Home page logo

fulldisclosure logo Full Disclosure mailing list archives

Re: ZoneAlarm phones home
From: "Zone Labs Security Team" <security () zonelabs com>
Date: Fri, 27 Jan 2006 17:34:09 -0800

Fellow Full-disclosure readers:

Zone Labs would like to clarify what's actually going on with
communication to the Zone Labs servers. 

Please note, as with other security software, if you disable this
communication, you will not get antivirus/antispyware signature updates,
product updates, etc.   

There is a work-around to disable all communications to the Zone Labs
servers -- along with other details included below if you are sure you
want to disable the communications.

[This is the press statement, but it includes information relevant to FD

A recent report in Infoworld included information that may be
misleading, and we would like to assure all of our customers that the
integrity of our security solutions and the privacy of our users are not
only intact but of the utmost importance to us. 

To clarify, in order to ensure that users have up-to-date protection,
the ZoneAlarm product family relies not only on powerful desktop
technology but also a central server-based infrastructure. Security
software is no longer a self-contained program that can be updated
annually. For example, the ZoneAlarm SmartDefense Advisor service allows
us to block rapidly propagating malware trying to enter a user's system
- long before a signature can be written. These communications are not
only essential to the effectiveness of our products, they are a
significant part of the reason why most customers purchase our software.

The only way to deliver those updates is to maintain some level of
communication between the software on a user's PC and the Zone Labs
servers. If a user disables that communication, they can significantly
compromise the protection offered by their ZoneAlarm product. Our
customers need their anti-virus product to update regularly. They want
to know if a newly discovered keylogger is trying to install on their

Despite the value of these services to our customers, we realize that a
very limited number of users do wish to disable all communication and
cut off all updates - even though this will weaken their security. We've
done our best to accommodate these users over the years. We do currently
have an issue where ZoneAlarm continues to ping a server when in fact a
user has asked it to be disabled. It will be fixed as soon as possible.

For any users who are concerned about this communication between the
user's PC and the Zone Labs servers, it is important to note that Zone
Labs does not infringe upon the privacy of our customers. We don't save
personal information. We don't do many other things that legitimate
software companies do to enhance their marketing efforts, like use
persistent Web cookies. This conservative approach is intentional
because we take privacy extremely seriously.

The actual communication in dispute is a GET request that is checking to
see if the user's security software is current. We will continue to work
with Mr. Borck and anyone else who might have any concerns about this

How to Disable ZoneAlarm Server Communications: 

If you would like to report issues with Zone Labs software, please
security () zonelabs com 

Zone Labs Security Team
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]