It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.
Last fall, InfoWorld Test Center Managing Analyst and Senior Contributing Editor James R. Borck discovered ZoneAlarm 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options.
Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a bug in the software -- even though instructions to contact the servers were set out in the program's XML code.
A company spokeswoman says a fix for the flaw will be coming soon and worried users can get around the "bug" by modifying their Host file settings.
UPDATED Jan 25, 2006
Bug or Feature?
Either way, ZoneAlarm leaks
In a statement sent to The Inquirer, Zone Labs claims the communications detected by Borck between its Zone Alarm Firewall and a bunch of remote servers are benign.
Furthermore, it suggests that blocking communications between the firewall and the remote servers could "significantly compromise" the protection offered by its product.
Here's a chunk of the statement:
"After being contacted by James Borck of Infoworld, we maintained an ongoing dialogue with him to discover the source of his issue. Initially, we were unable to reproduce it in our labs, until he submitted his log files. At that point, we were able to identify the bug and provided Mr. Borck with a temporary workaround. We never refuted his contention that an issue existed, although it did take some time to replicate it.
"The actual communication in dispute is a simple encrypted GET request that is checking to see if the user's security software is current. We will continue to work with Mr. Borck and anyone else who might have any concerns about this issue."
Anyone who knows CGI, knows that HTTP GET requests can be used to send client data to remote servers.
E-mail this story
Printer-friendly version 
Bookmark this page