ZoneAlarm is spyware???!!!
j...@freedom.net
Much deeper problem with ZoneAlarm than I had suspected...
But I have another beef with ZoneAlarm - it leaks web bugs info! I've been
using ZA shortly after getting my broadband connection two years ago. I
switched from Conseal PC Desktop, because ZA also prevents outgoing
connection attempts (or so I thought) and was also easier to use (and
free!).
I switched again after I installed the Zero-Knowledge Freedom 2.0 Internet
Privacy Suite (www.freedom.net) which comes with a ZA-like firewall
component. What I immediately noticed, when running ZKS Freedom, were the
incidents of incoming HTML e-mail messages containing 'spyware' image bugs
served from the home site server. So, for example, when opening or
previewing an HTML e-mail newsletter, Freedom would ask me: "Do you want
Outlook Express to act as a server?" message. Huh?? I thought ZoneAlarm had
been stopping this from happening!!
Guess not - ZA is truly an application-specific (and not rules-based)
firewall - you either accept all the activities of a given program, incoming
and outgoing -- or not. I had Outlook Express set up in ZA to bypass the
filters and locks but instructed it not to act as a server. More fool me, I
guess. Maybe the solution is to ditch Outlook Express and get back to
Eudora. One thing is for sure, after reading the conspiracy posting for ZA
below, I'll not use it again until I'm damn sure it's doing a good job
protecting my privacy.
-jqc
"Thisnumbr1" <thisn...@aol.comwrote in message
news:20010215150647...@ng-mg1.aol.com...
Here is a timely repost from not quite a year ago.
Forget Gibson's OPTOUT!(or anything else of his for that matter-my opinion)
www.GRC.com(Gibson Research Company)
You can download the latest version of Ad-aware v4.51 (freeware) (4 Stars in
my
book) from www.lavasoft.de/aaw/index.html to scan your system for the
following
list of "spyware":
Adware,
Alexa,
Aureate/Radiate(whatever they call themselves nowadays) v's1.0, 2.0, and
3.0,
Cydoor,
Conducent/Timesink v1.0 and 2.0,
CometCursor (Real networks) v1.0 and 2.0,
DssAgent (Broderbund I believe),
Flyswat,
Gator,
Web3000,
or Webhancer.
Considerably more than just Aureate v1.0!
Remember all you "Wintellers" to delete MS's own fine spyware piece -
Rpcss.exe (Distributed Com Services)
from your computer - C:\windows\system folder.
Subject: Zone Alarm: TROJAN disguised as FIREWALL?
From: "Bill" mailto:xx...@xxxx.INVALID
Newsgroups:news:comp.security.firewalls, news:alt.privacy,
news:alt.binaries.cracks
Date: Sun, 12 Mar 2000 04:34:51 -0000
I have been very interested in the suggestion tonight by Ed Starry in
comp.security.firewalls that Zone Alarm may be a trojan disguised as a
firewall. That's a bold suggestion, but maybe the guy's got a point. The
posts have been brief, and not too focussed, but it got my curiosity up.
So I've been checking it out. I here report my preliminary findings.
Let us learn from the Aureate affair. The Aureate "spyware" was essentially
the advertising plugin advert.dll (there were apparently others, but this is
the only one that slipped onto my system unannounced and without an
uninstall program). So tonight I have looked to see what DLLs the process
known as Zone Alarm actually uses. It's too early to say that Zone Alarm
*is* a trojan....er... sorry..... "media plugin"....disguising itself as a
firewall, but I for one have found out enough tonight to concern me
considerably. I have taken the precaution of improving my Conseal ruleset
and have got rid of Zone Alarm altogether.
At the end of this post I include a complete list of the DLLs used by Zone
Alarm on my own system.
Preliminary thoughts: VSMONAPI.DLL is described as "TrueVector Client
Interface"; VSUTIL.DLL is "TrueVector Service"
The technology used by Zone Alarm, made by Zone Labs, is "TrueVector".
Now, according to their own very telling webpage at the Zone Labs site:
http://www.zonelabs.com/presspatent.htm
"Licensees of TrueVector include Media Metrix, Inc. (NASDAQ: MMXI), the
pioneer and leader in Internet and Digital Media Measurement, as well as
Tibco Software, Inc."
I've just visited the Media Metrix website:
http://www.mediametrix.com/About/Aboutwwx.html
Quote from the above webpage: "Media Metrix will provide the ability to
gauge Internet audience behavior on a worldwide scale - a critical tool
for effective advertising and marketing planning for any global company
today."
Now look at this, another direct quote: "The company utilizes its patented
metering methodology to measure actual Internet and digital media audience
user behavior in real-time - click-by-click, page-by-page,
second-by-second."
How would they manage that then? Hmmmmm..........
