The ZoneAlarm people have always given assurances that even though
the icon for ZoneAlarm take a while to show up on the monitor, the
firewall itself is running and working immediately to block any
Internet traffic to or from your computer.
Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
Free 6.1.737. AVG can phone home from my computer at boot-up, and
download its anti-virus update *before* ZoneAlarm starts.
There's no doubt about this. I do not have any permissions in
ZoneAlarm to allow AVG access, and no warning popped up in
ZoneAlarm telling me that AVG wanted to access the Internet.
I disabled the AVG update service, so AVG won't be automatically
connecting anymore, but if AVG can do it, so can any other
program. Which makes ZoneAlarm more or less worthless.
on 8/9/2006 2:03 PM Al Smith said the following:
> The ZoneAlarm people have always given assurances that even though the
> icon for ZoneAlarm take a while to show up on the monitor, the firewall
> itself is running and working immediately to block any Internet traffic
> to or from your computer.
>
> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free
> 6.1.737. AVG can phone home from my computer at boot-up, and download
> its anti-virus update *before* ZoneAlarm starts.
>
> There's no doubt about this. I do not have any permissions in ZoneAlarm
> to allow AVG access, and no warning popped up in ZoneAlarm telling me
> that AVG wanted to access the Internet.
>
> I disabled the AVG update service, so AVG won't be automatically
> connecting anymore, but if AVG can do it, so can any other program.
> Which makes ZoneAlarm more or less worthless.
Which raises the question, can't you control this by changing the load
order? Personally, I think I'd rather have my AV software load first so
it can take a look at anything else that loads. I use Kaspersky, i can
imagine a malware that loads B4 KAV, and hides itself from KAV. But KAV
can handle it if you can reverse the order.
Anyone know how to do this and if it is desirable?
>> The ZoneAlarm people have always given assurances that even though the icon for ZoneAlarm take a while to show up on the monitor, the firewall itself is running and working immediately to block any Internet traffic to or from your computer.
>>
>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free 6.1.737. AVG can phone home from my computer at boot-up, and download its anti-virus update *before* ZoneAlarm starts.
>>
>> There's no doubt about this. I do not have any permissions in ZoneAlarm to allow AVG access, and no warning popped up in ZoneAlarm telling me that AVG wanted to access the Internet.
>>
>> I disabled the AVG update service, so AVG won't be automatically connecting anymore, but if AVG can do it, so can any other program. Which makes ZoneAlarm more or less worthless.
>
>
> Which raises the question, can't you control this by changing the load order? Personally, I think I'd rather have my AV software load first so it can take a look at anything else that loads. I use Kaspersky, i can imagine a malware that loads B4 KAV, and hides itself from KAV. But KAV can handle it if you can reverse the order.
>
> Anyone know how to do this and if it is desirable?
Seems to me that the firewall should load first when you have an
always-on Internet connection. It's worrying, only because if AVG
can load before ZA, probably anything else can also. Major point I
wanted to make is that when ZoneAlarm tells you that the firewall
loads first, even though the icon may not be up on the screen,
they are lying through their teeth.
on 8/9/2006 4:04 PM Al Smith said the following:
>>> The ZoneAlarm people have always given assurances that even though
>>> the icon for ZoneAlarm take a while to show up on the monitor, the
>>> firewall itself is running and working immediately to block any
>>> Internet traffic to or from your computer.
>>>
>>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free
>>> 6.1.737. AVG can phone home from my computer at boot-up, and download
>>> its anti-virus update *before* ZoneAlarm starts.
>>>
>>> There's no doubt about this. I do not have any permissions in
>>> ZoneAlarm to allow AVG access, and no warning popped up in ZoneAlarm
>>> telling me that AVG wanted to access the Internet.
>>>
>>> I disabled the AVG update service, so AVG won't be automatically
>>> connecting anymore, but if AVG can do it, so can any other program.
>>> Which makes ZoneAlarm more or less worthless.
>>
>>
>> Which raises the question, can't you control this by changing the load
>> order? Personally, I think I'd rather have my AV software load first
>> so it can take a look at anything else that loads. I use Kaspersky, i
>> can imagine a malware that loads B4 KAV, and hides itself from KAV.
>> But KAV can handle it if you can reverse the order.
>>
>> Anyone know how to do this and if it is desirable?
>
>
> Seems to me that the firewall should load first when you have an
> always-on Internet connection. It's worrying, only because if AVG can
> load before ZA, probably anything else can also. Major point I wanted to
> make is that when ZoneAlarm tells you that the firewall loads first,
> even though the icon may not be up on the screen, they are lying through
> their teeth.
Oh, I got that. And I see your point about the FW first. Basically I
see both AV and FW as basic level services and IMHO the only things that
should load before either are the services that are essential to getting
the FW and AV to function.
In the specific case of ZA, maybe they aren't "lying" per se, just
wrong. Suppose their installer is designed to have the FW load first,
and as far as they know, it works. But AVG is designed to do the same
thing (since the AVG coders think the order should be AV then FW) and
their software "won" the load first battle.
Shouldn't the user be able to control this behavior? Gee, I'm back to
my original question. Buhler? . . . Buhler? . . . Anyone? . . . Anyone?
On Wed, 09 Aug 2006 23:04:14 GMT, Al Smith <invalid@address.com>
wrote:
>>> The ZoneAlarm people have always given assurances that even though the icon for ZoneAlarm take a while to show up on the monitor, the firewall itself is running and working immediately to block any Internet traffic to or from your computer.
>>>
>>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free 6.1.737. AVG can phone home from my computer at boot-up, and download its anti-virus update *before* ZoneAlarm starts.
>>>
>>> There's no doubt about this. I do not have any permissions in ZoneAlarm to allow AVG access, and no warning popped up in ZoneAlarm telling me that AVG wanted to access the Internet.
>>>
>>> I disabled the AVG update service, so AVG won't be automatically connecting anymore, but if AVG can do it, so can any other program. Which makes ZoneAlarm more or less worthless.
>>
>>
>> Which raises the question, can't you control this by changing the load order? Personally, I think I'd rather have my AV software load first so it can take a look at anything else that loads. I use Kaspersky, i can imagine a malware that loads B4 KAV, and hides itself from KAV. But KAV can handle it if you can reverse the order.
>>
>> Anyone know how to do this and if it is desirable?
>
>
>Seems to me that the firewall should load first when you have an
>always-on Internet connection. It's worrying, only because if AVG
>can load before ZA, probably anything else can also.
AFAIK, the only firewall that does that truly reliably is the build-in
windows firewall (XXP SP2) since it is an integral part of the OS.
It has a special (non-configurable) boot-time filter allowing only
initial network traffic (DNS, DHCP etc.) until machine is running and
firewall is in place. That's when the "normal" filtering rules take
effect.
>Major point I wanted to make is that when ZoneAlarm tells you that
>the firewall loads first, even though the icon may not be up on the screen,
>they are lying through their teeth.
On Wed, 09 Aug 2006 21:03:10 GMT, Al Smith <invalid@address.com>
wrote:
>The ZoneAlarm people have always given assurances that even though
>the icon for ZoneAlarm take a while to show up on the monitor, the
>firewall itself is running and working immediately to block any
>Internet traffic to or from your computer.
>
>Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
>Free 6.1.737. AVG can phone home from my computer at boot-up, and
>download its anti-virus update *before* ZoneAlarm starts.
I don't see what you mean. I'm using ZA 6.1.744.001 and AVG doesn't
update without ZA asking for permission. I deleted the AVG Update
download entry from ZA's program list, and it ask for permission on
the next update. It seems to be working as I expect it to for me. :/
--
Zilbandy - Tucson, Arizona USA <zil@zilbandyREMOVETHIS.com>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>>Seems to me that the firewall should load first when you have an
>>>always-on Internet connection. It's worrying, only because if AVG
>>>can load before ZA, probably anything else can also.
>
>
> AFAIK, the only firewall that does that truly reliably is the build-in
> windows firewall (XXP SP2) since it is an integral part of the OS.
> It has a special (non-configurable) boot-time filter allowing only
> initial network traffic (DNS, DHCP etc.) until machine is running and
> firewall is in place. That's when the "normal" filtering rules take
> effect.
>
I'd be tempted to run the Windows firewall in combination with
ZoneAlarm, except that ZoneAlarm wants to deactivate the Windows
firewall when it runs (probably for good reasons -- conflicts).
I'm not sure if I can turn the Windows firewall on in any case
with ZoneAlarm running, but I guess I can try.
>>Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
>>>Free 6.1.737. AVG can phone home from my computer at boot-up, and
>>>download its anti-virus update *before* ZoneAlarm starts.
>
>
> I don't see what you mean. I'm using ZA 6.1.744.001 and AVG doesn't
> update without ZA asking for permission. I deleted the AVG Update
> download entry from ZA's program list, and it ask for permission on
> the next update. It seems to be working as I expect it to for me. :/
Sure it asks for permission -- if ZoneAlarm is running. Maybe on
your machine, ZoneAlarm starts before AVG. On my machine, AVG
starts first.
On Wed, 09 Aug 2006 14:42:00 -0700, John Hyde <EJhyd@netscape.net>
wrote:
>on 8/9/2006 2:03 PM Al Smith said the following:
>> The ZoneAlarm people have always given assurances that even though the
>> icon for ZoneAlarm take a while to show up on the monitor, the firewall
>> itself is running and working immediately to block any Internet traffic
>> to or from your computer.
>>
>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free
>> 6.1.737. AVG can phone home from my computer at boot-up, and download
>> its anti-virus update *before* ZoneAlarm starts.
>>
>> There's no doubt about this. I do not have any permissions in ZoneAlarm
>> to allow AVG access, and no warning popped up in ZoneAlarm telling me
>> that AVG wanted to access the Internet.
>>
>> I disabled the AVG update service, so AVG won't be automatically
>> connecting anymore, but if AVG can do it, so can any other program.
>> Which makes ZoneAlarm more or less worthless.
>
>Which raises the question, can't you control this by changing the load
>order?
Why should he? - ZoneLabs claim all their products provide boot-time
protection. I qoute:
"In addition, security has been further hardened across the entire
ZoneAlarm product line with the addition of "boot-time protection,"
which begins protecting the PC before network drivers are loaded. This
extra layer protects the PC at the earliest possible opportunity, thus
providing no window of opportunity for malicious programs to
communicate." - pasted from http://download.zonelabs.com/bin/fre...pr_zass50.html
So of course it should work, or otherwise we will just start to
believe they are lying.
On Thu, 10 Aug 2006 18:50:40 GMT, Al Smith <invalid@address.com>
wrote:
>>>Seems to me that the firewall should load first when you have an
>>>>always-on Internet connection. It's worrying, only because if AVG
>>>>can load before ZA, probably anything else can also.
>>
>>
>> AFAIK, the only firewall that does that truly reliably is the build-in
>> windows firewall (XXP SP2) since it is an integral part of the OS.
>> It has a special (non-configurable) boot-time filter allowing only
>> initial network traffic (DNS, DHCP etc.) until machine is running and
>> firewall is in place. That's when the "normal" filtering rules take
>> effect.
>>
>
>I'd be tempted to run the Windows firewall in combination with
>ZoneAlarm, except that ZoneAlarm wants to deactivate the Windows
>firewall when it runs (probably for good reasons -- conflicts).
>I'm not sure if I can turn the Windows firewall on in any case
>with ZoneAlarm running, but I guess I can try.
In article <ifLCg.1585$395.1452@edtnps90>, invalid@address.com says...
> >>Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
> >>>Free 6.1.737. AVG can phone home from my computer at boot-up, and
> >>>download its anti-virus update *before* ZoneAlarm starts.
