MultiProxy public forum From Message DAR87 2/24/2001 06:46:47 Subject: Win and ZA Spying on you?! Message: Check out this alt.privacy discussion on ZA and Windows spy apps http://groups.google.com/groups?lr=&safe=off&ic=1&th=1f9213da39dff7bd&seekd=917871391#917871391 Read through the entire threads. ZA's looking bad, and Microsoft has a big bad plan? i knew it 2/24/2001 07:22:22 RE: Win and ZA Spying on you?! Message: yeah, in the last month or so, i've noriced some bizzare thins happen when i'm running za. i never have these problems when it isn't running. my conclusion, za is a gateway straight into your box for the people(scum) that know how to use it! DAR 2/24/2001 07:51:10 RE: Win and ZA Spying on you?! Message: Long story short, people. It seems that ZA comes with two spy dlls that according to the their manufacturer " utilizes its patented metering methodology to measure actual Internet and digital media audience user behavior in real-time - click-by-click, page-by-page, second-by-second." I found these two C:\WINDOWS\SYSTEM\VSMONAPI.DLL C:\WINDOWS\SYSTEM\VSUTIL.DLL Had been left on my system after uninstalling ZA. It seems that your system configuration and maybe the activity is logged to the file Iamdb.rbd, then transmitted. This discussion also implicates Steve Gibson of Grc/ShieldsUp/Opout in this as well. This discussion also includes the RPCSS.dll of Microsoft, and their plans to use this in future enforcement of the software piracy laws. THIS IS SERIOUS SHIT, EVERYONE NEEDS TO CAREFULLY CONSIDER THESE DISCUSSIONS; NO JOKE. Anonymous 2/24/2001 09:22:01 RE: Win and ZA Spying on you?! Message: DAR, Thanks of making us aware of these discussions. I will read it later as I use ZA and optout. I want to understand if this is true or just a misunderstandig. I hope the latter. I know when I start my test system with WinME, ZA reports Windows Explorer wants to access internet. I never want the system to check for upgrades automatically, so I have to check on this access. I hope it's not "call home". Brand X 2/24/2001 10:46:36 RE: Win and ZA Spying on you?! Message: All this talk got me started. I just used adware,it found nothing. Then I tried antispy. c:\windows\system\ADPACK.DLL,amcompat.tlb,amstream.dll. Anyone find these? Whats the deal with these three files? DINO 2/24/2001 12:53:16 RE: Win and ZA Spying on you?! Message: OK, for standard ZA, but what ZA PRO ?Do you think we pay and they spy us ? DAR09 2/24/2001 14:35:47 RE: Win and ZA Spying on you?! Message: Anonymous, The point on Gibson would be his known love of ZA and his unofficial status as Internet Firewall guru; at the same time I know his Leaktest and Optout apps don't detect what appear to clearly be Spy dlls from this company Truevector. The man's credibilty is suspect in my eyes. ZA APPEARS to be real cozy with Truevector, and additional point made here is ZA's granting of unlimited access to permitted apps; once you’ve given a seemingly ok app like Outlook Express permission; you can’t monitor it further. Makes sense; all the other freeware is bugged; who's in a better position than Zonelabs to do the same? Brand X; I only have one of the three you mention; attached to Win Media Player, do some research and get back to us. Dino; If you have the VS*.dlls; I’d say affirmative. Just adding insult to injury. I use TinyPFW; but the damn things probably bugged to! A further issue raised here is the Rpcss.dll from MS; Kill the bitch; my system appears fine without it. I don’t know and probably can’t confirm this data; but the research appears solid to me; better to err on the side of caution? Brand X 2/24/2001 15:11:45 RE: Win and ZA Spying on you?! Message: I deleted the Rpcss.exe, my system is running fine. Seems like I'm browsing faster I can't tell for sure yet. Anonymous 2/24/2001 16:04:47 RE: Win and ZA Spying on you?! Message: I am on Win 2000 pro, I renamed the rpcss.dll to zrpccs.dll ( don't like to delete too soon) The bitch Win2000 immediately popped up a warning window : you changed system files, must insert cd-rom to restore file. I said f*ck you, she said, you'll be sorry system is not guarantee to be stable. As if I don't get blue screen already :) Brand X 2/24/2001 16:19:15 RE: Win and ZA Spying on you?! Message: Well I