Via The Inquirer, the provocative Is your firewall spying on you?, pointing to this Infoworld item by Robert X. Cringley fingering my favorite software firewall, ZoneAlarm:
A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suites communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software — even though instructions to contact the servers were set out in the programs XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, theres no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.
To which the Inq adds,
In the meantime you can work around it by adding:
# Block access to ZoneLabs Server
to your Windows host file.
The hosts file on my windows XP setup would be c:\windows\system32\drivers\etc\hosts. [On a Windows 95/98/ME machine, look in c:\windows\hosts; for Windows NT or 2000 it should be at c:\winnt\system32\drivers\etc\hosts.]
Here’s what I’d like to know: By adding this line to the hosts file, will one also block other things from Zonealarm … like downloads of updates? And if not, how do I test if it’s working to fix the ‘phone home’ problem? (And if so, how do I know when it’s time to take it out?)
The hosts file overrides the “domain name system” which maps names such as zonelabs.com to IP numbers such as 188.8.131.52. The indicated fix redirects all attempts to contact the computer zonelabs.com to 127.0.0.1, which by convention is a synonym for your own computer, as well as the conventional thing to enter to disable access to a remote computer in a hosts file. If the spyware module is phoning home to “zonelabs.com” the fix will work. However unless the update module is phoning home to a different computer, e.g., updates.zonelabs.com, the updates will be blocked as well.