Zonealarm ‘phones home’???

Via The Inquirer, the provocative Is your firewall spying on you?, pointing to this Infoworld item by Robert X. Cringley fingering my favorite software firewall, ZoneAlarm:

A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite’s communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a “bug” in the software — even though instructions to contact the servers were set out in the program’s XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there’s no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.

To which the Inq adds,

In the meantime you can work around it by adding:
# Block access to ZoneLabs Server
127.0.0.1 zonelabs.com
to your Windows host file.

The hosts file on my windows XP setup would be c:\windows\system32\drivers\etc\hosts. [On a Windows 95/98/ME machine, look in c:\windows\hosts; for Windows NT or 2000 it should be at c:\winnt\system32\drivers\etc\hosts.]

Here’s what I’d like to know: By adding this line to the hosts file, will one also block other things from Zonealarm … like downloads of updates? And if not, how do I test if it’s working to fix the ‘phone home’ problem? (And if so, how do I know when it’s time to take it out?)

This entry was posted in Software. Bookmark the permalink.

One Response to Zonealarm ‘phones home’???

  1. Mark B. says:

    The hosts file overrides the “domain name system” which maps names such as zonelabs.com to IP numbers such as 208.185.174.44. The indicated fix redirects all attempts to contact the computer zonelabs.com to 127.0.0.1, which by convention is a synonym for your own computer, as well as the conventional thing to enter to disable access to a remote computer in a hosts file. If the spyware module is phoning home to “zonelabs.com” the fix will work. However unless the update module is phoning home to a different computer, e.g., updates.zonelabs.com, the updates will be blocked as well.

Leave a Reply

Your email address will not be published. Required fields are marked *