deleted the three files, and the first thing I did was to go to a porno page and dl a mpg.Media player came up and proceeded to dl. Suddenly I got a network error page stating that a connection to www. microsoft.com could not be established. Media player still works fine. Just keep files in recycle bin and test something goes wrong you can always restore them. DAR67 2/24/2001 16:34:11 RE: Win and ZA Spying on you?! Message: Sounds like classic microsuck; upgrade the accessory nasties to status of system file; wonder if the "Failure to spy" message was from the ad & am or the Rpcss removal? Inquiring minds want to know. DAR67 2/24/2001 16:59:25 RE: Win and ZA Spying on you?! Message: The plot thickens; appears my A4 is using a Web3000 BSD Socket chained to the Windows BSD socket; Web 3000 is the fine folks of Netsonic. Tis' no wonder inet never responded to my support emails; they knew I had a cracker version all along. As if I did'nt know.... S 2/24/2001 18:26:13 RE: Win and ZA Spying on you?! Message: Gibson has a ZA disclaimer on his website, this is it-- PLEASE write to ZoneLabs at support@zonelabs.com with your feedback, questions, problems, complaints, etc. relating to THEIR free ZoneAlarm v2 product. The 'shieldsup' newsgroup (above) is also jam packed with lively discussion of problems, solutions, tips and tricks. PLEASE DO NOT WRITE TO US with ZoneAlarm feedback. We closely monitor its ongoing development through communal feedback in the 'shieldsup' newsgroup. We are active there so EVERYONE can benefit. You should do the same! You can find it yourselves by clicking on the "Technical Suport" link at the GRC homepage. How 'bout that, huh! I think we should bombard him with mail anyway, what's he doing hooked up in all this? Next stop, the GRC newsgroup. S 2/24/2001 21:43:17 RE: Win and ZA Spying on you?! Message: Well I just came back from the alt.privacy link given by DAR and, no doubt about it, Zone Alarm is SPYWARE. The proof? The IAMDB.RDB file, located in Windows/System, grew to over 5.3 MB in my system. This file, according to the post, installs itself through ZA and logs all activity about apps on the PC, even those that don't use the Net, and it starts life as only a 54K file. Apparently it "phones home" to Daddy using the 2 VSMON dll's that HAVE TO be enabled for Zone Alarm to work, which I know from experience. ZA is history, Gibson is history for promoting it. MS is gonna be history, soon as I figure out Linux. God damn these sons-of-bitches! Thanks for the info DAR, keep it coming. Anonymous 2/24/2001 23:05:15 RE: Win and ZA Spying on you?! Message: Please hold it for s sec and check something. My RDB file is only 127k after 1 year using ZA. I don't remember maybe I started new ZA from fresh 2 month ago. I cannot understand 5MB, as this appear to be just the programs configuration list, Maybe ZA is not releasing deleted space so the file just grows. I suggest is this. Remove all programs from ZA permission configuration ( or completely remove and re-install) and start from fresh, see what size you have. Now let ZA work one by one. What I do is then go to Programs and make sure is what I know and I don't give serever to anything that doesn't desrve it, etc. Sometimes on the pop up dialog box you say yes for local server, but ZA puts also for remote server. better have Ask for program you don't use often. From time to time remove from programs what you are not sure about, you can always add it later with the pop up dialog box. Also make sure you are on Security: Internet High !!! What scares me most is if true and some programs are "priviledged" and don't even show up in Programs list !!!! this is sneaky. DAR78 2/24/2001 23:50:18 RE: Win and ZA Spying on you?! Message: Your methods may find other programs, but you can't use ZA to catch ZA. The vs* dlls and the Iamdb are ZA, your use of the program has automatically granted them full access. Additionally, the research I've done so far indicates that these dlls will broadcast at a time when you're not surfing; remember ZA is primarly marketed as a tool for 24/7 ADSL users;there's plenty of time for a broadcast when no one's watching. Call me paranoid, call me guilable, call me whatever; but after reading the alt.privacy discussion, following