Monday, December 17, 2007

Beware of ZoneAlarm!

I began helping in on-line forums almost eight years ago. The most common advice provided was to install a firewall. The most commonly recommended firewall was ZoneAlarm. As a result, ZoneAlarm became a trusted and well known application, much of that reputation having been built by the free advertisement in those forum postings.

Well, folks, times have changed. The once highly trusted ZoneAlarm has betrayed that trust. Today, if you install ZoneAlarm Free, this is what you are presented with, a pre-checked option to install ZoneAlarm Spy Blocker.



So, what is the average computer user to think when (and if) they see this? They will be expecting a ZoneAlarm add-on that will provide their computer with additional security protection. After all, the wording specifically references ZoneAlarm Spy Blocker as a toolbar. This is a security feature, right? Of course they click the Next button.

The installation is completed and the computer user launches their browser and discovers


that the ZoneAlarm SpyBlocker comes in the form of the Ask Toolbar!

Read what noted researcher Ben Edelman had to say in his analysis of Ask Toolbars ine "Current Practices of IAC/Ask Toolbars".

Search the CastleCops CLSID list for {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} and you will see that ZoneAlarm SpyBlocker has the identical entry to that of the Ask Toolbar.


OBJECT NAME

GUID

STATUS

FILENAME

Ask Toolbar BHO*

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}

O BHO

ASKSBAR.DLL

ZoneAlarm Spy Blocker BHO*

{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}

O BHO

SPYBLOCK.DLL

DESCRIPTION

Ask_Toolbar - see this_note

ZoneAlarm Spy Blocker Toolbar, now installed as an optional with Zonealarm. Uses the Ask.com searchengine. More info here - also see this_note

Ask yourself why ZoneAlarm hid the fact that it was the Ask Toolbar that was being installed. Here's the most likely answer -- pay per install. Yes, I suspect that ZoneAlarm is being paid by Ask or their affiliates for each and every install of their nefarious toolbar.

I have added a warning to the listing of Vista Compatible Firewalls in Windows Vista Bookmarks and I can no longer consider ZoneAlarm a recommended software. ZoneAlarm has followed down a similar rocky path as Webroot Spy Sweeper.

References:




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

10 comments:

Unknown said...

Wow..I got a notice from zone alarm this past week that there was an important update..so, I did the update.

I unchecked that little box because I have been burned before when d/l something and receive all sorts of nasty BHO's.

I am glad to see you mention this disgusting habit of many software companies who say their product is free, but in reality..its not, and it dumps all sorts of unwanted programs into your browser or computer.

Now, I am wondering if I should dump ZA..

Corrine said...

Hi, Dusty.

I'm glad you were alert enough to spot the pre-checked box. So many other people either missed it or believe it is part of the ZoneAlarm software.

Its also good to know you didn't have the problems others have run into.
http://securitygarden.blogspot.com/2007/12/more-problems-with-zonealarm-update.html

Should you decide to investigate a different firewall, the following are free for personal use:

Outpost: http://www.agnitum.com/products/outpostfree/index.php
Comodo: http://www.personalfirewall.comodo.com/
Sunbelt Kerio: http://www.sunbelt-software.com/Home-Home-Office/Sunbelt-Personal-Firewall/Download/

Unknown said...

Hello again,

Which one of those three would you suggest? I have noticed my cpu has been incredibly high ever since I did the d/l of the Z.A. update..which you mention in your latest Z.A. post.

Corrine said...

Hi, Dusty!

Everyone has different levels of experience as well as preferences. The decision may also be affected by the other security software on your computer.

There has been an interesting discussion on this topic at Freedomlist in the Apps subforum of PC Protection. You may want to check the comments there.

I had used Sunbelt Kerio (pay version) on my Windows XP computer and was pleased with it and I know many people are happy with the free version. Comodo firewall is very highly rated and considered an excellent product.

You may want to review the "Windows Personal Firewall Analysis" by Matousec.
http://www.matousec.com/projects/windows-personal-firewall-analysis/

Unknown said...

Good afternoon Corrine,

Thank you so much for all this information. I will check out the two places you list. I quit using Z.A. for a few years but the product I replaced it with is no longer free, so I went back to Z.A.

Thank you again ;)

Corrine said...

You're very welcome, Dusty. Let me know how you make out.

Anonymous said...

I got the same, i installed it Stupid ME! now i need to dump ZA ,after years on my pc and recommendations to friends and family. They will dump it to !

Stupid Me! for trusting ZA

Jimbo said...

Don't panic folks. I just downloaded the latest free ZoneAlarm, then uninstalled Spy Blocker with CCleaner (also free.) Also, I have WinPatrol installed (also free) which asked me whether I wanted to approve SpyBlocker on the startup... of course I said no.

I've used ZoneAlarm free for ages and I'd hate to change it. Hope this helps.

jimbo

Corrine said...

The issue, Jimbo, isn't about removing the toolbar, it is the incorporation of the IAC product in the guise of a security product.

Todaydownload.com said...

I have been through the whole content of this blog which is very informative
and knowledgeable stuff, I would like to visit again
ZoneAlarm