'Zonealarm spying on customers - ZA describes it as just a 'bug'...'
- Thread starter Diasper
- Start date
KB
Diamond Member
- Nov 8, 1999
- 5,406
- 389
- 126
From the article " The "bug" seems to be present in the retail version of Zone Alarm, so there?s no telling what the freebie gets up to.". So those with the paid for version are affected to.
This is why I have a linux box at all. Builtin open source firewalls/media players etc. that don't report your behavour to the highest bidder. Windows is full of this spying stuff.
This is why I have a linux box at all. Builtin open source firewalls/media players etc. that don't report your behavour to the highest bidder. Windows is full of this spying stuff.
From what the articles and what other people are saying - very probably.
Woah, Checkpoint has an office in my building. I should go ask them what the deal is.
Lol. Yeah go up there and demand people's data back
Update
http://www.theinquirer.net/?article=29254
ZA: ~We take privacy seriously. The bug is just part of a routine check whether the customer is using the latest software.
http://www.theinquirer.net/?article=29254
ZA: ~We take privacy seriously. The bug is just part of a routine check whether the customer is using the latest software.
Useful blog entry here:
http://iggyz.com/blog/_archives/2006/1/23/1719960.html
If you can make it all the way through the lack of paragraph breaks it follows on the basic along the lines of nothing to worry about.
That said if for anyone still feeling funny you can disable the firewall contacting home - editing the hosts file should be one way of doing it.
Just out of interest what is the best firewall these days - paid or otherwise?
http://iggyz.com/blog/_archives/2006/1/23/1719960.html
If you can make it all the way through the lack of paragraph breaks it follows on the basic along the lines of nothing to worry about.
That said if for anyone still feeling funny you can disable the firewall contacting home - editing the hosts file should be one way of doing it.
Just out of interest what is the best firewall these days - paid or otherwise?
This is suspicious, a check for update only needs to retrieve information not send it.
Our company just does an HTTP GET to a static web page.
Our company just does an HTTP GET to a static web page.
that's what they said. "the communication in dispute is a simple encrypted GET..". the only information it's sending, according to them, is the request.
No, we just get the latest version available from the server, there is no reason why our software needs to send its own version.
For example, you're running FooBar 1.1.12, you send an HTTP GET to the server (which does NOT need to include anything beyond a URL for a page on the server) and get back a response saying the latest version is 1.1.16. FooBar decides .16 is higher than .12 and tells the user an update is available.
I'm not saying this is the only way version checks can work, just showing that they can be done sending zero information beyond a static page request like GET www.foobar.com/folder/version.htm with empty body and no cookies. We have tens of thousands of users doing it now.
Btw didn't the original author say (from whom this whole debacle started) that there was quite a significant amount of data sent - from files growing rather quickly. I may be wrong but I certainly don't know how that would factor in.
If true that doesn't seem readiy explanable/fit into the explained reason. That said this lies outside my area of expertise.
If true that doesn't seem readiy explanable/fit into the explained reason. That said this lies outside my area of expertise.
Really? It's not that bad is it? I havent used it since v5, but back then it was quite lightweight and easy to install/uninstall.
DaveSimmons works for Chckpoint?
omg..here comes the paranoid freaks
its not like some men in black are going to show up at your door, its not like your suddenly going to lose all your assets and be on the run from the government, you all watch too many movies lmao
its not like some men in black are going to show up at your door, its not like your suddenly going to lose all your assets and be on the run from the government, you all watch too many movies lmao
I've never cared for their products. If you have a little common sense you don't need to use a software firewall anyhow. It's one less piece of software that has to run in the background and annoy you with messages.
No I work for Respondus, Inc.
I was explaining that a check for update system does not need to send any information to the server, and certainly does not need to send large amounts of encrypted information.
In other words, the ZA folks may be lying.
If they wanted to show their innocence they could reveal the encryption method and private key used so that outsiders could decode the encrypted data and see whether it is more than a version number.
Technically data could be transmitted using a GET command too.
GET /server/file?myversion=5.1145?mycreditcardnumber=11111111111111111111
The server knows your credit card number, and it's just a GET command.
GET /server/file?myversion=5.1145?mycreditcardnumber=11111111111111111111
The server knows your credit card number, and it's just a GET command.
True, which is why I mentioned a static page URL, empty body, and no cookies. For completeness I should add no custom headers are sent either
If you used a packet sniffer on my company's check for update you'd see it GETs an HTM page not a CGI page and that notihing else is sent besides stock browser headers.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 23K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter