ZoneAlarm Employs Scare Tactics Against Its Users 216
snydeq writes "Check Point Software appears to be ripping a page from the 'scum it claims to fight,' running a scare-tactic warning dialog to frighten users into upgrading to a paid version of the company's ZoneAlarm firewall product. Preying on fears of ZeuS.Zbot, the Check Point warning dialog tells users their PCs 'may be in danger' without having found ZeuS.Zbot, nor having checked to see whether you're running an antivirus product. 'The program doesn't care if you're infected with ZeuS.Zbot, or if you have protection in place. It just wants to sell you an upgrade to the firewall that may or may not detect future ZeuS.Zbot variants' activities — some day.' Check Point's customers have inundated the ZoneAlarm forums with complaints."
ZoneAlarm still exists? (Score:5, Informative)
I haven't used that piece of garbage software in about 5 years.
See ya ZA (Score:3, Informative)
I used to recommend them to residential users. I will not ever again.
Trusted (Score:5, Informative)
Well, they fooled me at first because I've had ZoneAlarm installed for ages and trusted it. After looking through my running processes, registry, etc, and doing a virus scan I suspected something was dodgy because there was no indication of this zeus trojan. It was then I found the big list of complaints on ZoneAlarm's forums. I was a bit annoyed that they wasted my time. Until yesterday when this showed up I had no reason no to trust what ZoneAlarm was telling me. Now, I am not so sure.
Re:ZoneAlarm still exists? (Score:1, Informative)
Re:ZoneAlarm still exists? (Score:3, Informative)
I haven't used it since XP SP2 included a firewall. Good riddance!
Summary is correct (Score:5, Informative)
The summary is spot on. I haven't been a Windows user for a number of years, but a friend asked me to fix her malware problem and I reinstalled her Windows XP box. For the firewall, I remembered ZoneAlarm from a few years ago and installed it. After the first reboot, some stupid popup appeared, prompting me to "like" the software on Facebook. I'm like WTF? But still gave them the benefit of the doubt. Next reboot it comes up with the totally bogus popup that I may get infected with Zeus. I had to reread it twice to find out it really was an advertisement.
I downloaded Comodo [comodo.com], unplugged the network, uninstalled ZoneAlarm, installed Comodo and plugged back into the inter webs. Never looked back.
I probably will not buy any Check Point software for my business either.
Anyone know a decent software "firewall"? (Score:3, Informative)
Requirements:
1) Rule-based. I want to permit/deny network traffic to certain apps. 2) Option of "PermitTraffic/AllowTraffic" and "LogTraffic/IgnoreTraffic" as independent settings. (e.g., I want to allow logging of permitted applications' traffic, as well as denied apps' failed attempts, and after looking at the logs, decide whether or not I want to bother logging it.)
3) Accurately figure out which app is actually responsible for denied traffic. (Looking at you, PrivateFirewall 7.0, which never actually says that it's the Windows Update client that's legitimately trying to access some random Akamaized download site.)
I tried the built-in Windows firewall, but it was difficult/cumbersome to set up in default-deny mode, and when I did, I couldn't easily find out which app was causing the denied traffic. (e.g. is it some game that phones home on the first attempt to register/activate, or is it some bullshit Games For Windows Live client that has no need to be used in a single-player game?)
Thanks to PrefBar for one-click Javashit and Flash toggling, a non-Adobe PDF reader, an ad-blocking local proxy, and the equivalent of a decent-sized ad-blocking HOSTS file implemented in the external router, I've never actually been hit with malware, so I'm more interested in monitoring unsolicited outbound traffic than worrying about inbound traffic. Likewise, I'm more interested in legitimate apps rather than malware that could trivially disable the software "firewall". Given that sort of environment, what's the current best practice for software "firewalls"?
Re:Inundated? (Score:4, Informative)
There are posts that reference other threads where this was "already posted," but clicking those links leads you to a vBulletin "No thread specified" page. Presumably ZA has been deleting threads....
See http://forums.zonealarm.com/showpost.php?p=283423 [zonealarm.com] and http://forums.zonealarm.com/showpost.php?p=283420 [zonealarm.com] for example posts... both those posts reference a nonexistent thread.
Damage control maybe?
Re:Whats ZoneAlarm? (Score:5, Informative)
It used to be a sophisticated light weight feature rich firewall for windows.... it allowed rules and whatnot.... now... its a bloated flaming pile of sh*t sinking with a horrible company that deserves to be put out of business for its questionable marketing practices and horrible customer support.
Re:ZoneAlarm was backdoored, right? (Score:4, Informative)
CVE-2007-0069
CVE-2007-0069
CVE-2010-1893
Though the last one really doesn't count for ZoneAlarm's intended function, as it's a local privilege escalation.
Reference: http://cve.mitre.org/index.html [mitre.org]
Search terms: Windows kernel tcp/ip
Re:Anyone know a decent software "firewall"? (Score:3, Informative)
That is exactly how to do security these days. Running a capable browser with Adblock, Foxit for PDF reading, keep add-ons like Quicktime and Flash updated if one uses them. Just Adblock alone gets rid of the dodgy ad sites, some of which allow third party advertisers to try to use bugs in add-ons as a vector for compromise.
Hardware firewall first to protect machines from incoming network attacks. Second are filtering the ad sites which will happily slap drive-by malware on people's machines. Third, filtering out JS and other add-ons unless the user wants to see them.
Finally, fourth is a program like Microsoft Security Essentials that is licensed at no charge and does not nag. This all assumes the user is clued enough to not be affected by the Dancing Bunnies security hole too.
Re:ZoneAlarm still exists? (Score:1, Informative)
AVG is apparently pretty good. Combine with Spybot S&D.
Re:ZoneAlarm still exists? (Score:1, Informative)
Comodo free firewall has served well enough for a couple of years now.
I stopped using that crap... (Score:2, Informative)
When they basically refused to support Windows 7. I have sense replace the firewall on ALL my machines (including my XP machines) with PC Tools Firewall Plus. It is free, and provides better protection than Zone Alarm.
List of free Windows firewalls (Score:5, Informative)
Below is a list of free application software firewalls I put together a while ago. Not sure if they are all current, and I am probably missing quite a few, but it is a starting point.
Firewalls
Active Network [lanctrl.com] - Active Wall Free Edition [lanctrl.com]
Agnitum [agnitum.com] - Outpost Firewall Free [agnitum.com]
AS3 Soft4U [xthost.info] - AS3 Personal Firewall [slashdot.org]
Ashampoo [ashampoo.com] - Ashampoo Firewall Free [ashampoo.com]
Comodo Group [comodo.com] - Comodo Firewall (now a part of Comodo Internet Security [comodo.com])
FilSecLab [filseclab.com] - Filseclab Personal Firewall Professional Edition [filseclab.com]
Group 4 Business Intelligence [g4bi.com] - IDNWebShield [idnwebshield.com] (main web site down when last checked)
NetVeda [netveda.com] - NetVeda SafetyNet [netveda.com]
PC Tools [pctools.com] - PC Tools Firewall Plus Free Edition [pctools.com]
PrivacyWare [privacyware.com] - Privatefirewall [privacyware.com]
SecurePoint [securepoint.cc] - Securepoint Personal Firewall & VPN Client [cnet.com] - (discontinued?)
SoftPerfect [softperfect.com] - SoftPerfect Personal Firewall [softperfect.com]
Tall Emu [tallemu.com] - Online Armor Free [tallemu.com] - (acquired by EmsiSoft?)
WIPFW Project [sourceforge.net] - WIPFW [sourceforge.net] - (port of BSD IPFW)
Firewall Managers
GT Delphi Components [gtdelphicomponents.gr] - Windows Firewall Ports & Applications Manager [gtdelphicomponents.gr] (WFWPAM)
Sheesley, Eric [shadowlair.com] - XPFiremon [shadowlair.com]
Hopefully, this is of help.
Regards,
Aryeh Goretsky
Re:ZoneAlarm still exists? (Score:4, Informative)
If a system is so borked you're mounting it via another computer [enwp.org], you might be better off just formatting and reinstalling [enwp.org].
Re:ZoneAlarm users get what they deserve (Score:4, Informative)
Linux 2.2 wasn't released until 1999. 12 years ago, we were using a tool you probably never heard of called ipfwadm, and before that ipfw
Linux's firewalling capabilities have always been miles ahead of Windows' built-in firewall capabilities in terms of being functional, flexible, and easier to get to do what you want for the power user.
Windows, ZA, Comodo used to be ahead in terms of usability for the average user.
Linux firewalling capabilities improved a bit over time, they became more powerful and more user friendly (at least for the Linux admin), more capabilities were introduced in the form of modules.
However, Linux firewalling didn't change much --- it's pretty hard for something that is already nearly perfect to evolve.
On the other hand Windows had and still has a lot of ground to cover in regards to improving the firewall.
It is more cumbersome than ever to add firewall rules or exceptions to the Windows firewall. No simple text-based language. No built in rapid CLI-based addition method (have to resort to still a cumbersome GUI to do it).