More about Media Metrix: "Over 600 clients - advertising agencies, media
organizations, marketers, technology providers and financiers - use Media
Metrix data regularly to plan, buy and sell new media advertising; develop
advertising, marketing and e-commerce strategies; understand consumer
behavior; gain competitive market intelligence; and for investment
decisions."
They sound like our friends don't they, hmmmmmm...........
According to the page at Zone Labs: "We chose to incorporate TrueVector
into our product because its technology was capable of telling our program
when another Internet application is in the foreground," said Mark L.
Lambert,
Senior Architect, TIBCO Software, Inc. "This allows us to improve our user
experience by pushing data down to the client only when the user isn't
actively browsing the Web."
pushing data down to the client.....? hmmmm.......
Gregor Freund, President of Zone Labs, says: "TrueVector is the first
client/server platform to meet these demands as it offers the most flexible
and effective method of building Internet intelligence into applications."
Building Internet intelligence into applications??? What exactly does that
mean?
Apparently it means:
"Built with a focus on time-to-market and ease of integration, TrueVector
provides its advanced Internet sensing and traffic monitoring features in a
modular fashion, which can be adapted to a variety of specific customer
needs. Using TrueVector lets developers focus their efforts on building
innovative new solutions, rather than on the mechanics of monitoring
Internet activity."
hmmmm.... not looking good so far
now Ed Starry pointed out the Iamdb.rdb file to be found under
Windows/Internet Logs, that swells and swells for no apparent reason (seeing
as Zone Alarm 2 [not the new beta] does not have a logging function in the
sense that we would understand of a traditional firewall). My iamdb.rdb file
is already 487KB and is full of encoded data about ALL of the applications
running on my PC, even those that don't have any internet activity. Some
may say, well it needs info on all applications, it's a firewall--but does
it, Conseal doesn't have such an interest in all the applications on my PC.
To repeat, according to TIBCO, TrueVector technology "was capable of telling
our program when another Internet application is in the foreground". But why
should that be important to them? Take another look: "This allows us to
improve our user experience by pushing data down to the client only when the
user isn't actively browsing the Web." Remember, Zone Alarm is geared at
those who have their internet connections open all the time. So they are
monitoring when you are actively browsing the web, waiting for a time when
you are not--READ: so they can do something when you aren't looking. So, to
Tibco, TrueVector technology is of great interest to them simply because it
tells them this. And what was that the President of Zone Labs said:
"....advanced Internet sensing and traffic monitoring features...." Is that
a firewall he's talking about d'you think? A firewall monitors for US, but I
get the impression Zone Alarm is monitoring for THEM, with an idiot's
firewall thrown in to make you want to use it.
From the Zone Labs URL given above: "TrueVector provides a flexible and
scalable method to conduct real-time monitoring of all Internet data
exchanges on a personal computer. Due to the granularity of information
collected and the fine-grained level of control that TrueVector allows...."
HANG ON! STOP THERE!!!
*the granularity of information collected*....... ?? So it collects
information? Let me see if I've got this, they give out a free firewall to
protect us from attacks by hackers and malicious trojans, and, in return,
because there is no such thing as a free lunch, TrueVector collects
information....presumably via the two DLL "media plugins" mentioned above.
Have I got that right.... and the firewall stops Trojans right? So.... am I
getting this, it collects information, but there's no way for Media Metrix
or Tibco to get their hands on it because.... we've got a firewall
right....? Clever! And, as Steve Gibson points out, if we have Zone Alarm we
don't need any *other* firewall because ZA is fully stealthed, he in fact
uses it on its own he's so impressed. We can see how good it is for
ourselves by doing a Shields Up! and Ports Probe test at his website. How
much is he worth these days? The Zone Alarm site has a link to Gibson's
site. Not that I'm suggesting..... far be it from me to say.....
Starry says: "I installed ZA v2.1.1 yesterday and the <Iamdb.rdbfile
already exceeds 155 KB. After installing and configuring ZA this file was
only 54 KB. What is this extra 100 KB being used for, it surely isn't needed
for configuring because that's already been done."
He should think himself lucky, I have over 400KB of extra data and didn't
even know about the Iamdb.rdb file until tonight. Perhaps someone would care
to decrypt their Iamdb.rdb and let us all know what it says. Oh, and does
Iamdb stand for "I am database"? Just a thought.......
Let's go and visit Tibco Software Inc. Oh, the CEO's written a book:
http://www.powerofnow.com
Ranadive authored "The Power of Now: How Winning Technologies Sense and
Respond to Change Using Real-Time Technology."
And he's been interviewed: ""In the infrastructure space, there's a whole
stack of software you need if you're selling goods and services online," he
says. "We've greased the whole value chain. Our technology, for instance,
slides right into an Oracle database. It's being embedded right into Cisco's
routers and hubs.
http://cbs.marketwatch.com/archive/20000128/news/current/stwatch.htx
So, basically, our friendly firewall Zone Alarm is in bed with Tibco (who
like greasing the whole value chain and embedding real-time technology)
and Media Metrix (who want to know you on a click-by-click basis).
