ZoneAlarm Employs Scare Tactics Against Its Users

snydeq writes "Check Point Software appears to be ripping a page from the 'scum it claims to fight,' running a scare-tactic warning dialog to frighten users into upgrading to a paid version of the company's ZoneAlarm firewall product. Preying on fears of ZeuS.Zbot, the Check Point warning dialog tells users their PCs 'may be in danger' without having found ZeuS.Zbot, nor having checked to see whether you're running an antivirus product. 'The program doesn't care if you're infected with ZeuS.Zbot, or if you have protection in place. It just wants to sell you an upgrade to the firewall that may or may not detect future ZeuS.Zbot variants' activities — some day.' Check Point's customers have inundated the ZoneAlarm forums with complaints."

ZoneAlarm still exists?

[Khyber]

I haven't used that piece of garbage software in about 5 years.

Re:ZoneAlarm still exists?

I haven't used it since XP SP2 included a firewall. Good riddance!

Re:ZoneAlarm still exists?

[Lumpy]

Yes; windows XP SP2 or higher, windows Vista, and Windows 7. All three have a firewall that is more than most users need.

IF you really need a "little snitch" type of app for windows, you need advanced software. 99% of all users do not need this kind of "firewall" and would be better off with the built in windows one.

Re:ZoneAlarm still exists?

[magnusrex1280]

Microsoft Security Essentials, hands-down. Faster and more efficient than all the others, and it's unobtrusive. And it's free.

Re:ZoneAlarm still exists?

[h4rr4r]

iptables.

Re:ZoneAlarm still exists?

[Thinboy00]

If a system is so borked you're mounting it via another computer, you might be better off just formatting and reinstalling.

Re:ZoneAlarm still exists?

[WaroDaBeast]

I think I used it until version 5.5, and stopped afterwards because subsequent versions would prevent explorer.exe to load at all. I had to kill the process for things to work properly. Gave whichever version was the latest a try when I got a new computer in '07 — same story. *shakes head*

Re:ZoneAlarm still exists?

[SenFo]

Combine the built in firewall with Microsoft Security Essentials and keep with Windows updates and you'll generally have a secure system.

Re:ZoneAlarm still exists?

[vegiVamp]

"Search and Destory", eh ? I guess Slashdot is running that, too.

Re:ZoneAlarm still exists?

[Jaseoldboss]

I came across a great illustration of why you need a good firewall that can be used to control outbound traffic the other day. I was installing CPUID and the installer tried to contact Ask.com before it had even asked me whether I wanted the Ask toolbar installed or not.

Windows firewall would have just let that through but I was using the Sphinx Software firewall app that configures Windows Firewall so that you can use it to stop unauthorised outbound traffic.

See ya ZA

[rbochan]

I used to recommend them to residential users. I will not ever again.

Re:See ya ZA

[Martin+Blank]

I stopped recommending ZA a few years back, when they had that stream of critical vulnerabilities. Only recently had I thought about adding them back into the recommendations list since I hadn't seen many major problems in a while. This knocks them back off the list for a couple more years at least.

Trusted

[Psychotria]

Well, they fooled me at first because I've had ZoneAlarm installed for ages and trusted it. After looking through my running processes, registry, etc, and doing a virus scan I suspected something was dodgy because there was no indication of this zeus trojan. It was then I found the big list of complaints on ZoneAlarm's forums. I was a bit annoyed that they wasted my time. Until yesterday when this showed up I had no reason no to trust what ZoneAlarm was telling me. Now, I am not so sure.

Re:Trusted

[Darkness404]

....Because many viruses will try to open up ports so they can send spam, etc.

ZoneAlarm was backdoored, right?

[equex]

I thought ZoneAlarm got outed for essentially being a backdoor some years ago ? I stopped using it then and never looked back.

Re:ZoneAlarm was backdoored, right?

[Caerdwyn]

CVE-2007-0069

CVE-2007-0069

CVE-2010-1893

Though the last one really doesn't count for ZoneAlarm's intended function, as it's a local privilege escalation.

Reference: http://cve.mitre.org/index.html
Search terms: Windows kernel tcp/ip

Re:ZoneAlarm was backdoored, right?

[Tanktalus]

Googling for "car colour theft", one of the top hits is an article suggesting painting your car pink. Not sure if the cure is worse than the disease, but that's your call to make for your own situation.

Backfire after management change

[flydpnkrtn]

As a poster indicates, ZA was bought out by CheckPoint a few months ago. This scare tactic will probably backfire on them...

Why in the hell did someone at CheckPoint say to themselves "Wait a second... Gestapo style marketing that looks like a phishing scam sounds like a great idea!"

Re:Backfire after management change

[jopsen]

This scare tactic will probably backfire on them...

