Forgot your password?
typodupeerror
Security Your Rights Online

ZoneAlarm Employs Scare Tactics Against Its Users 216

Posted by Soulskill
from the your-computer-is-broadcasting-an-ip-address dept.
snydeq writes "Check Point Software appears to be ripping a page from the 'scum it claims to fight,' running a scare-tactic warning dialog to frighten users into upgrading to a paid version of the company's ZoneAlarm firewall product. Preying on fears of ZeuS.Zbot, the Check Point warning dialog tells users their PCs 'may be in danger' without having found ZeuS.Zbot, nor having checked to see whether you're running an antivirus product. 'The program doesn't care if you're infected with ZeuS.Zbot, or if you have protection in place. It just wants to sell you an upgrade to the firewall that may or may not detect future ZeuS.Zbot variants' activities — some day.' Check Point's customers have inundated the ZoneAlarm forums with complaints."
This discussion has been archived. No new comments can be posted.

ZoneAlarm Employs Scare Tactics Against Its Users

Comments Filter:
  • by Khyber (864651) <techkitsune@gmail.com> on Monday September 20, 2010 @04:59PM (#33641688) Homepage Journal

    I haven't used that piece of garbage software in about 5 years.

    • Re: (Score:3, Informative)

      by Anonymous Coward

      I haven't used it since XP SP2 included a firewall. Good riddance!

    • by jlechem (613317)
      I long since moved to Spybot Search and Destory. That thing was ass even back then, it would slow down my old pentium to an unusable state. Doesn't sounds like they've gotten better in the past 5 years.
    • That was my first thought. I quit using Zone Alarm before I jumped ship to Windows due to it *REALLY* borking windows until it was removed. Frankly, when the window's stock firewall kicks your ass, you're done.
      • I think I used it until version 5.5, and stopped afterwards because subsequent versions would prevent explorer.exe to load at all. I had to kill the process for things to work properly. Gave whichever version was the latest a try when I got a new computer in '07 — same story. *shakes head*
    • Zone Alarm is freaking annoying, constantly asking you to upgrade to the full version.

      AVG is annoying too. They constantly warn you that if you don't get the paid version that you won't be fully protected.

      Comodo is a pretty decent firewall and it has the side benefit of staying out of the way. I generally only see it when it asks me if I want the latest upgrade.

      Microsoft's Security Essentials is fine for those individuals that need protection. If you get infected (with just about any malware protection)

    • by Snaller (147050)

      Its odd, it worked fine for me on Xp - but then when i went over to Windows 7 it ended up blocking all connections (including itself (if you click update, it should be able to check for updates, but it just froze itself)) - and there was nobody who knew why.

      So out it went.

    • by Odinlake (1057938)

      Meh, stupid people don't deserve to have money anyway.

      Then on the other hand neither does ZoneAlarm.

  • See ya ZA (Score:3, Informative)

    by rbochan (827946) on Monday September 20, 2010 @04:59PM (#33641690) Homepage

    I used to recommend them to residential users. I will not ever again.

    • by Mashiki (184564)

      I think that was the idea behind this. Or "How to lose your customers in 3 easy steps."

    • Re: (Score:3, Interesting)

      by Martin Blank (154261)

      I stopped recommending ZA a few years back, when they had that stream of critical vulnerabilities. Only recently had I thought about adding them back into the recommendations list since I hadn't seen many major problems in a while. This knocks them back off the list for a couple more years at least.

  • Trusted (Score:5, Informative)

    by Psychotria (953670) on Monday September 20, 2010 @05:01PM (#33641706)

    Well, they fooled me at first because I've had ZoneAlarm installed for ages and trusted it. After looking through my running processes, registry, etc, and doing a virus scan I suspected something was dodgy because there was no indication of this zeus trojan. It was then I found the big list of complaints on ZoneAlarm's forums. I was a bit annoyed that they wasted my time. Until yesterday when this showed up I had no reason no to trust what ZoneAlarm was telling me. Now, I am not so sure.

  • by equex (747231) on Monday September 20, 2010 @05:03PM (#33641730) Homepage
    I thought ZoneAlarm got outed for essentially being a backdoor some years ago ? I stopped using it then and never looked back.
    • Trusting a software firewall is like trusting "The Club (tm)" to protect your car from thieves. Just like ZoneAlarm, once I hit it, I'm hitting the software stack on your machine, and a compromise via 0-day exploit can be made just the same as a car thief using a hacksaw to cut a small hole in your steering wheel and removing "The Club (tm)"
      • And how many such network stack attacks have existed since Win98?

