time will tell...
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
| | |
| | |
keith2468
Premium,MVM
join:2001-02-03
Winnipeg, MB
| Maybe ZA had intended to plant a distro server on Maybe ZoneLabs had intended to plant a distro server on BBR to reduce the cost of distributing updates. 
Pretty strange though.
If it is a trojan trying to stop ZA updating, I'd expect it to try the same trick with other FW and AV software. | |
|
GujuGuy67
join:2003-07-28
Garland, TX | Compentant Security At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall). | |
|
| dave
Premium,MVM
join:2000-05-04
not in ohio
 ·Verizon Online DSL
| Re: Compentant Security said by GujuGuy67 :
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
There's one in every crowd, huh?
... and it's strange how they usually can't spell. | |
|
| |
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Compentant Security said by dave :
There's one in every crowd, huh?
at least he didn't spell "Microsoft" with a $ | |
|
| | | 
pcscdma
Chocobo Chocobo Random Battle
Premium
join:2004-01-14
Winterset, IA
clubs: | Re: Compentant Security at least this hasn't turned into a fight between Microsoft and Linu$ Torvald$' wares.
--
Be patriotic or I'm reporting you to Ashcroft. | |
|
| 
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| said by GujuGuy67 :
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
No, XP's firewall did exactly what it was designed to do; block unsolicited incoming connections. It just didn't do what you wanted it to do; block outgoing connections.
--
Japan-- Now with 30% more climbable telephone poles!! | |
|
| 
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Please give a specific example of what the Windows firewall fails to do. The only thing I can think of is that during startup there's a brief period of exposure before the firewall kicks in. I agree that this is a small problem but it's fixed in SP2.
--
Jimmysquid.com - I take pictures. | |
|
| | dave
Premium,MVM
join:2000-05-04
not in ohio
·Verizon Online DSL
| Re: Compentant Security said by Rhobite :
Please give a specific example of what the Windows firewall fails to do. The only thing I can think of is that during startup there's a brief period of exposure before the firewall kicks in. I agree that this is a small problem but it's fixed in SP2.
...and it's not clear that ZA does not have the same exposure (see Security forum posts passim). | |
|
| | | 
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA | Re: Compentant Security Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online. 
/linuxrave | |
|
| | | |
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Compentant Security said by SpitefulCrow :
Yay for system boot procedures that load firewall code and rulesets before any kind of network interface is brought online.
/linuxrave
<xprave>Yah for XP Service Pack 2, which does the same thing</xprave> | |
|
| | | | | |
| | | | | |
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA | Re: Compentant Security <xprave>Yay for firewalls that have more than two users</xprave> | |
|
| | | | | | keyboard5684
join:2001-08-01
Youngsville, PA | Windows firewall allows you to modufy it to "open ports" or do what you wish. | |
|
| | | | | | |
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
edit:
June 16th, @08:58PM
| Re: Compentant Security said by keyboard5684 :
Windows firewall allows you to modufy it to "open ports" or do what you wish.
The one in XP/SP2: yes. The older firewall really sucked (even though it did what it claimed).
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
| | | | | | | |
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs: | Re: Compentant Security Even the older one lets you open ports individually. | |
|
| | | | | | | | |
SpitefulCrow
Insert Witty Tag Here
Premium
join:2003-06-04
Berkeley, CA
| Re: Compentant Security said by Rhobite :
Even the older one lets you open ports individually.
Ooh wow, opening ports. That's so great.
iptables supports connection tracking and customized matching based on almost every field in the packet/frame. | |
|
| | | | | | | | | keyboard5684
join:2001-08-01
Youngsville, PA
 ·WestPAnet Inc.
 ·WestPAnet Inc. CA..
·Verizon Online DSL
| Re: Compentant Security iptables, a Linux thing. Completely off base. We are not talking about complex firewall operations (which in my opinion the FreeBSD ipfw is far superior to a simple iptables function in linux), we are talking about Windows firewalls.
Zone alarm compared to the Windows firewall that is built in. In my eyes the Windows firewall is better because it shuts up. I do not think you should have to watch a firewall, it should just do its job. How many people go through there firewall logs and actually do something about it?
