Zone Alarm is Spyware!

Page Last Revised: Friday, April 28, 2006 01:27 PM

WebCounter

When considering software firewalls, Zone Alarm immediately comes to mind. Even those who prefer a different product, will probably include Zone Alarm on the short list. It is comprehensive, easy to set up, and easy to use.

However, for some time (as early as release 3.0), both the free and commercial versions of Zone Alarm have been transmitting various data from your computer to their servers (and apparently to the servers of affiliates), without your permission, without your foreknowledge, and without their admission (even post facto).

Despite statements by Zone Labs personnel, there is no way to turn off this transmission within the Zone Alarm program. None of the various program settings will prevent the Zone Alarm program from contacting its servers, and transmitting your personal data.

This is not a program bug, but a deliberate, clandestine, invasive policy. Zone Labs is well aware that they are harvesting information from your computer, and have even added a "You must be at least 13 years old to use this product" disclaimer (to avoid running afoul of the recent Federal (COPPA) law prohibiting gathering information about minors over the Internet).

However, Zone Labs' "customer support" and "technical support" personnel (as well as other company spokesmen) have remained silent on the issue (despite myriads of complaints and inquiries from confused and irate users) since they implemented this policy, refusing to admit they are harvesting information, and refusing to specify precisely what information they are gathering, and for what purpose.

When they have addressed the issue, they have insisted that there is no unauthorized transmission occuring (despite a plethora of evidence to the contrary), and that all transmissions can be suppressed by various program switch settings (despite this claim being demonstrably false).

[All one need due is make all the "recommended" settings (disabling "vital" program functions), and then wait a few minutes for ZA to begin transmitting unathorized data. Yet, rather than (or perhaps in spite of) performing this experiment (and fixing the problem), ZA personnel refuse to acknoweldge it's existence!]

Thus, in addition to introducing invasive data-harvesting procedures, in a program designed and marketed to prevent such spyware, Zone Labs has been completely disingenuous and dishonest about the matter.

This matter has been well-documented on various Internet forums, e.g.

The most extensive discussion of the Spyware issue is http://www.broadbandreports.com/forum/remark,11818674~mode=flat~days=9999. Please read the entire thread, to see the extent of the problem, and the deceptive and dishonest responses by Zone Labs personnel and shills.

To make matters worse, since version 5.0, the Zone Alarm product will dial-up your internet connection (if you are not already connected) when it decides to transmit data (without your authorization). This seems to occur about every two hours. And, having established an Internet connection without your permission or foreknowledge, it doesn't have the courtesy to disconnect when it is finished with its dirty business. For those who pay by the minute for dial-up service, or who are limited to a certain number of hours per day or month, this can be very costly.

[Please note that, even when Zone Alarm blocks Internet access for a program, if you are not connected to the Internet, dial-up will be initiated before access is blocked! This is an major "flaw" in Zone Alarm's "protection" against any spyware.]

There are a number of ways to prevent this unauthorized and undesireable dial-up:

In order to prevent dial-up and/or (Zone Alarm spyware) access while you are on the Internet, you can add the following entries to your c:\hosts file (use Notepad to edit the existing file, or to create one if needed):

127.0.0.1 pa2.zonelabs.com
127.0.0.1 hs2.zonelabs.com

Each entry should start in column 1. By putting these items in your hosts file, Windoze will be directed to the localhost, rather than Zone Lab's invasive servers, and the data transmitted will be flushed. Since localhost is not on the Internet, the "access" shouldn't trigger dial-up.

Of course, you won't be able to access the "important" Zone Alarm functions (such as update and "adviser") without removing them from the hosts file.

Also, this method will only work until such time that Zone Labs changes the URL's of their data-harvesting servers and/or changes their spyware to address them by IP address rather than URL, or bypass TCP.

Other possible candidates for inclusion in the hosts file are:

avu.zonelabs.com Anti-virus definitions update?
cm2.zonelabs.com Supposedly "Assists in the functioning of various services including the AlertAdvisor, antivirus updates, and antivirus monitoring."
hs2.zonelabs.com Supposedly "Helps your client keep its services up to date"
ls2.zonelabs.com Supposedly "Manages information relating to program configuration"
pa2.zonelabs.com Supposedly "Manages the Program Advisor functionality"
ps2.zonelabs.com Supposedly "Helps with updates to services and client functionality"
update.zonelabs.com Supposedly "Supports the "Check for Update" functionality"
register.zonelabs.com Supposedly "Handles product registration"

Ironically, Zone Alarm Pro is now doing precisely what we purchased a firewall to prevent. If the reason for their maintaining an Internet connection and transmitting personal data is to keep the program "up to date", let them admit it (and explain why, then, they need the "under 13" disclaimer). Even so, it seems that checking once or twice a day would be more than sufficient, and only doing so when the user is already online. However, this is the same sort of lazy programming, and thoughtless system design, that compelled Micro$oft to "automatically" check for Windoze updates every 30 seconds (even though there are usually several weeks between updates). But, at least the MIcro$oft "feature" can be disabled. The Zone Alarm spyware can only be disabled by uninstalling the product.

Hopefully, ZA will fix this invasive design flaw in a future release. Until they do so, dial-up users would be better served with Release 4.5, or another vendor's product. Please note that Computer Associates' eTrust EZ Firewall is a scaled-down version of Zone Alarm Pro, and shares the spyware attributes, "dialing home" (without aurthorization) at periodic intervals.

Those concerned about (or offended by) the data the Zone Alarm program is gathering and transmitting, should be aware that competing products may very well be doing so as well (see http://www.broadbandreports.com/forum/remark,10916632?hilite=sygate).

I suspect that Zone Labs will remove the spyware if they receive a flood of complaints (email, fax, letter) and/or they loose a substantial amount of business by customers who switch to other products. In fact, when they introduced the Spyware feature with release 3.0, there was such an outcry, and the offending "feature" was removed -- at least for a short time. If you do switch to another product, please be sure and let Zone Labs know that you have, and why! You may address your concerns to: Zone Labs, Inc. Fax: 415.341.8299.