        • It doesn't need to be the network stack exploited... just ZoneAlarm... the bit you shoehorned between your network connection and the rest of the internet.
        • by Caerdwyn (829058) on Monday September 20, 2010 @05:21PM (#33641912) Journal

          CVE-2007-0069

          CVE-2007-0069

          CVE-2010-1893

          Though the last one really doesn't count for ZoneAlarm's intended function, as it's a local privilege escalation.

          Reference: http://cve.mitre.org/index.html [mitre.org]
          Search terms: Windows kernel tcp/ip

          • by Caerdwyn (829058)
            fatfingered the first. CVE-2007-0066
          • Poorly implemented management protocols sitting above TCP, UDP or raw IP do not represent the kind of problem which a software firewall cannot deal with because of a bug in the network stack.

            N.B. router discovery protocol is not enabled by default in Windows and IGMP will be blocked by default on any sane firewall before packets are acted upon. This is fortunate since several operating systems, including Linux, have suffered from poorly implemented IGMP handling.

      • by Lumpy (12016)

        What loser thief uses a "hack saw" for that? bolt cutters will go through a steering wheel in less than a second. that kind of speed is important for a car thief. Sawing for 10 minutes is not something anything but a crackhead would do.

        • Hacksaw blades with duct tape around one end are much easier to hide than bolt cutters, and it only takes under a minute to go through a steering wheel.

        • My car got stolen a week ago, so I'm really getting a kick out of this. (No, it really did get stolen.)

          Related note. Let's say you lived in a high-risk zone for car thievery, and that you weren't going to be able to afford anything more than like some late 90's economy model car (so, say, no car alarm or GPS), and you really HAD to make sure it didn't get stolen. What would you do? I was actually thinking Club until you people convinced me otherwise *grin* -- any alternate suggestions?

          • by Tanktalus (794810) on Monday September 20, 2010 @06:23PM (#33642588) Journal

            Googling for "car colour theft", one of the top hits is an article suggesting painting your car pink [nytimes.com]. Not sure if the cure is worse than the disease, but that's your call to make for your own situation.

          • The Club works fine provided the car next to yours doesn't have one. It's not about making your car steal proof - it's about making your car slightly-less steal-able than your neighbors'.

            Same strategy that makes a barking dog good home security.

            You won't get absolute security to prevent losing your car. You could put in an ignition kill switch, but you'd want to find a mechanic that was creative with switch placement or that would be found, too. And the thief won't know about this until after he's broken

            • Also, don't leave anything in your car, and don't put things in the trunk when you park. Why advertise that you just stuck a laptop in the trunk and then walked into a movie theater? If you're going to put something in the trunk, do it before you drive somewhere, not after you arrive.

          • by MachDelta (704883)

            Wire a toggle switch to your fuel pump +12v wire and hide it somewhere in the cabin. Preferably not any place it will be bumped/kicked/elbowed. Then get in the habit of switching it off when you get out. Next time some moron tries to jack your ride, all they'll be able to do is kill the battery.

          • by toddestan (632714)

            Get a manual transmission. Then remove the radio and let the wires dangle out of the dash. Absolutely don't leave anything visible in the car that might be worth stealing. That includes the $1.27 in change in the cup holders. It may even help to empty out the glove box and leave that open too. It may also help to get a less common model of car, as it's the most common cars that are the most desirable as it's easier to fence the parts. Also don't get a higher trim line, because once again the parts are

          • by Eivind (15695)
            Paint it. Pink with purple stripes, works well, or any other colorscheme far away from metallic-grey. Seriously, it's cheap. It's effective. It makes it a hell of a lot easier to refind your car on the giant parking-lot, and it's zero overhead in your normal daily routine.
  • by flydpnkrtn (114575) on Monday September 20, 2010 @05:05PM (#33641754)

    As a poster indicates, ZA was bought out by CheckPoint a few months ago. This scare tactic will probably backfire on them...

    Why in the hell did someone at CheckPoint say to themselves "Wait a second... Gestapo style marketing that looks like a phishing scam sounds like a great idea!"

    • by ponds (728911)
      2004 is more than 'a few months ago'
    • Re: (Score:3, Insightful)

      by jopsen (885607)

      This scare tactic will probably backfire on them...

      Wouldn't that require that their customers knowns the difference between, the ZoneAlarm popup and one of the five other popups provided Symantec, AVG free and Avast... All of which are likely installed and peacefully generating popups at appropriate intervals...
      - Seriously, how many tech savvy users runs Windows, sorry I mean... How many tech savvy users runs anti virus software... let alone ZoneAlarm... :)

      • by Spad (470073)

        Any tech savvy user should be running AV on Windows - and that's not a slight on Windows per se - given the number of vulnerabilities in a wide range of software *cough*Adobe*cough*, exploitable in the browser from "trusted" sites that have been compromised, often with days or weeks without a patch or workaround, it's a very bad idea not to run some form of real-time AV scanner.