> >
> >
> > I don't see what you mean. I'm using ZA 6.1.744.001 and AVG doesn't
> > update without ZA asking for permission. I deleted the AVG Update
> > download entry from ZA's program list, and it ask for permission on
> > the next update. It seems to be working as I expect it to for me. :/
>
>
> Sure it asks for permission -- if ZoneAlarm is running. Maybe on
> your machine, ZoneAlarm starts before AVG. On my machine, AVG
> starts first.
>
They both run as a service and start up before other apps. It's highly
doubtful that AVG has time to do an entire update prior to the ZA
service loading, so I'd say there is something hosed somewhere in your
setup there. Perhaps the True Vector service isn't even loading at all?
Sounds very fishy...
> "In addition, security has been further hardened across the entire
> ZoneAlarm product line with the addition of "boot-time protection,"
> which begins protecting the PC before network drivers are loaded. This
> extra layer protects the PC at the earliest possible opportunity, thus
> providing no window of opportunity for malicious programs to
> communicate." - pasted from
> http://download.zonelabs.com/bin/fre...pr_zass50.html
>
> So of course it should work, or otherwise we will just start to
> believe they are lying.
They are lying, believe it. The update of AVG that occurred the
last time only took about two seconds, but it happened, and no
alert from ZoneAlarm. I got the AVG screen saying the update had
completed successfully.
>>>>Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
>>>>
>>>>>> >>>Free 6.1.737. AVG can phone home from my computer at boot-up, and
>>>>>> >>>download its anti-virus update *before* ZoneAlarm starts.
>>>
>>>> >
>>>> >
>>>> > I don't see what you mean. I'm using ZA 6.1.744.001 and AVG doesn't
>>>> > update without ZA asking for permission. I deleted the AVG Update
>>>> > download entry from ZA's program list, and it ask for permission on
>>>> > the next update. It seems to be working as I expect it to for me. :/
>>
>>>
>>>
>>> Sure it asks for permission -- if ZoneAlarm is running. Maybe on
>>> your machine, ZoneAlarm starts before AVG. On my machine, AVG
>>> starts first.
>>>
>
>
> They both run as a service and start up before other apps. It's highly
> doubtful that AVG has time to do an entire update prior to the ZA
> service loading, so I'd say there is something hosed somewhere in your
> setup there. Perhaps the True Vector service isn't even loading at all?
> Sounds very fishy...
>
> --
I'm going to try updating to the latest version of ZoneAlarm.
Maybe the fresh install will reposition the firewall so that it
loads first, before AVG. Worth a try at least.
>>>>Seems to me that the firewall should load first when you have an
>>>>
>>>>>>>>>always-on Internet connection. It's worrying, only because if AVG
>>>>>>>>>can load before ZA, probably anything else can also.
>>>
>>>>>
>>>>>
>>>>> AFAIK, the only firewall that does that truly reliably is the build-in
>>>>> windows firewall (XXP SP2) since it is an integral part of the OS.
>>>>> It has a special (non-configurable) boot-time filter allowing only
>>>>> initial network traffic (DNS, DHCP etc.) until machine is running and
>>>>> firewall is in place. That's when the "normal" filtering rules take
>>>>> effect.
>>>>>
>>
>>>
>>>I'd be tempted to run the Windows firewall in combination with
>>>ZoneAlarm, except that ZoneAlarm wants to deactivate the Windows
>>>firewall when it runs (probably for good reasons -- conflicts).
>>>I'm not sure if I can turn the Windows firewall on in any case
>>>with ZoneAlarm running, but I guess I can try.
>
>
> Maybe you should just get rid of ZoneAlarm.
>
> What version of ZA? Free or Pro?
>
> What do you expect ZoneAlarm to do for you?
I'm presently using version 6.1.737 of ZA Free. I like the gui of
ZoneAlarm better than any other firewall I've tried, and I've
tried a few. I also like the animated ZA icon which shows incoming
and outgoing network traffic.
What I expect ZoneAlarm to do is was it says it will do -- prevent
any programs on my machine from phoning home without my permission.
