| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Sat Jan 28 11:52:57 2006 From: security at zonelabs.com (Zone Labs Security Team) Subject: Re: ZoneAlarm phones home Fellow Full-disclosure readers: Zone Labs would like to clarify what's actually going on with communication to the Zone Labs servers. Please note, as with other security software, if you disable this communication, you will not get antivirus/antispyware signature updates, product updates, etc. There is a work-around to disable all communications to the Zone Labs servers -- along with other details included below if you are sure you want to disable the communications. [This is the press statement, but it includes information relevant to FD readers] A recent report in Infoworld included information that may be misleading, and we would like to assure all of our customers that the integrity of our security solutions and the privacy of our users are not only intact but of the utmost importance to us. To clarify, in order to ensure that users have up-to-date protection, the ZoneAlarm product family relies not only on powerful desktop technology but also a central server-based infrastructure. Security software is no longer a self-contained program that can be updated annually. For example, the ZoneAlarm SmartDefense Advisor service allows us to block rapidly propagating malware trying to enter a user's system - long before a signature can be written. These communications are not only essential to the effectiveness of our products, they are a significant part of the reason why most customers purchase our software. The only way to deliver those updates is to maintain some level of communication between the software on a user's PC and the Zone Labs servers. If a user disables that communication, they can significantly compromise the protection offered by their ZoneAlarm product. Our customers need their anti-virus product to update regularly. They want to know if a newly discovered keylogger is trying to install on their computer. Despite the value of these services to our customers, we realize that a very limited number of users do wish to disable all communication and cut off all updates - even though this will weaken their security. We've done our best to accommodate these users over the years. We do currently have an issue where ZoneAlarm continues to ping a server when in fact a user has asked it to be disabled. It will be fixed as soon as possible. For any users who are concerned about this communication between the user's PC and the Zone Labs servers, it is important to note that Zone Labs does not infringe upon the privacy of our customers. We don't save personal information. We don't do many other things that legitimate software companies do to enhance their marketing efforts, like use persistent Web cookies. This conservative approach is intentional because we take privacy extremely seriously. The actual communication in dispute is a GET request that is checking to see if the user's security software is current. We will continue to work with Mr. Borck and anyone else who might have any concerns about this issue. How to Disable ZoneAlarm Server Communications: http://download.zonelabs.com/bin/free/pressReleases/2005/pr_22.html If you would like to report issues with Zone Labs software, please contact: security@...elabs.com Thanks, Zone Labs Security Team
Powered by blists - more mailing lists