Looking inside ZoneAlarm's alert log file (C:\WINNT\Internet Logs\*.ldb) it appears that ZA's "suspicious behavior" alerts include an automatic download of "current" advisories from https://208.185.174.65:443, (which the user is then able to view by clicking the "more information" button). Either that, or they are collecting data on what types of alerts are triggering the "more information" requests from the overall user population. These connections to the ZoneAlarm servers appear to be intentionally hidden from view in ZoneAlarm's "Alerts & Logs", Program section -- although the original "suspicious behavior" is logged there, in plain sight.
Bill At 12:44 PM 1/17/2006, RichK wrote: > >HI All, > >Not long ago, I expressed my discomfort with AVG possibly sending data, even >when not asked to. In that case, I did not have it set correctly. So >perhaps it does not. Some jumped on me for "looking a gift horse in a >mouth". Now this story: > >Quotation from here on: > >A Perfect Spy? It seems that ZoneAlarm Security Suite has been phoning >home, even when told not to. Last fall, InfoWorld Senior Contributing >Editor James Borck discovered ZA 6.0 was surreptitiously sending >encrypted data back to four different servers, despite disabling all of >the suite's communications options. Zone Labs denied the flaw for nearly >two months, then eventually chalked it up to a "bug" in the software -- >even though instructions to contact the servers were set out in the >program's XML code. A company spokesmodel says a fix for the flaw will >be coming soon and worried users can get around the bug by modifying >their Host file settings. However, there's no truth to the rumor that >the NSA used ZoneAlarm to spy on U.S. citizens. > >More of this column at: >http://newsletter.infoworld.com/t?ctl=109EE0A:23E8CB0 > > > -- ---------------------------------------- The WIN-HOME mailing list is powered by L-Soft's renowned LISTSERV(R) list management software. For more information, go to: http://www.lsoft.com/LISTSERV-powered.html
