Slashdot Mirror

← Back to Stories (view on slashdot.org)

Zone Alarm Vs 180 Solutions: Zango hooks?

Posted by Hemos on from the deconstructing-postmodern-spyware dept.

Sub-Seven writes "Found at Vitalsecurity.org, they detail how a Microsoft MVP pulled the Zango file to pieces, and discovered some interesting facts about exactly what a "simple" fun and games application does to a machine that its running on. Hooking into Windows OneCare and Microsoft Antispyware? What's that all about? "

10 of 166 comments (clear)

  1. First Time I've ever seen that... by dtolman · · Score: 4, Informative

    Is it just me, or is the friggin slashdot summary got more information than the linked article?

    Thats gotta be a first...

    1. Re:First Time I've ever seen that... by Bob_Villa · · Score: 5, Informative

      On the blog, just click the link that says "Very thorough runthrough", which links to the following url: http://mvps.org/winhelp2002/temp/zango.htm

      I think this link is actually pretty good. I agree, the blog wasn't the most clear.

  2. Removing spyware in applications by dada21 · · Score: 4, Informative

    It wouldn't surprise me if 30% of my IT company's income came from user stupidity combined with software such as the XCP, spywared games, and other fun entertainment products. Yet this is just the market at work. Loopholes are found, usually because of click-through-licensing. Companies will always attempt to build their markets and consumers will always find the bad seeds.

    It is very important to realize that as long as end users continue to install these programs, marketing companies will feed their needs. You could ague for laws against these backdoor programs, but it wouldn't solve anything and in fact might make the problem worse as companies find sneakier ways to get into your desktop.

    The only way to make a smart consumer is to inform them of the bad things. This means getting the word out, telling others to be careful, and even offering training for groups. My company makes a good profit on spyware, but we offer completely free training days for companies that want to save money by training their employees in safe web browsing. I don't think the answer is "Install Linux and Firefox and the problem will go away!" If Linux/Firefox occupied 90% of desktops, the marketing companies would find a way to take advantage of that platform.

    Smart users are informed users are users who won't continue making the same mistakes. Finding band-aids through legislation or discrete installation of anti-spyware software isn't going to solve the problem.

    As a sidenote -- the reason for training my customers in smart browsing techniques is a selfish one. As we reduce a company's cost of doing business, our referral rate skyrockets. The less we work/bill, the more work we have to bill. If you're a consultant and you're not seeing a decent increase in your customer base every year, you're not doing a good enough job. There is more work in the U.S. than is being tapped, and it is usually because companies aren't seeing things getting better.

  3. Re:Software firewalls?! by sirwired · · Score: 4, Informative

    Um...not sure what's going on here...but I think software firewalls have to be one of the silliest 'security products' out there. I still can't believe cable companies don't distribute modem/routers to users and remotely configure them to block the commonly exploited ports and protocols.

    Errr... because quality software firewalls (like ZoneAlarm) and home hardware firewalls/routers protect against two entirely different problems?

    Home Routers/Firewalls protect your machine against INBOUND, unsolicited connection requests. This makes you immune to attemts to exploit server-type services, like file-sharing, IIS holes, etc. This lets me run VNC, Apache, whatever on my home machine and not have to worry about keeping patches up to date (or even setting a password, for that matter.)

    Software firewalls protect you against OUTBOUND connections you did not authorize. Port-blocking does nothing to stop this because a nefarious software vendor can't be stopped from sending an outbound request on port 80 by an external firewall.

    I can't count how many programs (even legit ones) that shouldn't be talking to the internet keep requesting outbound connections. (This is all caught by ZoneAlarm.)

    SirWired

  4. related info by rd4tech · · Score: 3, Informative

    searching arroung I was able to find
    http://www.benedelman.org/spyware/180-affiliates/, and http://www.spywareguide.com/product_show.php?id=50 7

  5. Why the blog? by imroy · · Score: 4, Informative

    Why link to some guys blog with inane comments, when you can link to the page he refers to? Lots more information there.

    What is it with blog pages that link to another blog, which links to another blog, and so on? If this is how things are done in the blogosphere, then my already low opinion of bloggers just slipped a little. Just provide a link to the original f**king information!</rant>

  6. Here is the background by bytemonger · · Score: 3, Informative

    Hi I think this text shed some lights: http://blog.180solutions.com/PermaLink,guid,5795b8 5d-feea-4656-93e1-d788a01f760a.aspx Poor people @180solutions that suddenly found their spy-ware being detected by Zone-lab's Zonealarm. Zonealarm is obviously a great piece of software. So when 180Solutions became aware of this, they saw their business-model go the way of the dinosaurs.

  7. What's the hook being used for? by kawika · · Score: 5, Informative

    180 is suing ZoneLabs for a very specific and narrow statement as far as I can tell. ZoneLabs says 180 is monitoring key and mouse info, 180 says it is not.
    The analysis linked from TFA explains that he found evidence of setting a windows hook. The question is, does Zango use that hook to collect mouse and key info, even for a short time, or are they using the hook for other purposes? What would those purposes be?

  8. Nothing wrong with software firewalls... by StupidKatz · · Score: 3, Informative

    [...] unless you can figure out a way to block ports on my modem.

    Done and done. Other types of "dial-up routers" exist, but this is the one I re-found first. Again, nothing wrong with software firewalls, as I like knowing when programs try to use the network, but they aren't a magic bullet.

  9. Re:Software firewalls?! by harrkev · · Score: 3, Informative

    You are picking nits...

    A NAT box does indeed protect from incoming connections (provided that you do not use DMZ and port forwarding). This may indeed be considered to be a side-effect, but that does not mean that it does not work. How well these routers work for gaming is another matter entirely. And as far as gaming goes, I am certainly not an expert as I am not into on-line games, but each game should specify which ports it uses so that you can open those ports in your NAT box. Having to use DMZ for a game is silly and dangerous.

    As what the GP post said is correct. Software firewalls offer outbound protections. You are right that their first purpose is to protect from inbound threats, but if you have a NAT, you have NO inbound threats (except perhaps for those ports used for games when your game software is not running). Filtering outbound connections is the only reason that I use a software firewall. In fact, my software firewall has NEVER had to block an incoming connection since I built my present computer over a year ago, thanks to my NAT box.

    --
    "-1 Troll" is the apparently the same as "-1 I disagree with you."