On Fri, 11 Aug 2006 08:33:35 GMT, Al Smith <invalid@address.com>
wrote:
<snip>
>I'm presently using version 6.1.737 of ZA Free. I like the gui of
>ZoneAlarm better than any other firewall I've tried, and I've
>tried a few.
>I also like the animated ZA icon which shows incoming
>and outgoing network traffic.
Please don't make that a justification for using ZoneAlarm :-)
>What I expect ZoneAlarm to do is was it says it will do -- prevent
>any programs on my machine from phoning home without my permission.
Well, in that case I am sorry I will have to disappoint you. It
does'nt. To be very polite, the free version leaks like a sieve. My
own leaktests (and I did some of those, once again, on the latest
version of ZA free just a few days ago) confirm that. And http://www.firewallleaktester.com/tests_overview.php (press the "view
results" button at the bottom) confirms it.
Even ZoneLabs themselves confirm that the free version cannot cope
with clever malware techniques. And they don't intend to fix it
either. Those methods are (funny enough) only beaten by a new
"groundbreaking" technique called "OSFirewall" in their pro version.
Well, that's yet another new word that does'nt even exist, though. It
seems like ZoneLabs made that up in order to add another smart-looking
buzzword to their web-site.
>>I'm presently using version 6.1.737 of ZA Free. I like the gui of
>>>ZoneAlarm better than any other firewall I've tried, and I've
>>>tried a few.
>
>
>>>I also like the animated ZA icon which shows incoming
>>>and outgoing network traffic.
>
>
> Please don't make that a justification for using ZoneAlarm :-)
>
Hey, it's a nice animated icon. :-)
>
>>>What I expect ZoneAlarm to do is was it says it will do -- prevent
>>>any programs on my machine from phoning home without my permission.
>
>
> Well, in that case I am sorry I will have to disappoint you. It
> does'nt. To be very polite, the free version leaks like a sieve. My
> own leaktests (and I did some of those, once again, on the latest
> version of ZA free just a few days ago) confirm that. And
> http://www.firewallleaktester.com/tests_overview.php (press the "view
> results" button at the bottom) confirms it.
>
> Even ZoneLabs themselves confirm that the free version cannot cope
> with clever malware techniques. And they don't intend to fix it
> either. Those methods are (funny enough) only beaten by a new
> "groundbreaking" technique called "OSFirewall" in their pro version.
> Well, that's yet another new word that does'nt even exist, though. It
> seems like ZoneLabs made that up in order to add another smart-looking
> buzzword to their web-site.
I just tried updating ZoneAlarm to the latest version. AVG still
updated itself at bootup as if ZoneAlarm wasn't even there --
because it wasn't, not having started yet. I stopped the antivirus
update in the middle myself, and the damn thing buggered up on me,
and later refused to finish the update, so I'm probably going to
go back to Avast, which I've generally found to be less trouble.
I'm looking for a simple free firewall to replace ZoneAlarm. I
don't want anything that's going to be so puzzling I won't know if
I'm wide open, but I want one that gives me full stealth (which
seems to me a minimum requirement in a firewall).
I tried Safety.Net 3.61, and it seemed to work fine, but gave a
puzzling result. Each time I'd boot, explorer.exe would install
itself in the list of approved programs, with checks beside both
local and internet. If I blocked it, the next boot would unblock
it again. I didn't know if this was a fault in the firewall, or
just something normal that I didn't understand. I did check on the
location of explorer.exe, and it was starting from the right
place, C:\Windows, so this suggests that it wasn't a trojan, but I
didn't understand the behavior. Maybe this wasn't showing up in
ZoneAlarm because ZoneAlarm wasn't even running that early in the
boot process?
I'm thinking I may try Sygate again. Any suggests for a free firewall?
> > "In addition, security has been further hardened across the entire
> > ZoneAlarm product line with the addition of "boot-time protection,"
> > which begins protecting the PC before network drivers are loaded. This
> > extra layer protects the PC at the earliest possible opportunity, thus
> > providing no window of opportunity for malicious programs to
> > communicate." - pasted from
> > http://download.zonelabs.com/bin/fre...pr_zass50.html
> >
> > So of course it should work, or otherwise we will just start to
> > believe they are lying.