        The days of "I know what I'm doing, I keep my stuff up-to-date, I don't open unknown attachments, boot from unknown media or visit

    • by couchslug (175151)

      "This scare tactic will probably backfire on them..."

      Easy enough to help that happen.

      Geeks are often asked for advice. Telling people software will fuck up their computer tends to get their attention.

  • Summary is correct (Score:5, Informative)

    by cerberusss (660701) on Monday September 20, 2010 @05:07PM (#33641776) Homepage Journal

    The summary is spot on. I haven't been a Windows user for a number of years, but a friend asked me to fix her malware problem and I reinstalled her Windows XP box. For the firewall, I remembered ZoneAlarm from a few years ago and installed it. After the first reboot, some stupid popup appeared, prompting me to "like" the software on Facebook. I'm like WTF? But still gave them the benefit of the doubt. Next reboot it comes up with the totally bogus popup that I may get infected with Zeus. I had to reread it twice to find out it really was an advertisement.

    I downloaded Comodo [comodo.com], unplugged the network, uninstalled ZoneAlarm, installed Comodo and plugged back into the inter webs. Never looked back.

    I probably will not buy any Check Point software for my business either.

    • by Blue Stone (582566) on Monday September 20, 2010 @05:25PM (#33641962) Homepage Journal

      Yeah, I ditched Zone Alarm for Comodo some time ago after ZA got bought out by Checkpoint. I think it was that the newer post-buy-out versions of the software kept re-ckecking the "automatic updates" option in the preferences and kept giving itself permission to access the internet, despite me explicitly blocking it. Several instances of this and I thought, 'crikey, the new owners are a bit dodgy' and jumped ship to Comodo.

      Can't say I'm surprised to see them plumet down the 'sacrifice integrity to serve our bottom line' route. (That's also why I ditched AVG).

    • Checkpoint isn't bad, actually. It's just the ZA line that you really need to avoid. Checkpoint itself does well if you don't need advanced features (at least with high performance).

  • by NevarMore (248971) on Monday September 20, 2010 @05:07PM (#33641780) Homepage Journal

    Is it like a frontend for iptables?

  • by realmolo (574068) on Monday September 20, 2010 @05:09PM (#33641808)

    Seriously. What morons are using ZoneAlarm? WHY would you use it, when Windows has had a better firewall since XP, and the Vista/Windows 7 firewall is even better than that?

    ZoneAlarm has always been a piece-of-shit.

    • by Nimey (114278)

      Not always. It was pretty decent back in the 2.x Windows 98 days.

    • by Culture20 (968837)

      Windows has had a better firewall since XP

      Try blocking outgoing connections with the XP firewall.

      the Vista/Windows 7 firewall is even better than that

      This is true. Unfortunately, with its power has come a more difficult interface. Why do I have to click 20 times to enter ~10 IP ranges into the scope list for just one port? Why can't it be a comma delimited text field like before?

      • Re: (Score:3, Insightful)

        by mysidia (191772)

        Try blocking outgoing connections with the XP firewall.

        Try upgrading to Windows 7 and using Windows Advanced Firewall instead of a 12-year-old product ? :)

        Worrying about blocking outgoing connections with ye' ol' windows XP firewall is kind of like worrying about duplex printing on a 80s/early 90s-era dot matrix printer <G>

        • Windows XP is a 12 year old product?

          Also, how is age relevant? ipchains/iptables is 12 years old, and supports this very basic functionality.
          • by camperslo (704715)

            >Windows XP is a 12 year old product?

            To avoid interoperability issues between planets and provide protection against unexpected centuries, highly innovative operating systems offer chronometric algorithms based on user-derived hair plus root extraction data. Perhaps you forgot to enable this feature.

        • by Culture20 (968837)
          Um, yeah. That was my point. Realmolo said XP firewall was better than ZA. I explained why it isn't, and even pointed out that Win7's was better.
        • by psoriac (81188)

          Have you actually tried to enable outbound filtering on a home PC? It's terrible.

        • Try upgrading to Windows 7 and using Windows Advanced Firewall instead of a 12-year-old product ? :)

          I haven't used Windows on a day-to-day base since 6-7 years, so I was pretty surprised to learn that as of two years ago, Windows XP was sold pre-installed on systems like the ASUS Eee Box [asus.com]. These are little Intel Atom-driven machines as small as a lunch box. Due to their limited CPU power, they came with Windows XP.