PIX firewall can track and customize matching/action on every field of the frame. Even a Cisco router can do what you stated without the firewall feature set. Checkpoint firewall can do it all to. I can go on and on about how many different firewall setups are better but since you learned how to write an iptable rule congrats. | |
|
| | | | | | | | dumbTNtech
join:2003-04-29
Knoxville, TN
| Say what you will, I've been doing ISP support for four years now and I haven't seen the ICF keep anyone offline. I have seen Zone Alarm suddenly block ALL incoming and outgoing traffic for no apparent reason. Then it's a real pain to remove. The ICF in WindowsXP seems to do a very good job. The only situation where it's not helpful is when you have a trojan on your system letting someone or something in. Of course, that never happens to anyone here.......
--
"Don't try to explain computers to a layman-easier to explain sex to a virgin."-R.A. Heinlein | |
|
| 
Transmaster
Don't Blame Me I Voted For Bill and Opus
join:2001-06-20
Cheyenne, WY
edit:
June 16th, @01:02PM
| said by GujuGuy67 :
At least ZoneAlarm is somewhat competant at what it is designed to do... compared to say anything that Microsoft may make (i.e. Windows firewall).
Don't compare the lame Windows Firewall as it is now with
what in included on the SP-2 Beta it works as well as any software firewall I have used.
--
»www.gobpl.com | |
|
robnelle
Blowing Kisses To You All
Premium
join:2001-12-05
Indianapolis, IN
clubs:
edit:
June 16th, @11:51AM
| huh What did Zone Labs have to say about it? | |
|
dadkins
Go For It
Premium,MVM
join:2003-09-26
Hercules, CA
·Comcast
| One reason I switched That's one of the reasons I switched to Kerio 4.0.16. It seems that ZA just keeps having problems...enough so as to not to trust it. ZAP 4.5 did work well, but I'm happy with Kerio... for now.
--
When you've seen one nuclear war, you've seen them all. TheTechPub | |
|
netwire
Premium
join:2001-04-27
Mooresboro, NC | Hmm.. Solution: Enabled "Manually Check for Updates"... | |
|
|
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA
| Re: Hmm.. said by netwire :
Solution: Enabled "Manually Check for Updates"...
And pray that whatever is causing this actually pays attention to the setting.
--
Japan-- Now with 30% more climbable telephone poles!! | |
|
CPM
join:2001-08-24
Miami, FL | Nothing but Problems I had ZA two years ago and it is nothing but probems. Remeber a software firewall is only as good as the OS it is running on and Windows is not that secure. | |
|
| 
72276539
Premium
join:2001-01-19
Atlanta, GA
edit:
June 16th, @02:14PM
| Re: Nothing but Problems Wrong answer, sorry please try again. I have had plenty of problems with ZA but its not windows that writes the application. Its not windows that does the install routine nor is it windows that is phoning home. | |
|
|
|
Samwoo
join:2002-02-15
Rancho Palos Verdes, CA
edit:
June 16th, @12:24PM
| Wait? Zone alarm doesn't ever automatically install updates anyways. when there is an update they link you to their site where you must manually download and run the new install.
The only thing it does automatically is check for updates. | |
|
| 
nil
Java Geek
join:2000-11-27 | Re: Wait? Yes, but considering it thinks *we* are their site.. well.. doesn't appear to be very secure, does it?
--
Life is too short to be boring | |
|
Samwoo
join:2002-02-15
Rancho Palos Verdes, CA
edit:
June 16th, @12:24PM
| Hmm my browser didn't refresh properly...
is there any way i can delete this? | |
|
|
|
See 7 replies to this post |
|
mkbaird
join:2000-03-30
Colorado Springs, CO
·Qwest.net
| I'm wondering if this started with version 5, or are even the older versions doing this updating thing. I'm still using 4.5. I'm not updating to 5 until I hear more positive reports etc. Does anyone know if there PC has called the BBR's?
Marcus | |
|
|
Rhobite
Premium
join:2002-02-24
Cambridge, MA
clubs:
| Are we sure that this isn't some sort of trojan or other sort of spyware on the users' machines, that's made to look like ZA? After all the traffic is being blocked by ZA and I'd assume that ZA lets its own "real" traffic pass through. Are we sure that ZA is the source of this traffic, and not some other program that's running on the PC?
--
Jimmysquid.com - I take pictures. | |
|
|
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Question for folks who've been following If it *is* a Trojan or other badware, none of the anti-badware software is detecting it. Our users have been over the hills and through the woods looking for badware without any success.
