Is your firewall spying on you?

Is your firewall spying on you?


IT’S OBVIOUS, REALLY, that the best way of penetrating users' PCs to see what they get up to online would be to become a Firewall maker.

Like, when I wanted a Firewall and was too tight to pay for one, I turned to Checkpoint’s little freebie Zone Alarm. It sits there between you and the Internet and lets you know when someone’s trying to sneak in through your backdoor or when a program you’re running tries to connect to the Web for no apparent reason. When you’re as techie as me – not very – you just have to trust it.

Of course, Checkpoint’s an Israeli company and as a foreign journalist working in Israel you know the hyperactive security services here would like to keep tabs on you. And you know that they do. It has been confirmed to me by a security sources here that mobile phone conversations I have had have been listened to – and in circumstances which I won’t reveal, the contents of a call I have been involved in have actually been relayed back to me.

<snip>

Now, the handsomely-named Mr Cringely has revealed that a colleague of his at Infoworld noticed that Zone Alarm 6.0 was sneakily sending off data to four different servers. Cringely says that Zone Labs (acquired by Checkpoint in March of 2004) at first denied the activity for a couple of months before deciding the software had a "bug" even though, as he points out, "the instructions to contact the servers were set out in the program’s XML code."

The company says it will fix the "bug" soon. In the meantime you can work around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.

The "bug" seems to be present in the retail version of Zone Alarm, so there’s no telling what the freebie gets up to. We called Checkpoint here in Israel to find out, but were referred to a US spokeszoner. Trouble is they’ll all be in bed there on this sunny Sunday morning.


The Inquirer

looked at a windows host file to see how it was formatted.

you prevent za from communicating with the server by contolling the dns lookup thru using the host file override.

L-

but a host file entry of 127.0.0.1 tells your pc to send any requests to zonelabs.com back to your own pc.

The 'hosts' file is a bit of a heavy-handed kludge from the old days of UNIX. Strange to see it on the "new and improved" Windows architecture. (ROFL!)
Microsoft's "learning curve" dealing with ("discovering"?) the Internet is filled with comedy. (One person's comedy is often another's tragedy.)

in particular "business blueprint/risk management software", as made by GoAgile (www.goagile.com) - formerly known as Ptech. The ability to monitor data traffic and report on it, is at the very core of that software. Ptech happens to be financed and staffed by Saudis who have connections to terrorism financing.

see testimony by Indira Singh and Sibel Edmonds:

Sibel Edmonds and other Whistleblowers Group
http://www.democraticunderground.com/discuss/duboard.php?az=show_topics&forum=344

......just by using that software would connect you to terrorist activity, whether or not you know about their connections to terrorism!!!

What i said in other words, would be more like:
The Ptech/GoAgile software is as likely to be compromised as some firewalls are likely to be compromised, though obviously in somewhat different ways.

leaves the user vulnerable. You are vulnerable because you assume the corporation that provided this software to you in a manner no one can inspect is to be trusted. "Proprietary security" is a contradiction in terms.

It's older, and I wonder if it was made before they changed the firewall.

site we can read that rates different firewall software?

I guess I wasn't paranoid enough when I got up this morning. lol

I got a heads up from a buddy that saw the article and knew that I had ZA on this lapbox.

I usually use BlackIce...but I starting using ZA...
because few are compatible with old windows

Sygate, Kerio, no good...

Gonna try Outpost Free...recommended...but, who knows, someone might post something about it being owned by two guys who worked the NSA for the last 20 years.

Maybe that's the stratgy to get people so paranoid they stop communicating.

I mean, when OBL calls into radio programs and says he's reading the same books as a lot of people hated by the rePukes, and gives raps about the MIC like a lot of people hated by rePukes, says he is unimpressed by Bush's poll numbers like a lot of people hated by rePukes, all at the same time the government is leaning heavily on outfits like Google to handover the data of everybody....now this....um...ok.

A really paranoid person might think they are now “bad-jacketing” all dissent. :tinfoilhat:

Let's let not be rash...calm and orderly towards the exits, ladies and gentlemen... and, do check to see if there are any lingering 'issues' from uninstalling ZA. Never know...might fail to close a few ports.

I also need something good in VPN because of the wifi card...so...

But even if you only rely on the XP home firewall, then you probably should have a real firewall.

I'll have to look into the stuff I'm using but to be honest, my expectation of privacy is not all that significant.

Bad jackets -- I probably am one the New Spring Fashions list. It's okay. I speak Spanish. :)

I am told. I have never been able to get Norton to delete any.

I'm not a very good computer geek, but I try.:hide:

It's going to be interesting to see where this goes.

