View Full Version : Zone Alarm owners please read!!

02-28-00, 06:58 AM
I don't know if any of you subscribe to BUGTRAQ, but there was an email regarding Zone Alarm. Here is the cut and paste from the email:

ZoneAlarm by zonelabs.com can export possibly sensitive data if
the "More Info" button is clicked from an alert.

ZoneAlarm is a personal dynamic firewall for Windows 9x/NT.
When a rule is triggered (typically an inbound connection to
an unregistered or alarmed service) an alert box appears with a brief
description of the event and a button labelled "More Info". When this
is clicked a URL is passed to the user's Web browser sending information
to Zone Labs' server for more detailed explanation.

Currently (version 2.0.26) the information passed includes:
Source Address and Port
Destination Address and Port
Operating system version
Firewall version
Whether the connection was blocked
The lock status of the firewall

All this information is sent in clear as an HTTP GET request (port 80).

It could possibly be seen on the Internet in transit or in proxy logs, and
may include information about machines on an internal network inside a
corporate firewall. The request itself could be blocked by ZoneAlarm, but
it is likely that the setting for the Web browser would allow it to access
the external network (Internet).

It is fairly simple to edit the .EXE file to disable this feature, or
to redirect it to a local server.

It was later stated in a reply message that BlackICE Defender does the same thing; sends information to their server in the clear.