/ Forside / Teknologi / Internet / Sikkerhed / Nyhedsindlæg
Login
Glemt dit kodeord?
Brugernavn

Kodeord


Reklame
Top 10 brugere
Sikkerhed
#NavnPoint
stl_s 37026
arlet 26827
miritdk 20260
o.v.n. 12167
als 8951
refi 8694
tedd 8272
BjarneD 7338
Klaudi 7257
10  molokyle 6481
Is your firewall spying on you?
Fra : Jan Rasmussen


Dato : 24-01-06 00:01

http://www.theinquirer.net/?article=29157

Zone Alarm gets rumbled

By Paul Hales in Jerusalem: søndag 22 januar 2006, 12:39

IT'S OBVIOUS, REALLY, that the best way of penetrating users' PCs to see what they get up to online would be to become a Firewall
maker.
Like, when I wanted a Firewall and was too tight to pay for one, I turned to Checkpoint's little freebie Zone Alarm. It sits there
between you and the Internet and lets you know when someone's trying to sneak in through your backdoor or when a program you're
running tries to connect to the Web for no apparent reason. When you're as techie as me - not very - you just have to trust it.
Of course, Checkpoint's an Israeli company and as a foreign journalist working in Israel you know the hyperactive security services
here would like to keep tabs on you. And you know that they do. It has been confirmed to me by a security sources here that mobile
phone conversations I have had have been listened to - and in circumstances which I won't reveal, the contents of a call I have been
involved in have actually been relayed back to me.
It's part of the game - like the airport interrogation, or the surreptitious copying of your notepad while you're off having a body
search. You know what goes on but you have a job to do and just get on with it - hoping that what you get up to in the legitimate
pursuit of your business won't upset anyone to the extent that they'll come break your door down and cart you off somewhere.

Now, the handsomely-named Mr Cringely has revealed that a colleague of his at Infoworld noticed that Zone Alarm 6.0
was sneakily sending off data to four different servers.

Cringely says that Zone Labs (acquired by Checkpoint in March of 2004) at first denied the activity for a couple of months before
deciding the software had a "bug" even though, as he points out, "the instructions to contact the servers were set out in the
program's XML code."
The company says it will fix the "bug" soon. In the meantime you can work around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.
The "bug" seems to be present in the retail version of Zone Alarm, so there's no telling what the freebie gets up to. We called
Checkpoint here in Israel to find out, but were referred to a US spokeszoner. Trouble is they'll all be in bed there on this sunny
Sunday morning


Jan Rasmussen



 
 
John Hinge (24-01-2006)
Kommentar
Fra : John Hinge


Dato : 24-01-06 06:23

On 24 jan 2006 Jan Rasmussen was heard to say:

snip Noget Jan citerer en Journalist i Israel for at sige at en
anden har sagt..

Det lader ikke til at være noget som f.eks Slashdot har snakket
om inden for de seneste dage.. Ikke at slashdot er the be all/
end all inden for computer sikkerhed, men man skulle da tro
at lige netop Zonealarm som spionværktøj for Israel ville vække
dog bare en lille smule diskussion ?


--
John Hinge - shayera / .sPOOn.
On usenet I represent no one but myself.
"You're basing your Pixie Faerie on Vin Diesel ? I'll say it again..
Are you on Drugs ?" Gordo - The Black Hand - KotDT #79

Bjarke Andersen (24-01-2006)
Kommentar
Fra : Bjarke Andersen


Dato : 24-01-06 07:36

John Hinge <sidekick_gimmenospam_@nntp.dk> crashed Echelon writing
news:Xns97554100D6576SHAYERA@62.243.74.162:

> Det lader ikke til at være noget som f.eks Slashdot har snakket
> om inden for de seneste dage.. Ikke at slashdot er the be all/
> end all inden for computer sikkerhed, men man skulle da tro
> at lige netop Zonealarm som spionværktøj for Israel ville vække
> dog bare en lille smule diskussion ?

Nu er /. jo et anderledes nyhedsmedie. Artiklerne er skrevet af alm folk,
som ofte henviser til den originale artikel og moderators godkender så
hvilke artikler der kommer op, og her er det ofte random hvad som bliver
postet (hvilket man osse kan læse i guidelines).

--
Bjarke Andersen
Wanna reply by email? Remove the spammer in address

Kim Ludvigsen (24-01-2006)
Kommentar
Fra : Kim Ludvigsen


Dato : 24-01-06 11:14

Den 24-01-06 07.36 skrev Bjarke Andersen følgende:

> Nu er /. jo et anderledes nyhedsmedie.

Det er ikke kun /., der ikke har skrevet om det, faktisk har jeg endnu
ikke set historien i et eneste seriøst medie.