the links and scanning my machine my 15 year cop instincts are telling me this is a conspiracy. Follow the trail, judge for yourselves. My next steps will be to take ZA to a Cisco Certified Internetworking Engineer colleague, if anyone can do the technicals, it's him. S 2/25/2001 00:10:55 RE: Win and ZA Spying on you?! Message: That's the thing, you can't run ZA without enabling VSMON, it's as simple as that. I never allowed server access for any program in ZA, none. My security is always set on HIGH, and you first have to enable local access in ZA in order to setup the Internet protocols. DAR is right, once a program is enabled in ZA it can't be monitored any longer. And you cannot monitor the behavior of ZA without VS* if it won't work without them. Anonymous 2/25/2001 01:32:54 RE: Win and ZA Spying on you?! Message: Is there a way to put a SECOND firewall to check on ZA? or double check? Is there a way to put sniffer that filters traffic and can be triggered on ZA spy attacks? I remember the commotion many years ago when people found their directory structure inside old Prodigy online service ( the old one). There was big outcry. WHO CAN WE TRUST ?????? RTaylor 2/25/2001 05:11:11 RE: Win and ZA Spying on you?! Message: Greetings, Interesting discussion which includes conspiracy theory's (cool!), however, I believe I can explain why "ZA" (ZoneAlarm) is acting like a Trojan! Although not commonly known ... it appears ZAs security defenses are so effective, it actually blocks its own internal registration methods (LOL). Unless ZA is properly registered, the software gets trapped in a self-inflicted loop of unsuccessful connection attempts to the "zonelabs" server. This funny little BUG actually helps demonstrate one of ZA strengths as a firewall. Although ZA is FULLY authorized to access and therefore regulate the programs which access the Internet, a hidden process within ZA itself failed to breach its own firewall (wow!). Why? ... unlike other firewalls, ZA encrypts a unique code regarding each program you've ever authorized which must consistently match against the original pattern 100% to function 100%. ( ET could NOT phone home through ZA ;-) To quickly check and see if you have this type of problem, select the ZA configure button, and l@@k at the bottom message to verify your registration status is NOT pending. If you don't see a registration conformation date, then ZA may indeed be causing the unexplained TCP & DLL activity you are experiencing and therefore is NOT (per´se) Trojan related. To fix this problem, try the following ... 1) Terminate your connection. 2) Close all Internet software. 3) Set the ZA Internet security level to "medium or low". 4) Logon to the Internet again. 5) Open a web browser and go somewhere/anywhere. Once TCP activity is detected by ZA it will automatically try and register itself again. This time however, the lower security setting should allow this new connection to be successful. After you see your registration is no longer pending (1-2 minutes), reset your Internet security back to "HIGH". I've often wondered how many people this problem might affect world wide. Those readers who after reviewing my comments discover they too have this problem, please make a brief posting to this thread helping to document how many people found my information useful. Personally, I really like ZA and am hopeful my posting will help calm a few people down! From one paranoid to another, Robert ô¿ô P.S. For the curious minded (why me?) ... this problem mainly occurs when updating ZA from an older version. This happens because experienced users usually set their Internet security level at HIGH, unlike the default (medium) settings usually encountered during the first-time installation and registration process for beginners.(doh!) Web Site: http://members.aol.com/starfirert/ira Anonymous 2/25/2001 08:56:07 RE: Win and ZA Spying on you?! Message: RTaylor, My ZA status is: This copy of Zonealarm is not currently registerd Please register to recieve a full license. Is this what you call PENDING, or pending means the status has the word pending? S 2/25/2001 12:46:37 RE: Win and ZA Spying on you?! Message: RT-- First of all, I will try what you suggest. But forgive my ignorance while I ask one or two Q's: 1) What does registration of the product have to do with whether or not authorized apps are transmitting unauthorized data and history to their programmers? 