Wouldn't that require that their customers knowns the difference between, the ZoneAlarm popup and one of the five other popups provided Symantec, AVG free and Avast... All of which are likely installed and peacefully generating popups at appropriate intervals...
- Seriously, how many tech savvy users runs Windows, sorry I mean... How many tech savvy users runs anti virus software... let alone ZoneAlarm... :)

Summary is correct

[cerberusss]

The summary is spot on. I haven't been a Windows user for a number of years, but a friend asked me to fix her malware problem and I reinstalled her Windows XP box. For the firewall, I remembered ZoneAlarm from a few years ago and installed it. After the first reboot, some stupid popup appeared, prompting me to "like" the software on Facebook. I'm like WTF? But still gave them the benefit of the doubt. Next reboot it comes up with the totally bogus popup that I may get infected with Zeus. I had to reread it twice to find out it really was an advertisement.

I downloaded Comodo, unplugged the network, uninstalled ZoneAlarm, installed Comodo and plugged back into the inter webs. Never looked back.

I probably will not buy any Check Point software for my business either.

Re:Summary is correct

[Blue+Stone]

Yeah, I ditched Zone Alarm for Comodo some time ago after ZA got bought out by Checkpoint. I think it was that the newer post-buy-out versions of the software kept re-ckecking the "automatic updates" option in the preferences and kept giving itself permission to access the internet, despite me explicitly blocking it. Several instances of this and I thought, 'crikey, the new owners are a bit dodgy' and jumped ship to Comodo.

Can't say I'm surprised to see them plumet down the 'sacrifice integrity to serve our bottom line' route. (That's also why I ditched AVG).

Whats ZoneAlarm?

[NevarMore]

Is it like a frontend for iptables?

Re:Whats ZoneAlarm?

[master0ne]

It used to be a sophisticated light weight feature rich firewall for windows.... it allowed rules and whatnot.... now... its a bloated flaming pile of sh*t sinking with a horrible company that deserves to be put out of business for its questionable marketing practices and horrible customer support.

Re:Whats ZoneAlarm?

[youn]

I thought it was more like a rear end as it's acting like an ass ;)

ZoneAlarm users get what they deserve

[realmolo]

Seriously. What morons are using ZoneAlarm? WHY would you use it, when Windows has had a better firewall since XP, and the Vista/Windows 7 firewall is even better than that?

ZoneAlarm has always been a piece-of-shit.

Re:ZoneAlarm users get what they deserve

[mysidia]

Try blocking outgoing connections with the XP firewall.

Try upgrading to Windows 7 and using Windows Advanced Firewall instead of a 12-year-old product ? :)

Worrying about blocking outgoing connections with ye' ol' windows XP firewall is kind of like worrying about duplex printing on a 80s/early 90s-era dot matrix printer <G>

Re:ZoneAlarm users get what they deserve

[JayGuerette]

WHY would you use it, when Windows has had a better firewall since XP, and the Vista/Windows 7 firewall is even better than that?

Why? Simple: because the Windows firewalls have a built-in white-list. That completely removes it from my consideration. I'd argue that 'firewall' is not even applicable to that service.

Re:ZoneAlarm users get what they deserve

[MMC+Monster]

Seriously. What morons are using ZoneAlarm?

You know that person you told to use Zone Alarm 8 years ago? He's been upgrading since then and telling all his friends that his computer expert friend told him Zone Alarm is great.

Sucks to be us.

Re:ZoneAlarm users get what they deserve

[mysidia]

Linux 2.2 wasn't released until 1999. 12 years ago, we were using a tool you probably never heard of called ipfwadm, and before that ipfw

Linux's firewalling capabilities have always been miles ahead of Windows' built-in firewall capabilities in terms of being functional, flexible, and easier to get to do what you want for the power user.

Windows, ZA, Comodo used to be ahead in terms of usability for the average user.

Linux firewalling capabilities improved a bit over time, they became more powerful and more user friendly (at least for the Linux admin), more capabilities were introduced in the form of modules.

However, Linux firewalling didn't change much --- it's pretty hard for something that is already nearly perfect to evolve.

On the other hand Windows had and still has a lot of ground to cover in regards to improving the firewall.

It is more cumbersome than ever to add firewall rules or exceptions to the Windows firewall. No simple text-based language. No built in rapid CLI-based addition method (have to resort to still a cumbersome GUI to do it).

ZA -- good but time passed it by

[mlts]

I remember ZA being decent, especially the registered version. However, there isn't a need for it anymore, just like there isn't a need for QEMM-like packages for new equipment. Windows 7 has a decent built in firewall to keep things out [1], and for antivirus protection, Microsoft Security Essentials is a download away and licensed at no charge.

[1]: If a compromised app is trying to phone home, the battle is lost when it comes to host security. So having a firewall popping up Allow/Deny dialogs is pointless on post-XP Windows versions because of the amount of false positives generated.

Anyone know a decent software "firewall"?

I used to use Kerio in the WinXP days, but it doesn't cooperate with Win7 x64.

Requirements:
1) Rule-based. I want to permit/deny network traffic to certain apps. 2) Option of "PermitTraffic/AllowTraffic" and "LogTraffic/IgnoreTraffic" as independent settings. (e.g., I want to allow logging of permitted applications' traffic, as well as denied apps' failed attempts, and after looking at the logs, decide whether or not I want to bother logging it.)
3) Accurately figure out which app is actually responsible for denied traffic. (Looking at you, PrivateFirewall 7.0, which never actually says that it's the Windows Update client that's legitimately trying to access some random Akamaized download site.)