>
> They are lying, believe it. The update of AVG that occurred the
> last time only took about two seconds, but it happened, and no
> alert from ZoneAlarm. I got the AVG screen saying the update had
> completed successfully.
Getting a splash screen telling you something completed isn't proof
positive it completed at that exact moment in time. Windows itself
gives you a considerable number of "finished updating" style messages
after reboots, starting with it's installation. <grin> You could
very likely be seeing a notification that updates downloaded prior to
your last shutdown have finished loading or have been installed.
The only way you could be sure is to sniff the wire and examine traffic
directly. If an actual connection is being made to AVG before ZA loads
then there's a real problem as far as I'm concerned. Your firewall
rules should load and be applied BEFORE networking services/interfaces
are even started or activated. It shouldn't even be possible to make a
connection without being subject to those rules, or ZA or Windoze is
severely broken. :(
> Ok, I agree. They say that their product loads first and it doesn't.
You can't know that from the given information. A splash screen doesn't
mean a thing, Windows itself tells you updates have been completed
after a reboot all the time when the actual update is done BEFORE any
restart.
I find it almost unimaginable that ZA would fail at something so basic
and essential to firewall operation. As cruddy and misbehaved as I
think ZA is, I just can't come to terms with something so obviously
FUBAR from a firewall that's notorious for being over invasive. ;)
> >What I expect ZoneAlarm to do is was it says it will do -- prevent
> >any programs on my machine from phoning home without my permission.
>
> Well, in that case I am sorry I will have to disappoint you. It
> does'nt. To be very polite, the free version leaks like a sieve. My
> own leaktests (and I did some of those, once again, on the latest
None of your "leak tests" have anything at all to do with ZA not
loading before networking and allowing AVG to make unwanted connections.
>>They are lying, believe it. The update of AVG that occurred the
>>> last time only took about two seconds, but it happened, and no
>>> alert from ZoneAlarm. I got the AVG screen saying the update had
>>> completed successfully.
>
>
> Getting a splash screen telling you something completed isn't proof
> positive it completed at that exact moment in time. Windows itself
> gives you a considerable number of "finished updating" style messages
> after reboots, starting with it's installation. <grin> You could
> very likely be seeing a notification that updates downloaded prior to
> your last shutdown have finished loading or have been installed.
>
> The only way you could be sure is to sniff the wire and examine traffic
> directly. If an actual connection is being made to AVG before ZA loads
> then there's a real problem as far as I'm concerned. Your firewall
> rules should load and be applied BEFORE networking services/interfaces
> are even started or activated. It shouldn't even be possible to make a
> connection without being subject to those rules, or ZA or Windoze is
> severely broken. :(
>
Before I got a splash screen telling me the download of the update
was complete, I'd get a splash screen showing the progress of the
download. It was very quick, only a second or so. I've got a
fairly fast connection. The AVG update was downloading and
installing itself before the ZoneAlarm icon came up. And obvious,
before ZoneAlarm started to work, since there was no permission
given for the AVG update.
Anyway, I've moved on. I can't be bothered trying to fight with
ZoneAlarm to get it to do what it should be doing in the first
place. I'm not going to send in an e-mail to the ZoneAlarm people
-- they know damned well what their software does, and how it
behaves at boot.
The main reason I wrote here is to advise anyone else using
ZoneAlarm that it is insecure. Forget about what it tells you at
Shields Up or on the Sygate firewall test site -- it leaves your
computer wide open for twenty seconds (or whatever -- probably
varies from computer to computer) every time you boot up. That is
dangerous. It is enough time for a trojan to phone home and
download an update or other malicious code.
>>Ok, I agree. They say that their product loads first and it doesn't.
>
>
> You can't know that from the given information. A splash screen doesn't
> mean a thing, Windows itself tells you updates have been completed
> after a reboot all the time when the actual update is done BEFORE any
> restart.
