-
We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.
'Zonealarm spying on customers - ZA describes it as just a 'bug'...'
- Thread starter Diasper
- Start date
KB
Diamond Member
From the article " The "bug" seems to be present in the retail version of Zone Alarm, so there?s no telling what the freebie gets up to.". So those with the paid for version are affected to.
This is why I have a linux box at all. Builtin open source firewalls/media players etc. that don't report your behavour to the highest bidder. Windows is full of this spying stuff.
This is why I have a linux box at all. Builtin open source firewalls/media players etc. that don't report your behavour to the highest bidder. Windows is full of this spying stuff.
ShadowBlade
Diamond Member
/switches back to sygate
Update
http://www.theinquirer.net/?article=29254
ZA: ~We take privacy seriously. The bug is just part of a routine check whether the customer is using the latest software.
http://www.theinquirer.net/?article=29254
ZA: ~We take privacy seriously. The bug is just part of a routine check whether the customer is using the latest software.
Useful blog entry here:
http://iggyz.com/blog/_archives/2006/1/23/1719960.html
If you can make it all the way through the lack of paragraph breaks it follows on the basic along the lines of nothing to worry about.
That said if for anyone still feeling funny you can disable the firewall contacting home - editing the hosts file should be one way of doing it.
Just out of interest what is the best firewall these days - paid or otherwise?
http://iggyz.com/blog/_archives/2006/1/23/1719960.html
If you can make it all the way through the lack of paragraph breaks it follows on the basic along the lines of nothing to worry about.
That said if for anyone still feeling funny you can disable the firewall contacting home - editing the hosts file should be one way of doing it.
Just out of interest what is the best firewall these days - paid or otherwise?
DaveSimmons
Elite Member
This is suspicious, a check for update only needs to retrieve information not send it.
Our company just does an HTTP GET to a static web page.
Our company just does an HTTP GET to a static web page.
DaveSimmons
Elite Member
No, we just get the latest version available from the server, there is no reason why our software needs to send its own version.
For example, you're running FooBar 1.1.12, you send an HTTP GET to the server (which does NOT need to include anything beyond a URL for a page on the server) and get back a response saying the latest version is 1.1.16. FooBar decides .16 is higher than .12 and tells the user an update is available.
I'm not saying this is the only way version checks can work, just showing that they can be done sending zero information beyond a static page request like GET www.foobar.com/folder/version.htm with empty body and no cookies. We have tens of thousands of users doing it now.
Btw didn't the original author say (from whom this whole debacle started) that there was quite a significant amount of data sent - from files growing rather quickly. I may be wrong but I certainly don't know how that would factor in.
If true that doesn't seem readiy explanable/fit into the explained reason. That said this lies outside my area of expertise.
If true that doesn't seem readiy explanable/fit into the explained reason. That said this lies outside my area of expertise.
ShotgunSteven
Lifer
ZoneAlarm screwed up my system so bad I had to reformat. I refuse to use their product again.
Doom Machine
Senior member
omg..here comes the paranoid freaks
its not like some men in black are going to show up at your door, its not like your suddenly going to lose all your assets and be on the run from the government, you all watch too many movies lmao
its not like some men in black are going to show up at your door, its not like your suddenly going to lose all your assets and be on the run from the government, you all watch too many movies lmao
DaveSimmons
Elite Member
No I work for Respondus, Inc.
I was explaining that a check for update system does not need to send any information to the server, and certainly does not need to send large amounts of encrypted information.
In other words, the ZA folks may be lying.
If they wanted to show their innocence they could reveal the encryption method and private key used so that outsiders could decode the encrypted data and see whether it is more than a version number.
DaveSimmons
Elite Member
True, which is why I mentioned a static page URL, empty body, and no cookies. For completeness I should add no custom headers are sent either 🙂
If you used a packet sniffer on my company's check for update you'd see it GETs an HTM page not a CGI page and that notihing else is sent besides stock browser headers.
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 25K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 24K
-
-