I tried the built-in Windows firewall, but it was difficult/cumbersome to set up in default-deny mode, and when I did, I couldn't easily find out which app was causing the denied traffic. (e.g. is it some game that phones home on the first attempt to register/activate, or is it some bullshit Games For Windows Live client that has no need to be used in a single-player game?)

Thanks to PrefBar for one-click Javashit and Flash toggling, a non-Adobe PDF reader, an ad-blocking local proxy, and the equivalent of a decent-sized ad-blocking HOSTS file implemented in the external router, I've never actually been hit with malware, so I'm more interested in monitoring unsolicited outbound traffic than worrying about inbound traffic. Likewise, I'm more interested in legitimate apps rather than malware that could trivially disable the software "firewall". Given that sort of environment, what's the current best practice for software "firewalls"?

Re:Anyone know a decent software "firewall"?

[mlts]

That is exactly how to do security these days. Running a capable browser with Adblock, Foxit for PDF reading, keep add-ons like Quicktime and Flash updated if one uses them. Just Adblock alone gets rid of the dodgy ad sites, some of which allow third party advertisers to try to use bugs in add-ons as a vector for compromise.

Hardware firewall first to protect machines from incoming network attacks. Second are filtering the ad sites which will happily slap drive-by malware on people's machines. Third, filtering out JS and other add-ons unless the user wants to see them.

Finally, fourth is a program like Microsoft Security Essentials that is licensed at no charge and does not nag. This all assumes the user is clued enough to not be affected by the Dancing Bunnies security hole too.

Re:Inundated?

[flydpnkrtn]

There are posts that reference other threads where this was "already posted," but clicking those links leads you to a vBulletin "No thread specified" page. Presumably ZA has been deleting threads....

See http://forums.zonealarm.com/showpost.php?p=283423 and http://forums.zonealarm.com/showpost.php?p=283420 for example posts... both those posts reference a nonexistent thread.

Damage control maybe?

Zounds! ZoneAlarm zealous about Zeus.Zbot?

[Culture20]

Whatever happened to alliteration in article titles?

I stopped using that crap...

[TavisJohn]

When they basically refused to support Windows 7. I have sense replace the firewall on ALL my machines (including my XP machines) with PC Tools Firewall Plus. It is free, and provides better protection than Zone Alarm.

Re:Inundated?

[lgftsa]

They're also editing people's posts under their "terms of use" policy. Mostly it's removing the names of other firewall products, but there's a couple by the main editor "GeorgeV" with no indication of why the edit was made or any placemarker to show where it was made.

Ah, and there's also some posts which have entirely disappeared. Since the unique post ID is common to the entire forum it's hard to detect, and the #x post counter on the right is dynamically generated when the thread is displayed. I did see one post disappear, and then the user re-posted. Here's the details of the new post, which I expect to disappear as well.

http://forums.zonealarm.com/showpost.php?p=283543&postcount=40

Unread Today, 01:24 PM
MajorSanchez MajorSanchez is online now
Junior Member

Join Date: Sep 2010
Posts: 1
Default Re: zbot.zeus Notice
Trolling? Barely. Check Point software needs the wrath of the internet unleashed upon them to make them realize their mistakes.

[redacted] attacks make ZoneAlarm.com go down.

[redacted]

et cetera.
Reply With Quote

Attack command redacted because I'm nice

Whoops, that post's gone, too.

Way to go Checkpoint, with one twitch of your marketing neuron you've alienated your loyal users and enraged the script kiddies.

List of free Windows firewalls

[Aryeh+Goretsky]

Hello,

Below is a list of free application software firewalls I put together a while ago. Not sure if they are all current, and I am probably missing quite a few, but it is a starting point.

Firewalls
Active Network - Active Wall Free Edition
Agnitum - Outpost Firewall Free
AS3 Soft4U - AS3 Personal Firewall
Ashampoo - Ashampoo Firewall Free
Comodo Group - Comodo Firewall (now a part of Comodo Internet Security)
FilSecLab - Filseclab Personal Firewall Professional Edition
Group 4 Business Intelligence - IDNWebShield (main web site down when last checked)
NetVeda - NetVeda SafetyNet
PC Tools - PC Tools Firewall Plus Free Edition
PrivacyWare - Privatefirewall
SecurePoint - Securepoint Personal Firewall & VPN Client - (discontinued?)
SoftPerfect - SoftPerfect Personal Firewall
Tall Emu - Online Armor Free - (acquired by EmsiSoft?)
WIPFW Project - WIPFW - (port of BSD IPFW)

Firewall Managers
GT Delphi Components - Windows Firewall Ports & Applications Manager (WFWPAM)
Sheesley, Eric - XPFiremon

Hopefully, this is of help.

Regards,

Aryeh Goretsky