Posted January 13, 3:00 a.m. PST Pacific Time, ROBERT X. CRINGELY http://www.infoworld.com/ A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a "bug" in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens. :) Hummer----- Original Message ----- From: "Nancy Kramer" <nekramer@xxxxxxxxxxxxxxx> To: "Greg" <full-disclosure2@xxxxxxxxxxxxxxxxx>; <full-disclosure@xxxxxxxxxxxxxxxxx>
Sent: Thursday, January 19, 2006 11:27 PM Subject: RE: [Full-disclosure] Re: Re: PC Firewall Choices
I have the paid ZA but I heard the free one was better. Have no idea about that but would never buy the paid version again. At least now I know what was happening. Will try to look for that feature and set it to the maximum minutes. I only have it on my laptop which only goes on the internet sporadically but generally goes on the internet on public wireless networks which I think may not be all that secure. Lots of times I am meeting with someone there and we talk and then lookup something on the internet. I could see how time could pass quickly and I might not touch the computer for awhile. Thanks for the explanation.Regards, Nancy Kramer At 10:10 PM 1/19/2006, Greg wrote:> -----Original Message----- > From: full-disclosure-bounces@xxxxxxxxxxxxxxxxx > [mailto:full-disclosure-bounces@xxxxxxxxxxxxxxxxx] On Behalf > Of Nancy Kramer > Sent: Friday, 20 January 2006 2:30 PM > To: Stan Bubrouski; full-disclosure@xxxxxxxxxxxxxxxxx > Subject: Re: [Full-disclosure] Re: Re: PC Firewall Choices > > > I admit I know nothing about firewalls but with ZA I have had > to shut it > down sometimes to go onto the internet. I have no idea why. > I just can't > get on and when I shut it down I can. >That'd be a well known and never fixed bug I reported to Zonelabs some yearsback now. It has a feature to automatically lock internet connection after so many minutes of inactivity. The length of time can be changed by theuser. What it REALLY did was cut off access to internet and any LAN you were on, isolating you entirely and never actually let go of it when the user wasback at the keyboard. Exiting ZA let that go and internet and lan wererestored. You have the option to turn that feature OFF but even that didn't stop the whole thing happening. So, about the only thing you could do was to set the auto lock as high as it could go and turn the feature off. It wouldstill go off after that many minutes had passed (which I believe is 999 in the PRO version and 99 in the free version) and lock you out again but it was delayed by that much, at least.You CAN set certain programs to pass by its' lock, however. So, if you havesome computers almost always chattering away on a distributed project but otherwise not touched, you could allow those programs to pass on even though, should you attempt to get out with a simple web browser (where it wasn't allowed to pass the lock), you cant. Saves some stuffing about on such machines and let's face it - the more "free" some company execs see, the more likely they are to use it. Surprising how many Windows based companies use free ZA. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/ -- No virus found in this incoming message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006-- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.1.375 / Virus Database: 267.14.19/231 - Release Date: 1/16/2006 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.htmlHosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/