>
> I find it almost unimaginable that ZA would fail at something so basic
> and essential to firewall operation. As cruddy and misbehaved as I
> think ZA is, I just can't come to terms with something so obviously
> FUBAR from a firewall that's notorious for being over invasive. ;)
>
Sorry to disappoint you about ZoneAlarm. The claim by the ZA
people that it protects from the get-go, even if the ZA icon isn't
on the screen, is bullshit. AVG did a complete update on several
occasions at boot. I watched it. I watched the progress screen of
the download, and got an "update completed" splash after it. After
that, I switched to Comodo. Nobody should be using ZoneAlarm Free.
It is unsafe.
>>>What I expect ZoneAlarm to do is was it says it will do -- prevent
>>>> >any programs on my machine from phoning home without my permission.
>>
>>>
>>> Well, in that case I am sorry I will have to disappoint you. It
>>> does'nt. To be very polite, the free version leaks like a sieve. My
>>> own leaktests (and I did some of those, once again, on the latest
>
>
> None of your "leak tests" have anything at all to do with ZA not
> loading before networking and allowing AVG to make unwanted connections.
>
That's right. Once my ZoneAlarm actually got itself loaded up, it
worked fine. It blocked the AVG update without a problem. The
trouble was, there was a window of time between my computer
working connected to the Internet via cable modem, and my
ZoneAlarm client protecting my computer.
If my ZoneAlarm had been completely buggered, it would not have
worked to block the update after ZA was fully loaded. I have no
problem with how well ZA works once it is loaded -- it is this
window of opportunity that makes it unsafe.
On Tue, 15 Aug 2006 10:40:14 -0600 (MDT), Borked Pseudo Mailed
<nobody@pseudo.borked.net> wrote:
>B. Nice wrote:
>
>> >What I expect ZoneAlarm to do is was it says it will do -- prevent
>> >any programs on my machine from phoning home without my permission.
>>
>> Well, in that case I am sorry I will have to disappoint you. It
>> does'nt. To be very polite, the free version leaks like a sieve. My
>> own leaktests (and I did some of those, once again, on the latest
>
>None of your "leak tests" have anything at all to do with ZA not
>loading before networking and allowing AVG to make unwanted connections.
> > The only way you could be sure is to sniff the wire and examine traffic
> > directly. If an actual connection is being made to AVG before ZA loads
> > then there's a real problem as far as I'm concerned. Your firewall
> > rules should load and be applied BEFORE networking services/interfaces
> > are even started or activated. It shouldn't even be possible to make a
> > connection without being subject to those rules, or ZA or Windoze is
> > severely broken. :(
> >
>
> Before I got a splash screen telling me the download of the update
> was complete, I'd get a splash screen showing the progress of the
> download. It was very quick, only a second or so. I've got a
This suggests, to me anyway, that the download had already been
performed. It's typical behavior when a file is re-downloaded using a
protocol that allows resuming of aborted downloads like FTP. Transfer
speeds will always show ridiculously fast throughput and progress bars
will blaze by because the file is already there.
This sounds more and more like something went awry with a data file
update or the like, AVG is trying to complete it and finds the update
file already stored locally.
> fairly fast connection.
I have the fastest my ISP allows short of a commercial account. If I do
something silly like test my connection speed by trying to download a
test file that already exists I can download a 100 Meg file in a half
an eye blink or so. ;-)
> The AVG update was downloading and
> installing itself before the ZoneAlarm icon came up. And obvious,
I highly doubt it. I firmly believe there's some other cause for what
you're seeing. If you sucessfully delete the downloaded update data and
retry I'd bet dollars to doughnuts things would look a lot different.
Most likely AVG would "stall" until ZA loads. Maybe an error, but I
doubt it. Timeouts are generally set insanely high for such things due
to server loads.
> before ZoneAlarm started to work, since there was no permission
> given for the AVG update.
>
> Anyway, I've moved on. I can't be bothered trying to fight with
> ZoneAlarm to get it to do what it should be doing in the first
Doesn't break my heart at all. I've been a long time opponent of ZA.
