ZoneAlarm phones home

January 13, 2006

By Robert X. Cringely

It seems that ZoneAlarm Security Suite has been phoning home, even when told not to. Last fall, InfoWorld Senior Contributing Editor James Borck discovered ZA 6.0 was surreptitiously sending encrypted data back to four different servers, despite disabling all of the suite's communications options. Zone Labs denied the flaw for nearly two months, then eventually chalked it up to a "bug" in the software -- even though instructions to contact the servers were set out in the program's XML code. A company spokesmodel says a fix for the flaw will be coming soon and worried users can get around the bug by modifying their Host file settings. However, there's no truth to the rumor that the NSA used ZoneAlarm to spy on U.S. citizens.

Zone Labs responds via press release

A recent report in Infoworld included information that may be misleading, and we would like to assure all of our customers that the integrity of our security solutions and the privacy of our users are not only intact but of the utmost importance to us.

To clarify, in order to ensure that users have up-to-date protection, the ZoneAlarm product family relies not only on powerful desktop technology but also a central server-based infrastructure. Security software is no longer a self-contained program that can be updated annually. For example, the ZoneAlarm SmartDefense Advisor service allows us to block rapidly propagating malware trying to enter a user's system - long before a signature can be written. These communications are not only essential to the effectiveness of our products, they are a significant part of the reason why most customers purchase our software.

The only way to deliver those updates is to maintain some level of communication between the software on a user's PC and the Zone Labs servers. If a user disables that communication, they can significantly compromise the protection offered by their ZoneAlarm product. Our customers need their anti-virus product to update regularly. They want to know if a newly discovered keylogger is trying to install on their computer.

Despite the value of these services to our customers, we realize that a very limited number of users do wish to disable all communication and cut off all updates - even though this will weaken their security. We've done our best to accommodate these users over the years. We do currently have an issue where ZoneAlarm continues to ping a server when in fact a user has asked it to be disabled. It will be fixed as soon as possible.

For any users who are concerned about this communication between the user's PC and the Zone Labs servers, it is important to note that Zone Labs does not infringe upon the privacy of our customers. We don't save personal information. We don't do many other things that legitimate software companies do to enhance their marketing efforts, like use persistent Web cookies. This conservative approach is intentional because we take privacy extremely seriously.

The actual communication in dispute is a GET request that is checking to see if the user's security software is current. We will continue to work with Mr. Borck and anyone else who might have any concerns about this issue.

How to Disable ZoneAlarm Server Communications:

If you would like to report issues with Zone Labs software, please contact:

main page ATTRITION feedback