ZoneAlarm program permissions, some thoughts

Topic

New Reply

Oh, the joys of firewalls and programs interacting with Internet … some comments about the spontaneous behaviour of a well known application.

One week ago I updated my ZoneAlarm 6.0.667 to latest 6.1.737. I have been using ZA for a long time, at least around 1997/98. This update was done as usual; no prior uninstall (or /clean), when install is running I chose Clean, i.e. reset rules for programs.

Everything went fine, I agreed to that ZA set up the basic rules for Generic Host Process and default browser (Firefox). Now, when that part was over I found the following in ZA Program Control:

• Application Layer Gateway Service
• AVG E-mail Scanner
• Generic Host Process for Win32 Services
  [/list]and rules set for the Generic Host Process. No browser, but it had picked up an e-mail scanner even if I was not connected.

  When I later connected and started Firefox, I got asked if I would allow it to connect. A permission and “rule” was set in Program Control. This should have been at install!

  Later I added permissions for other programs, but not IE. Some days later I had something that had to be done with Internet Explorer. When started and connected to Internet I was amazed that ZA didn’t even bother. Went over to Program Control, and now there was a permission for IE. Checked Program log, no mention of IE!

  Now, yesterday I installed WMP 10, this has nothing to do with this version, older behaved the same. During the install the PC was disconnected from Internet. All went OK.

  Today with Internet connection active I thought; well maybe should go and change the update setting in WMP 10. It only needs to check once per month (instead of every week). I know that it can be totally disabled via registry, but that is another issue. Well, I was prepared to what was going to happen (seen it before), and thought almost: let

Reply | Quote

Replies

Argus,
I too have been using ZA ( free ) for some time now and while I can’t really comment on your experiences listed in your post, I have a recent gripe about ZA that can be considered in “some thoughts”.

Just two days ago, I received an email from ZoneLabs, shouting about the potential threat from the attack of the KumaSutra Worm. It’s supposed to attack today, Feb.3rd .
ZL said that users of the free version would NOT be protected from the Worm but that only paid users would be immune. BUY the paid version NOW it threatened!

I can see that there would be differences between the free and paid versions of any software, but to use the treat of a worm attack to sell it’s product seems way over the top in marketing schemes.

Nice going, Zone Labs….protect us a little bit but not a whole lot!
I guess it’s just my way of thinking, right?

Reply | Quote

Which paid version of ZA did they propose you buy? Several of the paid versions have much more than just a firewall. I’d not expect a firewall to protect me against an e-mail borne threat. That would be a/v and/or anti-spyware software.

Joe

--Joe

Reply | Quote

Joe,

Thinking back on that episode, it could well have been their new suite of programs, not just the firewall.
But I was just so POd when it came up that I deleted it before looking too far into the message.

It was just the WAY it said that your free version of ZA would not protect you but this new one would.
Blatent scare tactics to my mind.

Reply | Quote

The exact wording was

[indent]

---

Free ZoneAlarm Firewall will not protect you from BlackWorm. Only ZoneAlarm premium products (ZoneAlarm Antivirus, Anti-Spyware, PRO, and Internet Security Suite) will protect against the BlackWorm.

---

[/indent]

And my thoughts on receiving it were (1) scare tactics, and (2) annoyance that some might think that other protection they had in place (decent up to date AV and so on) would not do.

Ian

Reply | Quote

Ian,
Exactly.
I’m glad to see that I wasn’t the only one that reacted to that email in a real negative way.

Reply | Quote

You are NOT alone. I have had several people email me about this. I asked did they have their AV up to date, if so then they were OK, but if NOT, why weren’t they?

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

Dave,

You had the right reply to them, for sure!
It is amazing just how many users are totally in the dark when it comes to protection utilities and keeping them up to date.

Reply | Quote

I too received that email Bob, but unfortunately I deleted it at my ISP’s server (with MailWasher) without downloading a copy, so I can’t answer Joe’s question. As I recall, it just said ZA Pro. My view also of a firewall is that it’s NOT intended to protect me against email borne viruses or worms, just “attackers” or “phone home” programs that may already be on my computer. I have AV and spyware programs that I expect will take care of viruses, trojans and scumware. Zone Labs scare tactics are so widely used that I just ignored it. Seems like these days EVERYONE wants to sell me an all-encompassing program…

Reply | Quote

Al,
———————————–
My view also of a firewall is that it’s NOT intended to protect me against email borne viruses or worms
———————————-

That’s exactly what I thought when I read that email. “What are they talking about?”
I guess it was more of the method rather than the message that got to me!

Reply | Quote

Hi guys,
Yes Bob, in my case it has been the ZA free, no ZAP. So you get e-mails? Well I have given a valid e-mail address, but certainly not my main address, and I don’t check boxes for info-mail. And also it was a long time since I checked that mailbox …

Now, I’ve been using ZA since some around version 2, and have experienced some things. As the described above and other things, but they are more or less glitches compared to the trouble other people have had, as seen in their forum, many times regarding install/uninstall. And some times I have waited some weeks and jumped on another release.

I’m no expert, but I think many of the problems with installing are due to not a “clean environment”. People have all sorts of things running during install; the machine isn’t always up to date and stable before etc. etc. Some versions ago, before 5.5, it picked up all sorts of programs and wanted to add them, or rather, if I remember correct: it added the program but left the rule with an “?”. Now one might say that I have either changed behaviour or programs that I use, but I don’t think so. Now ZA only adds programs when they are accessing, and also asks, as always, thus my astonishment with IE.

And yes I checked the Program Control – Main tab: Program must ask for Internet access, it was as I always have it set.

And Bob, yes that’s not a funny e-mail to get. They can be polite and informative, and yet be selling. I followed the virus-L e-mail digest for years during the 90’s and info. from other sources, this reminds me of some anti-virus vendors (or their marketing staff), that I should not name, and I certainly don’t want to use them for other reasons as well.

I agree with Al, a firewall is used for other reason than protecting against viruses, trojans and worms. Even if ZA or any other vendor jumps into the “suite-race” with packages, my view is that anti-virus people know how to make anti-virus programs and firewall producers know their thing. You can’t expect to be an expert in every field. And now days I guess there are many different products that work well together.

Reply | Quote

ZoneAlarm program permissions some thoughts. PART 2. This is not a direct question for help, but the behaviour does indeed raise some questions.

I installed the updated version of Windows Defender beta. I had earlier tried the first released version, only result was that install was aborted and MS AntiSpyware was uninstalled (Error 1609)! The new installation was done offline and went OK. After checking the settings in the program I connected to Internet to check for definition updates.

Since the first install debacle I had not removed the program permission for MS AntiSpyware in ZoneAlarm Program Control, i.e. there was a rule in ZA but no program on the machine.

Before checking for updates I did read the help files and noticed that for WD the program

Reply | Quote

I guess I was maybe a bit tired, but since no response I will try to straighten this. Earlier with MS AntiSpyware (MSAS) one had to give access to a number of applications in the firewall, also depending on if in Spynet or not I guess. Then in the latest version of MSAS I only had an access rule for the main program and that worked. I did know that this new Windows Defender (WD) would use Automatic Updates. I have it disabled, in CP, not the service itself. I suppose the talk in the help file about giving access to “MSASCui.exe” is a general advice since there are so many different firewalls.

So when doing an update in WD I get activity in:

• svchost.exe PID 808. That among other services runs Automatic Updates
  wuauclt.exe (Automatic Updates)
• svchost.exe PID 660
  wmiprvse.exe (WMI)
  [/list]So that

Reply | Quote