          You generally do not update such small boxes to a big OS like Windows 7, it will probably run dog-slow while the preinstall is working pretty smoothly. So I agree with your general sentiment, but

    • Re: (Score:2, Insightful)

      by JayGuerette (457133)

      WHY would you use it, when Windows has had a better firewall since XP, and the Vista/Windows 7 firewall is even better than that?

      Why? Simple: because the Windows firewalls have a built-in white-list. That completely removes it from my consideration. I'd argue that 'firewall' is not even applicable to that service.

    • Re: (Score:3, Insightful)

      by MMC Monster (602931)

      Seriously. What morons are using ZoneAlarm?

      You know that person you told to use Zone Alarm 8 years ago? He's been upgrading since then and telling all his friends that his computer expert friend told him Zone Alarm is great.

      Sucks to be us.

    • Indeed but surely I'm not the only slashdotter who has the firewall turned off and no av/scanning software installed at all?

      The trick is to not use any MS software except for windows (XP) itself (currently on Chrome, Thunderbird, OpenOffice) but keep Automatic Updates turned on (though that requires a Legit copy of XP...) and not to have friends who are likely to email you screensavers. Not had any problems in years (last incident was an unpatched 2000 box that was pwned within minutes of going online). Cue

  • by mlts (1038732) * on Monday September 20, 2010 @05:11PM (#33641826)

    I remember ZA being decent, especially the registered version. However, there isn't a need for it anymore, just like there isn't a need for QEMM-like packages for new equipment. Windows 7 has a decent built in firewall to keep things out [1], and for antivirus protection, Microsoft Security Essentials is a download away and licensed at no charge.

    [1]: If a compromised app is trying to phone home, the battle is lost when it comes to host security. So having a firewall popping up Allow/Deny dialogs is pointless on post-XP Windows versions because of the amount of false positives generated.

    • by Altrag (195300)

      Which is why most firewall software has a "always do this" option of some sort. The first week or so after you install a new firewall program generally sucks, but after that you've usually got most of your "real" apps marked off and things go pretty smoothly from there on.

      Of course for some people, a week worth of always clicking "Allow" is enough to train them badly forever.. but there's only so much that can be done :P.

    • by Ecuador (740021)

      just like there isn't a need for QEMM-like packages for new equipment.

      What do you mean? Is there another way for new equipment to make 610kb+ of base RAM available to play Sensible Soccer?

    • If a compromised app is trying to phone home, the battle is lost when it comes to host security.

      Not really. If the firewall warns you of an app trying to phone home and you either don't know the app and it looks suspect, or if it's an app that shouldn't be using internet then you can be quite sure your system has been compromised. And then you can unplug it and try to fix it. However, if you don't get such a warning you won't know anything. Atleast the warning gives you a chance to try and fix things.

  • by Anonymous Coward on Monday September 20, 2010 @05:12PM (#33641840)
    I used to use Kerio in the WinXP days, but it doesn't cooperate with Win7 x64.

    Requirements:
    1) Rule-based. I want to permit/deny network traffic to certain apps. 2) Option of "PermitTraffic/AllowTraffic" and "LogTraffic/IgnoreTraffic" as independent settings. (e.g., I want to allow logging of permitted applications' traffic, as well as denied apps' failed attempts, and after looking at the logs, decide whether or not I want to bother logging it.)
    3) Accurately figure out which app is actually responsible for denied traffic. (Looking at you, PrivateFirewall 7.0, which never actually says that it's the Windows Update client that's legitimately trying to access some random Akamaized download site.)

    I tried the built-in Windows firewall, but it was difficult/cumbersome to set up in default-deny mode, and when I did, I couldn't easily find out which app was causing the denied traffic. (e.g. is it some game that phones home on the first attempt to register/activate, or is it some bullshit Games For Windows Live client that has no need to be used in a single-player game?)

    Thanks to PrefBar for one-click Javashit and Flash toggling, a non-Adobe PDF reader, an ad-blocking local proxy, and the equivalent of a decent-sized ad-blocking HOSTS file implemented in the external router, I've never actually been hit with malware, so I'm more interested in monitoring unsolicited outbound traffic than worrying about inbound traffic. Likewise, I'm more interested in legitimate apps rather than malware that could trivially disable the software "firewall". Given that sort of environment, what's the current best practice for software "firewalls"?

    • Re: (Score:3, Informative)

      by mlts (1038732) *

      That is exactly how to do security these days. Running a capable browser with Adblock, Foxit for PDF reading, keep add-ons like Quicktime and Flash updated if one uses them. Just Adblock alone gets rid of the dodgy ad sites, some of which allow third party advertisers to try to use bugs in add-ons as a vector for compromise.