--
Mvh. Kim Ludvigsen
Desktop Sidebar: Information at your fingertips.
http://kimludvigsen.dk

Leif Neland (24-01-2006)
Kommentar
Fra : Leif Neland


Dato : 24-01-06 11:40

Kim Ludvigsen wrote:
> Den 24-01-06 07.36 skrev Bjarke Andersen følgende:
>
>> Nu er /. jo et anderledes nyhedsmedie.
>
> Det er ikke kun /., der ikke har skrevet om det, faktisk har jeg endnu
> ikke set historien i et eneste seriøst medie.

Det er en sammensværgelse

Leif



John Hinge (25-01-2006)
Kommentar
Fra : John Hinge


Dato : 25-01-06 06:22

On 24 jan 2006 Bjarke Andersen was heard to say:

> John Hinge crashed Echelon writing
>
>> Det lader ikke til at være noget som f.eks Slashdot har snakket
>> om inden for de seneste dage..
> Nu er /. jo et anderledes nyhedsmedie. Artiklerne er skrevet af
> alm folk, som ofte henviser til den originale artikel og
> moderators godkender så hvilke artikler der kommer op, og her er
> det ofte random hvad som bliver postet (hvilket man osse kan læse
> i guidelines).
>
Det er jeg godt klar over.
Men når det er sagt, så er netop den beskyldning som det oprindelige
indlæg refererede af en sådan karakter at det burde være noget man
havde set diskuteret på diverse sikkerheds foraer, og den slags dukker
op på slashdot. Slashdot geeks elsker ting der smager af big brother
og konspirationer..


--
John Hinge - shayera / .sPOOn.
On usenet I represent no one but myself.
"You're basing your Pixie Faerie on Vin Diesel ? I'll say it again..
Are you on Drugs ?" Gordo - The Black Hand - KotDT #79

Bjarke Andersen (25-01-2006)
Kommentar
Fra : Bjarke Andersen


Dato : 25-01-06 19:55

John Hinge <sidekick_gimmenospam_@nntp.dk> crashed Echelon writing
news:Xns975640AE5ADD2SHAYERA@62.243.74.162:

> Men når det er sagt, så er netop den beskyldning som det oprindelige
> indlæg refererede af en sådan karakter at det burde være noget man
> havde set diskuteret på diverse sikkerheds foraer, og den slags dukker
> op på slashdot. Slashdot geeks elsker ting der smager af big brother
> og konspirationer..

Narh /. overser rent faktisk en masse historier om sikkerhed.

--
Bjarke Andersen
Wanna reply by email? Remove the spammer in address

Peter Brodersen (24-01-2006)
Kommentar
Fra : Peter Brodersen


Dato : 24-01-06 19:15

On Tue, 24 Jan 2006 00:00:37 +0100, "Jan Rasmussen" <7@7.7> wrote:

>Now, the handsomely-named Mr Cringely has revealed that a colleague of his at Infoworld noticed that Zone Alarm 6.0
>was sneakily sending off data to four different servers.

Jeg undrer mig lidt over hvad det "data" er. Det burde man kunne
sniffe sig frem til.

>Cringely says that Zone Labs (acquired by Checkpoint in March of 2004) at first denied the activity for a couple of months before
>deciding the software had a "bug" even though, as he points out, "the instructions to contact the servers were set out in the
>program's XML code."

Det måtte også gerne have været mere præcist. "the program's XML code"
lyder i praksis blot som en konfigurationsfil eller lignende.

>The company says it will fix the "bug" soon. In the meantime you can work around it by adding:
># Block access to ZoneLabs Server
>127.0.0.1 zonelabs.com
>to your Windows host file.

... og det undrer mig over, at der snakkes om fire forskellige servere,
men at man kun skal blanke denne linje ud. Det virker også mærkeligt,
at en applikation forsøger at kontakte zonelabs.com, og ikke et
passende underdomæne/host. Det virker kortsigtet, idet jeg vil tro, at
zonelabs.com udelukkende henviser til deres produkt-website, og ikke
nødvendigvis opdaterings- eller indsamlings-services.

I det hele taget virker den artikel lidt rodet. Den artikel, The
Inquirer henviser til, giver heller ikke meget svar.
--
- Peter Brodersen
Find dig selv: http://map.ter.dk/

Jan Rasmussen (02-02-2006)
Kommentar
Fra : Jan Rasmussen


Dato : 02-02-06 20:09

"Jan Rasmussen" <7@7.7> skrev i en meddelelse news:43d55fca$0$84033$edfadb0f@dtext01.news.tele.dk...
> http://www.theinquirer.net/?article=29157
>
> Zone Alarm gets rumbled
>
> By Paul Hales in Jerusalem: søndag 22 januar 2006, 12:39
>

Hvad skal man tro ? ,,,,



http://www.a1-electronics.net/General_Interest/2005/Security_Nov.shtml
Internet, Web, E-mail security update.

Regular readers will know that we take Internet, web and e-mail security seriously and have always used ZoneAlarm, Norton Anti-virus
and AdSubtract. This way in the past we have been able to stop our computers from being attacked and infected. BUT.

Things change.