If you are really in doubt, get a cheap 486 or so computer, slap a network card in it, and boot into a linux live CD like Sentry Firewall on it. Keeping it between your computer and the internet connection would be a decent solution. Or, if you wish, look for open source firewall software on the internet. The key is "Open Source" NOT free ware. If they don't want you to look at their source code, they have something to hide, and it will probably bite you in the ass later, so don't use them.

http://tooleaky.zensoft.com/
Great site for firewall information.
http://grc.com/lt/leaktest.htm
http://www.grc.com/default.htm

Didn't Steve Gibson create Zone Alarm, and isn't he the owner of grc.com (Gibson Research Center)? If I remember correctly, wasn't he a tremendous advocate of internet privacy? I certainly did not know that he had sold ZA , and am very surprised to hear it.

I am using a very old version of ZA (2.6) because it is compatible with my very old Windows 98, and it has worked wonderfully for 6 long years. Surely this version is OK? Anyone?

laptop. I wouldn't worry about it.

I have Zone Alarm and trusted it until now.

Any alternatives that don't do this?

Buy a $50 used laptop and a couple of pcmcia ethernet cards. Put it between your PC and cable modem and run linux with netfilter.

The best thing you can do is simply buy a cheap box that will act as a physical firewall. It connects to your isp and then just connect a router to that computer and connect all other computers to the router. That is what I do. I hated ZA and got rid of it a long time ago; mainly because it was a system hog but it doesn't surprise me that it was syping as well. I used Sygate for a while then just got a second cheap box.

that links not to a technical article or analysis but a snippet that just says ZA phones home? Does that automatically mean the program is "spying?" Has anyone provided actual evidence that it is? (Apparently the Inquirer journo seems to think the Mossad may be spying on him through his firewall.) Feel free not to trust it, but you should at least have some clear idea why you shouldn't IMO.

I use older versions of ZA and the no longer available ZA Plus. The later versions either had issues or add ons I simply didn't want so I stopped updating my ZA's. But I recall there was some discussion about ZA phoning home in reference to ZA 5.5 in late 2004.

At that time the ZA users forum provided this link regarding the servers contacted and why: http://forum.zonelabs.org/zonelabs/board/message?board.id=gen&message.id=17380

Also posted was a way to disable various communications within different versions of the program: http://forum.zonelabs.org/zonelabs/board/message?board.id=security&message.id=9675#M9675

These posts may be somewhat dated and even at that time some asserted that the commuication overrides didn't fully work. I suspect this "news" about version 6 is simply the same old issue. I wouldn't be entirely surprised, given ZL's historical track record in fixing (what are to them) "low priority" bugs.

While some seem quick to assume ZA as "spyware" (without any evidence that it is) one should also note that given the widespread use of ZA as a commercial security product it simply would be death to the product if there were something truly nefarious going on.

the McAfee firewall and antivirus are suspicious

check with http://www.neuber.com/taskmanager/download.html

....cause it isn't the Feds. Does Zone Labs or their parent company, Checkpoint have any ties to foreign countries or organizations which have spied on us in the past?

More on "Magic Lantern" here. onedit Magic Lantern works at the level of the TCP/IP stack, a much, much lower level than a software firewall and, basically, undetectable unless you inspect the DLLs which are driving the stack, likely with a byte-by-byte comparison.

PB

I've got my pants down and my ass hanging out ten different ways.

data mines and did the voter purges in Florida? Or am I thinking of something else?

Thanks.

It came to me after dinner tonight.

Thanks :)

unsolicited inbound traffic.

I *never* trust my privacy to proprietary software. Almost all the software I run is open technology, including the munition-level encryption which I use for e-mail. Let the NSA waste its CPU horsepower on that.

The solution to all these problems, from vote-stealing voting machines to VOIP systems with government back doors is open technology where people have the right to view the source code behind the curtains. Until we achieve this kind of openness our private information will be accessible for monkey business like this.

If you are worried about your privacy, switch to Linux. It's open, secure, and doesn't require you to answer to large conglomerate software companies. Oh, and by the way, it is also extremely stable. I only turn off or reboot my six Linux boxes when I am doing maintenance. That only happens once or twice a year. Other than that, they are running 24/7. One box has been running continuously for close to seven years without a hitch. Windows users have never been able to make these claims, and never will.

Not that I care if they know where I go on the internets. But it makes one doubt the whole idea of being secure.

http://www.grc.com

So after you install whatever firewall you want, just scan to see how well you're protected. Just make sure you have something. Windows XP firewall is better than nothing.

Try a separate box with the free unix sw IpCop. It will give you good control, extended possibilities, and is very easy to set up and run.
You need an old pc with two network cards, and this software:

http://www.ipcop.org/