Mostly from the experience I acquired trying to work past or through
it's peculiar way of trying to get its fingers into everything. Which is
one of the reasons I say you're mistaken about what's happening. I
know from uncounted exposures to the beast that it's not going to let
something like this get by.
> place. I'm not going to send in an e-mail to the ZoneAlarm people
> -- they know damned well what their software does, and how it
> behaves at boot.
>
> The main reason I wrote here is to advise anyone else using
> ZoneAlarm that it is insecure. Forget about what it tells you at
I have a bit of a problem with that because I believe it's incorrect
advice. Again, the only way to be absolutely positive ZA is mishandling
it's own loading and such is to sniff the wire and verify that a
download is actually taking place. Everything you've said here
contradicts that assertion.
> Shields Up or on the Sygate firewall test site -- it leaves your
> computer wide open for twenty seconds (or whatever -- probably
> varies from computer to computer) every time you boot up. That is
> dangerous. It is enough time for a trojan to phone home and
> download an update or other malicious code.
So unlikely it borders on the impossible. I can't totally discount the
possibility that a reputable software vendor would make such an obvious
blunder, but I find the odds against it staggering. I'm convinced
you're making false accusations based on conclusions you've drawn with
only cursory observations and no real research or credible evidence.
Even though I don't care for ZA personally I think it's wrong to do
that. :(
> >>>What I expect ZoneAlarm to do is was it says it will do -- prevent
> >>>> >any programs on my machine from phoning home without my permission.
> >>
> >>>
> >>> Well, in that case I am sorry I will have to disappoint you. It
> >>> does'nt. To be very polite, the free version leaks like a sieve. My
> >>> own leaktests (and I did some of those, once again, on the latest
> >
> >
> > None of your "leak tests" have anything at all to do with ZA not
> > loading before networking and allowing AVG to make unwanted connections.
> >
>
> That's right. Once my ZoneAlarm actually got itself loaded up, it
> worked fine. It blocked the AVG update without a problem. The
> trouble was, there was a window of time between my computer
> working connected to the Internet via cable modem, and my
> ZoneAlarm client protecting my computer.
No there isn't. You're either clueless about what you're doing in which
case you have no business testing anything or advising anyone, or you're
lying for some reason and have no business testing anything or advising
anyone. You have absolutely no idea what ZA and AVG are really doing
because you're doing nothing but watching the digital age version
of an idiot light.
They don't call them idiot lights for nothing guy.....
> On Tue, 15 Aug 2006 10:40:14 -0600 (MDT), Borked Pseudo Mailed
> <nobody@pseudo.borked.net> wrote:
>
> >B. Nice wrote:
> >
> >> >What I expect ZoneAlarm to do is was it says it will do -- prevent
> >> >any programs on my machine from phoning home without my permission.
> >>
> >> Well, in that case I am sorry I will have to disappoint you. It
> >> does'nt. To be very polite, the free version leaks like a sieve. My
> >> own leaktests (and I did some of those, once again, on the latest
> >
> >None of your "leak tests" have anything at all to do with ZA not
> >loading before networking and allowing AVG to make unwanted connections.
>
> Nobody said so. Your point is?
That said "leak tests" are irrelevant, conducted by an amateur, and
misleading in this context regardless.
>>Shields Up or on the Sygate firewall test site -- it leaves your
>>> computer wide open for twenty seconds (or whatever -- probably
>>> varies from computer to computer) every time you boot up. That is
>>> dangerous. It is enough time for a trojan to phone home and
>>> download an update or other malicious code.
>
>
> So unlikely it borders on the impossible. I can't totally discount the
> possibility that a reputable software vendor would make such an obvious
> blunder, but I find the odds against it staggering. I'm convinced
> you're making false accusations based on conclusions you've drawn with
> only cursory observations and no real research or credible evidence.
> Even though I don't care for ZA personally I think it's wrong to do
> that. :(
>
Fine. I'm through on this subject. I've told people what happened.
If they don't want to believe it, there's not much I can do.
ZoneAlarm not blocking AVG auto update 
Linear Mode