2) How does this explain the growth of the IAMDB file, a record of loopbacks? For A-- Yes, pending means pending registration, whether actually included in the message or not. ZA asks us to register, even if it is freeware. Which brings up another point: It would be nice to put a name on all that data huh? I admit only the ignorant would actually register with their real name, but then the programers count on that % of users, don't they? THM 2/25/2001 12:58:24 RE: Win and ZA Spying on you?! Message: hmmm ... ive renamed all "rpcss.*" shit on my system ... but win2k & win98 says nothing ... now, is that a good or a bad sign :-\ Brand X 2/25/2001 13:34:20 RE: Win and ZA Spying on you?! Message: Just tried to rename iamdb, access denied! Cannot delete either. I have three files in c:\windows\internet logs. 2 are ZA and the other is a id file with my computer name.ldb, anybody concur? lol DAR 2/25/2001 13:37:47 RE: Win and ZA Spying on you?! Message: Not much time today or this week for my pithy little paranoiac interpretations, by here’s a link trail. I see reference to the reg issue at Zlab support, this may explain alerts and aberrant behavior by ZA, but not what I see to be the central issues raised in the alt.privacy discussion; What is the purpose and operation of the Truevector files? Zonelab press release regarding Truevector, the ZA DLLs http://www.softwarelaw.com/proudpatentholders/Zone%20Labs.htm where they refer to US Patent #: 5,987,611 http://164.195.100.11/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1&u=/netahtml/srchnum.htm&r=1&f=G&l=50&s1='5,987,611'.WKU.&OS=PN/5,987,611&RS=PN/5,987,611 Nice long URL, huh. You’re government at work. Anyway, this is where it gets interesting. With a cursory scan of this lengthy doc you would see the ZA features we know of, looking Ok so far; but if you go deeper you will see that that the Truevector invention has surveillance and supervisory functions. In fairness to Zlabs, these are probably not incorporated in ZA; but who really knows? That is the crux; isn’t it? Who is going to tell you the whole story? The question for me is am I willing to use a product that could now be in surveillance and control mode or, in the future, scaled up to include these functions? The probability of mission creep at the behest of companies like Media Metrix and TIBCO comes to mind. My personal answer is no; too many unanswerable questions; at least until my CCIE dissects it. Anonymous 2/25/2001 14:34:22 RE: Win and ZA Spying on you?! Message: I renamed rpcss.dll on win2k, had to rename back as I lost the network functionality after reboot. :( DAR, Is the conpiracy going as far as saying ZA is a dormant mole, waiting for a signal to wake up? that is really scary, like inviting Hanibal as a guest :) DAR 2/25/2001 15:26:48 RE: Win and ZA Spying on you?! Message: Is the glass half full or half empty? Depends on perspective. A trusting interpreter of the patent doc would see a client controlled rules setter that guards the gates; a well done free app distributed to gain market credibility with their paying corporate customers. A mistrustful interpreter would see a supervisory rules setter; a scalable monitoring and control unit with the reins in the hands of profilers like Media Metrix. I can read this doc both ways. I do know that it does not go into full details, companies do not expose proprietary info to their competitors through the patent office. When I weigh the risks and rewards, factoring in my experience as a former deputy US Marshal and my security work for firms like Metrix, add to that the present inadequacy of privacy legislation and the hunger for more and more “security” in America, I have to go with The old French Foreign Legion saying “When in doubt, Gallop!” Green Thumb 2/25/2001 20:45:06 RE: Win and ZA Spying on you?! Message: Try to rename or delete the files in dos THM 2/25/2001 20:55:17 RE: Win and ZA Spying on you?! Message: s**t .. just rebooted .... and ... nothing ? .. realy nothing .. all da network stuff had gone ... re-renamed ... and my system was back ... :-\ (eh, Bill !, good work !!!) S 2/25/2001 20:55:51 RE: Win and ZA Spying on you?! Message: Any sniffing reports out there? And sorry RT, I don't even want it back in. THM 2/25/2001 21:02:13 RE: Win and ZA Spying on you?! Message: hmm .. an other question ... ive got a direcory called "registration" in my win2k-dir ... 