      Hardware firewall first to protect machines from incoming network attacks. Second are filtering the ad sites which will happily slap drive-by malware on people's machines. Third, fil

    • Kerio's firewall was picked up by Sunbelt, which has been promising a 64-bit version for some time but has yet to deliver.

      Actually, looking at their forums, they just posted a couple of days ago that the new 64-bit version of VIPRE (their AV software) includes a firewall. VIPRE is pretty good and has low resource utilization. I've got Nod32 at home, and it was a toss-up on which to go with, but Nod32 had a slightly higher percentage of malware caught in a test at the time, so I went with that. (Nod32 has

  • by Culture20 (968837) on Monday September 20, 2010 @05:22PM (#33641932)
    Whatever happened to alliteration in article titles?
  • When they basically refused to support Windows 7. I have sense replace the firewall on ALL my machines (including my XP machines) with PC Tools Firewall Plus. It is free, and provides better protection than Zone Alarm.

    • by Ecuador (740021)

      What's wrong with simply using the Windows 7 firewall? Maybe ZoneAlarm did not support Win 7 because they know there is already a better firewall included...

  • I don't think that word means what TFA's author thinks it means.

    - Necron69

  • by Aryeh Goretsky (129230) on Monday September 20, 2010 @06:40PM (#33642832) Homepage
    Hello,

    Below is a list of free application software firewalls I put together a while ago. Not sure if they are all current, and I am probably missing quite a few, but it is a starting point.

    Firewalls
    Active Network [lanctrl.com] - Active Wall Free Edition [lanctrl.com]
    Agnitum [agnitum.com] - Outpost Firewall Free [agnitum.com]
    AS3 Soft4U [xthost.info] - AS3 Personal Firewall [slashdot.org]
    Ashampoo [ashampoo.com] - Ashampoo Firewall Free [ashampoo.com]
    Comodo Group [comodo.com] - Comodo Firewall (now a part of Comodo Internet Security [comodo.com])
    FilSecLab [filseclab.com] - Filseclab Personal Firewall Professional Edition [filseclab.com]
    Group 4 Business Intelligence [g4bi.com] - IDNWebShield [idnwebshield.com] (main web site down when last checked)
    NetVeda [netveda.com] - NetVeda SafetyNet [netveda.com]
    PC Tools [pctools.com] - PC Tools Firewall Plus Free Edition [pctools.com]
    PrivacyWare [privacyware.com] - Privatefirewall [privacyware.com]
    SecurePoint [securepoint.cc] - Securepoint Personal Firewall & VPN Client [cnet.com] - (discontinued?)
    SoftPerfect [softperfect.com] - SoftPerfect Personal Firewall [softperfect.com]
    Tall Emu [tallemu.com] - Online Armor Free [tallemu.com] - (acquired by EmsiSoft?)
    WIPFW Project [sourceforge.net] - WIPFW [sourceforge.net] - (port of BSD IPFW)

    Firewall Managers
    GT Delphi Components [gtdelphicomponents.gr] - Windows Firewall Ports & Applications Manager [gtdelphicomponents.gr] (WFWPAM)
    Sheesley, Eric [shadowlair.com] - XPFiremon [shadowlair.com]

    Hopefully, this is of help.

    Regards,

    Aryeh Goretsky
  • "We have met the enemy, and he is us."

    I stopped using zone alarm a long time ago.

    But besides all that, I've noticed that just about everything you download these days also tries to install (besides Yahoo Toolbar) a free copy of -some-name-brand- Security Scan, which appears to be nothing more than an advertisement for the company's non-free antivirus package. It really seems like the antivirus people are more and more adopting the same business model as the scareware vendors from which they purport to

  • If you are on a small network, get a router with a built-in firewall (even a home all-in-one broadband router is good enough for this)
    If you are on a larger network, get a proper firewall (e.g CISCO PIX)

    And in all cases, run a GOOD anti-virus (that means something OTHER than Norton or McAfee) and keep all your software patched.

    If you DO feel the need to run a firewall e.g. if you are connecting over wireless broadband (where you cant put a hardware firewall between you and the network) or if you are on coff

  • If you absolutely have to continue suffering the worst computing experience possible, get at least Kaspersky. It works, not too much overhead and doesn't use incomprehensible blinky tray icons that won't tell you anything useful (yes, Norton, that is you).

    Otherwise, enough already. I'm very weary of anything that has a complete cult as supporters, but as I also use Linux I figured I ought to try a Mac as well. I'm still not a fanboy, but I can recommend it, if only to experience what computing ought to b

Work is the crab grass in the lawn of life. -- Schulz

Working...