Steve
--
Stephen J. Friedl * Security Consultant * Tustin, California USA * my web site | |
|
| | 
Smokey
I'm so much cooler offline
Premium
join:2003-05-20
Va Beach
clubs: | Re: Question for folks who've been following But when will we get to grandma's house? | |
|
| 
Owlbet
Ignite the Ice
Premium,MVM
join:2002-09-24
Palmer, AK
clubs:
·MTA Online
| said by Rhobite :
Are we sure that this isn't some sort of trojan or other sort of spyware on the users' machines, that's made to look like ZA? After all the traffic is being blocked by ZA and I'd assume that ZA lets its own "real" traffic pass through. Are we sure that ZA is the source of this traffic, and not some other program that's running on the PC?
I highly doubt that. Most of the MVMs, VIPS, Mods, Regulars & general lurkers, run pretty tight ships. We come loaded with our hosts files, Spybot, Spyware Guard, Hi-Jack This, Ad-Aware, various AVs & ATs, etc. I agree with the consensus here that there is a programming flaw in Zone Alarm that is causing this and not some undiscovered malicious payload piggybacking on Zone Alarm.
On a lighter note....Zone Alarm wants to read the Security Update Sticky in the Security Forum. 
--
Rocky is, was, and always will be Dawg E. Dawg. Miss you, pal. | |
|
|
|
See 7 replies to this post |
|
|
|
Steve
ho ho ho dammit
Consultant
join:2001-03-10
Yorba Linda, CA
| Re: Maybe... Just Maybe said by Maggs :
Why don't the site admins, set a redirection to the actual ZA update servers, that way it might get corrected.
Because "posting front-page news" on a busy site like BBR is much more likely to capture their attention | |
|
|
AcidLoops
join:2000-12-26
Ontario, CA | I got away from that crap and switched to the free version of sygate a year ago. | |
|
| 
LordSoth3
join:2003-05-29
London, KY | Re: ZoneAlarm sucks. x2, using Kerio 2.15 right now, have been for a few years for that matter.
No problems, does EXACTLY what I tell it to
Sygate, Outpost and Tiny are also very good. | |
|
richk_1957
If ..Then..Else
Premium
join:2001-04-11
Minas Tirith
| When I upgraded to 5, I noticed that, although I had told it not to contact zone labs, it tried to. And as I've had other issues with 5, I uninstalled it.
4.5 doesn't have this problem. I've had no problems there so that is where I am right now. | |
|
| 
PunkGod
join:2003-02-02 | I never liked ZoneAlarm I never trusted that program from the day it came out. I will allways use a hardware firewall. | |
|
| |
LordSoth3
join:2003-05-29
London, KY
| Re: I never liked ZoneAlarm Well, in all honesty I will stick with Kerio 2.15 I see really no other firewall that I need besides it at this point. How can you guys even compare Zone alarm to Kerio for that matter? With Kerio you control what is going in and out, bottom line!
Ditch the ZoneAlarm newbie firewall and go with something a little more advanced such as Kerio 2.15
Nuff said
And come on, comparing windows firewall to Kerio? There is no comparison, Kerio eats the windows firewall for lunch and then spits it back out and laughs.
Come on guys, you guys that know about packets, filtering, networking protocols and the such should be able to see that Kerio or Outpost is by far superior to windows firewall for Zone Alarm.
Zone Alarm is meant to be a newbie firewall, simple at that. Remember that next time you get hacked and you wish you installed and was running a hardware firewall or Kerio with proxomotron. | |
|
| |
Combat Chuck
Too Many Cannibals
Premium
join:2001-11-29
Erie, PA | Will that hardware firewall let you block a particular piece of software from phoning home?
--
Japan-- Now with 30% more climbable telephone poles!! | |
|
| | |
PunkGod
join:2003-02-02
| Re: I never liked ZoneAlarm said by Combat Chuck :
Will that hardware firewall let you block a particular piece of software from phoning home?
Yes but it doesn't have that problem. I'm using a cisco firewall. | |
|
| | | |
LordSoth3
join:2003-05-29
London, KY
| Re: I never liked ZoneAlarm I like Cisco You can be extremely strict with what you want to let out or in as with any application. I would say you can deny that program from phoning home pretty easily even with a software firewall if you know what you are doing. | |
|
|
|
|
Re: Bye-Bye ZoneAlarm
·
·