128 *.clb and one *.crmlog (all-in-all 2.631.136 Bytes) ... does anyone know their function ? (and action will cause a "access denied" ... iam the Admin .. im GOOD ... don't i??) RTaylor 2/26/2001 01:08:39 RE: Win and ZA Spying on you?! Message: Me again, It was my original intent to logically explain ZAs Trojan like behavior and not to get involved in the conspiracy discussion aspect of this thread. (NO ... Whos, Whats, Whens, Wheres, Whys or even How Abouts or But Ifs!) I can't devote additional time to defending off-the-wall and unsubstantiated accusations by others, who themselves admit they aren't sure what's going on and therefore STOP using ZA only to then criticize its use by others protesting, better safe than sorry. I find this attitude similar to those who bad-mouth MultiProxy simply because they can't understand how to make it work properly to achieve anonymity while surfing. I'm also unsure why everyone is so concerned about why ZAs rule database increases from a default size containing nothing, to a larger database containing stored information about the security preferences a user keeps adding into it. What else could it do but grow? (remember, NO, but-what-if-who scenarios) One poster called "S" states having a 5MB file as proof of spyware, although suspicious l@@king ... the truth is that older version of ZA happened to contain a bug that caused 512k of data to be written each time tru-vector was launched. The only thing this LARGE file tells me is ... you're a long-time ZA user with a corrupt IAMDB.RDB file ... unlike "Anonymous" who has a 127k file after 1 year of use! Although unverified ... after backing it up, I believe you can delete this file from DOS and it will automatically rebuild itself to its default settings upon accessing Windows. This obviously causes you to loose all your existing setting and therefore will need to manually setup everything all over again. A small price to pay in my opinion to kill that LARGE of a corrupt file. Folks, I'm pushing verifiable facts here, not theory's, suspicions or opinions. To clarify one point of confusion by some ... the words "pending & status" used in my first posting, were to help describe a "condition" and not words used to define what YOUR setting might exactly say regarding ZA registration. To summarize everything more bluntly ... if ZA is not properly registered, users will experience a problem (until corrected) which might resemble Trojan activity, but is NOT. BTW "S" ... I'm not trying to sell anyone on ZA, I'm just trying to put things into perspective and help shed some light on this bizzar Trojan rumor. At minimum, I know my efforts helped uncover that "Anonymous" indeed acknowledged having a registration problem which you personally responded to elsewhere in this thread. I'm still hopeful others find my information of assistance and not just some type of attack on their personal opinions regarding the usefulness of ZA as a firewall, Robert ô¿ô P.S. For those of you who still trust ZA and would like to actually enhance your interaction, visit: http://zonelog.co.uk/ Hopefully the above link will help make-up for the poor attitude I've developed while addressing this out-of-control ZA topic, which DAR and others continue to perpetuate. By supplying this additional information, hopefully even "S" will be able to figure out a FULL syllable name. ;-) S 2/26/2001 03:58:12 RE: Win and ZA Spying on you?! Message: OKAY, I'LL BACK OFF! But I'll be very interested in hearing about what DAR's Cisco Specialist has to say. One last Q though, how old a version of ZA are we talking about and how many programs would I have to add to cause so much "corruption"? And yes, I too "registered" my ZA. RTaylor 2/26/2001 16:51:14 RE: Win and ZA Spying on you?! Message: Hello "S", << OKAY, I'LL BACK OFF! >> I'm glad you have a descent since of humor, as my last posting was intended to be both fun while serious at the same time, you're a good sport! << One