As for Steve Gibson, well...........(ROTFLMAOBT!!!-my comment)
Here's those DLLs, most are Microsoft, but with so much "embedding" going
on I've left in the version numbers. The read-out was provided by DLLView,
freeware from www.sysinternals.com
Process: C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
Base Size Version Time Path
0x58C0000 0x7000 1.05.0000.2000 6/2/99 09:16
C:\WINDOWS\SYSTEM\CPHOOKS.DLL
0x11C0000 0x16000 2.00.0000.0001 2/26/00 02:33
C:\PROGRAM FILES\ZIPMAGIC\ZMIHOOK.DLL
0x400000 0x97000 2.00.0000.0026 2/16/00 08:21
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEALARM.EXE
0x10000000 0x16000 2.00.0000.0026 2/16/00 07:41
C:\WINDOWS\SYSTEM\VSMONAPI.DLL
0xBFDF0000 0x10000 4.03.0000.1998 4/23/99 10:22
C:\WINDOWS\SYSTEM\WINMM.DLL
0x2800000 0x14000 2.00.0000.0026 2/16/00 07:41
C:\PROGRAM FILES\ZONE LABS\ZONEALARM\ZONEBAND.DLL
0x7FF20000 0xC1000 4.71.2900.0000 4/23/99 10:22
C:\WINDOWS\SYSTEM\OLE32.DLL
0x1300000 0x2C000 2.00.0000.0026 2/16/00 08:21
C:\WINDOWS\SYSTEM\VSUTIL.DLL
0x76260000 0xE000 5.131.1877.0003 4/23/99 10:22
C:\WINDOWS\SYSTEM\WINTRUST.DLL
0x7ED40000 0x5E000 5.131.1877.0004 4/23/99 10:22
C:\WINDOWS\SYSTEM\CRYPT32.DLL
0x7FB90000 0x52000 4.71.2900.0002 4/23/99 10:22
C:\WINDOWS\SYSTEM\RPCRT4.DLL
0x79E00000 0x25000 5.131.1877.0003 4/23/99 10:22
C:\WINDOWS\SYSTEM\MSOSS.DLL
0x7FCB0000 0x156000 4.72.3612.1700 4/23/99 10:22
C:\WINDOWS\SYSTEM\SHELL32.DLL
0xBFE90000 0x8C000 5.80.2614.3500 4/23/99 10:22
C:\WINDOWS\SYSTEM\COMCTL32.DLL
0xBFE70000 0x6000 4.10.0000.1998 4/23/99 10:22
C:\WINDOWS\SYSTEM\VERSION.DLL
0x75FA0000 0xA000 4.10.0000.1998 4/23/99 10:22
C:\WINDOWS\SYSTEM\WSOCK32.DLL
0x794D0000 0x15000 4.10.0000.2222 4/23/99 10:22
C:\WINDOWS\SYSTEM\MSWSOCK.DLL
0x76000000 0x12000 4.10.0000.2222 4/23/99 10:22
C:\WINDOWS\SYSTEM\WS2_32.DLL
0x76280000 0x70000 5.00.2614.3500 4/23/99 10:22
C:\WINDOWS\SYSTEM\WININET.DLL
0x70BD0000 0x44000 5.00.2614.3500 4/23/99 10:22
C:\WINDOWS\SYSTEM\SHLWAPI.DLL
0x75FE0000 0x6000 4.10.0000.1998 4/23/99 10:22
C:\WINDOWS\SYSTEM\WS2HELP.DLL
0xBFF50000 0x11000 4.10.0000.2222 4/23/99 10:22
C:\WINDOWS\SYSTEM\USER32.DLL
0xBFF20000 0x26000 4.10.0000.1998 4/23/99 10:22
C:\WINDOWS\SYSTEM\GDI32.DLL
0x78000000 0x40000 6.00.8397.0000 4/23/99 10:22
C:\WINDOWS\SYSTEM\MSVCRT.DLL
0xBFE80000 0x10000 4.80.0000.1675 4/23/99 10:22
C:\WINDOWS\SYSTEM\ADVAPI32.DLL
0xBFF70000 0x73000 4.10.0000.2222 4/23/99 10:22
C:\WINDOWS\SYSTEM\KERNEL32.DLL
________________________________________________________________________
Protect your privacy! - Get Freedom 2.0 at http://www.freedom.net
Omnivore
<j...@freedom.net> wrote in message news:t9u480q...@corp.supernews.com...
snip garbage.
Did your saying something stupid once impress you so much that you had
to say something stupid twice?
You give morons a bad name.