The other day we were going over one of our computers and found in the Windows Internet Logs folder a file that we had never seen
before and was growing at an alarming rate. We used all our skills and knowledge to delete it and stop it from working. We
eventually tracked this growing file down to belonging to ZoneAlarm. If you use ZoneAlarm then look at the 'IAMDB.RDB' and there is
even a back up for it there as well. Wonderful we say.

After browsing the web to see if anybody else knew anything about this file we found this:

"It seems that ZA comes with two spy dlls that according to the their manufacturer "utilizes its patented metering methodology to
measure actual Internet and digital media audience user behaviour in real-time - click-by-click, page-by-page, second-by-second."

I found these two:

C:\WINDOWS\SYSTEM\VSMONAPI.DLL
C:\WINDOWS\SYSTEM\VSUTIL.DLL


Had been left on my system after uninstalling ZA. It seems that your system configuration and maybe the activity is logged to the
file Iamdb.rbd, then transmitted. This discussion also implicates Steve Gibson of Grc/ShieldsUp/Opout in this as well."

These were new to us but we knew that some program or other was continually accessing the web while our computers were on but as
ZoneAlarm did not say it was anything suspicious and we just assumed it was one of our security programs checking for a new version
or whatever we did not worry much, as one would.

But it did annoy us that it seemed to be going on continually and should not. Thus we started searching to find out what was
happening and why which is why we found the IAMDB.RDB file and that it was growing at an alarming rate. There always was a ZoneAlarm
file in the past that grew but that was easy to replace every-so-often with a blank file. But not this.

Bear in mind that we use the paid for Pro version and not the free version that one might expect some checking which would be
reasonable, but not if you have been a loyal paying customer for years.


Thus we have e-mailed ZoneAlarm twice now and eventually got an automated reply back saying they will get in touch with us in a
couple of days. We have told them in no uncertain words that we will publish our findings as this policy of ZoneAlarm spying on
peoples computers is totally unacceptable.

We have now tried using another firewall software called Sygate Personal Firewall which is free. There is a paid for version but as
you can appreciate at first we are trying the free version to see what we think of it and to see if it works.

Well. Now we have a free firewall blocking the spying activities of a paid for firewall. Can you believe that. We can also say that
the Sygate Firewall is working and stopping ZoneAlarm from phoning home all the time with our private and confidential computer use
data.

Here is the web site link for Sygate which is part of Symantec.

We are just very pleased that we are now blocking ZoneAlarm but it makes our blood boil.

We hope you find our compact review helpful to you along with all our independent reviews of computer hardware.

Find out why we are continuing our rise in popularity by looking at our home page and all our other latest reviews and computer
news.





Jan Rasmussen



Peter Brodersen (02-02-2006)
Kommentar
Fra : Peter Brodersen


Dato : 02-02-06 21:30

On Thu, 2 Feb 2006 20:08:54 +0100, "Jan Rasmussen" <7@7.7> wrote:

>[..]We used all our skills and knowledge to delete it and stop it from working.

>[..] It seems that your system configuration and maybe the activity is logged to the
>file Iamdb.rbd, then transmitted.

>[..] We are just very pleased that we are now blocking ZoneAlarm but it makes our blood boil.

"Vi ved ikke hvad den præcist gør, men vi er meget teknisk kompetente,
så derfor baserer vi vores artikel på mistænkeliggørelse, fordi
journalistiske begreber som facts, dokumentation og konklusioner hører
ingen steder hjemme".

Artiklen fortæller virkelig intet teknisk. De er forundrede, de er
mistænkelige, de er puha-rasende, de får ikke svar, men de fortæller
stadigvæk intet. Det er mere som at læse en blog end en artikel.

Og de ender med at bruge en anden firewall, som måske hjælper.

Jeg vil ikke forholde mig til om de har fat i noget af det rigtige
eller ej, men lige nu har de ikke givet udtryk for at have hævet sig
over "Min udbyders dns-server hacker mig!!!"-argumentationen.

--
- Peter Brodersen
Find dig selv: http://map.ter.dk/

Niels Callesøe (02-02-2006)
Kommentar
Fra : Niels Callesøe


Dato : 02-02-06 22:54

Peter Brodersen wrote:

> Jeg vil ikke forholde mig til om de har fat i noget af det rigtige
> eller ej, men lige nu har de ikke givet udtryk for at have hævet sig
> over "Min udbyders dns-server hacker mig!!!"-argumentatione

Enig. Det læser som en gang amatøragtigt skandalemageri.

Specielt synes jeg det er tragikomisk hvordan de beskriver at de nu har
TO 'personal firewalls' (uden at de dog stoler på nogen af dem!)
kørende, i stedet for 1, eller endnu bedre: ingen.

--
Niels Callesøe - dk pfy
pfy[at]nntp.dk - http://www.t29.dk/~nica/disclaimer.php

This space for rant.

Søg
Reklame
Statistik
Spørgsmål : 177580
Tips : 31968
Nyheder : 719565
Indlæg : 6409084
Brugere : 218888

Månedens bedste
Årets bedste
Sidste års bedste