last Q though, "HOW" old a version of ZA are we talking "ABOUT" and "HOW" many programs would I have to add to cause so much "corruption"? >> Remember ... NO ... Whos, Whats, Whens, Wheres, Whys, or even How Abouts or But Ifs! After everything I've said on this topic, these little details are totally irrelevant and a waist of time and energy thinking about let alone trying to address each one. I've given everyone the proof they need to kill this rumor NOW, but only if individuals really choose to read and FULLY "comprehend" my information will be their own choice (I'm not writing a ZA.HLP file or how-to book here folks!). If people somehow don't trust my more logical explanation regarding ZAs Trojan like behavior and prefer a conspiracy theory, I've always stated that my comments are verifiable, which mean REAL research and NOT more questions. Unfortunately "S", I don't know an exact time frame when ZA fixed this 512K write problem. Since "Anonymous" does not have this problem after 1 year of using ZA you should have logically concluded that any ZA older than 1 year (long-time users) would have residuals of this problem on their system even after the updates which eventually stopped the writing bug. What more is there to say accept, ask Zonelabs and not me if you really need to know that "specific" of a question. I do know this bug once effected the "YourComputerName.LDB" file was well. Both problems were eventually corrected in newer revisions, but oddly enough, not during the same upgrade which compounds this problem slightly more and is beyond the FOCUS of this discussion. As for your question regarding how many programs you had to add to cause this large of a corruption, the answer is NONE. My original answer: "the truth is that older version of ZA happened to contain a bug that caused 512k of data to be written each time tru-vector was launched." Basically that statement clearly indicates that simply booting your computer would cause a write problem to these files, let alone all the programs you add/remove plus long-term unsuccessful registration attempts. Please don't ask how any times you must boot to acquire a 5Mb file, it's not IMPORTANT ;-) << But I'll be very interested in hearing about what DAR's Cisco Specialist has to say. >> BTW ... supplied with all this new information I can't imagine DAR still asking this Cisco Specialist to review ZA as a suspected Trojan. Your question only shows that after being presented with cold-hard-facts you and possibly others will still distrust ZA even after verifying that they indeed have or had is the same registration or corruption problem I described, AMAZING! In conclusion, I feel I've given this topic my best efforts to help educate those who are actually WILLING to learn and re-think their positions based on facts and not rumors, Robert ô¿ô --- END TRANSMISSION S 2/26/2001 20:22:15 RE: Win and ZA Spying on you?! Message: Always willing to re-consider any position, however you really do not answer anything, other than to say "It's just a bug, don't worry about it!" That's quite a bug, don't you think? By the way, my experience with ZA began with 2.1.25, less than a year ago. If that fits the time frame, bully. But it is apparent to me there is no sense in continuing the discussion, as you see me as an ignoramus, and I view you as, well, condescending. If the others do not care to respond to this discussion further, that is fine also, as this issue will reappear again without prompting from either of us. By the way, you didn't vote for Bush did you, AOL-boy!? Brand X 2/27/2001 09:51:57 RE: Win and ZA Spying on you?! Message: Hey S, dont't feel bad. R Taylor probably never read the google post. Why is he such an advocate for ZA? Most of us are leary about ZA, it's our right to be. Just his opinion,but he should'nt be insultive. Here's the google link for RT incase he wants to educate himself. :) http://groups.google.com/groups?lr=&safe=off&ic=1&th=1f9213da39dff7bd&seekd=917871391 THM 2/27/2001 11:30:46 RE: Win and ZA Spying on you?! Message: ok folks ... i also read this post ... ive never used za ... but is anybody able to tell me what to do with my rpcss.dll?? (plz) S 2/27/2001 11:32:26 RE: Win and ZA Spying on you?! Message: Yeah, I didn't mean to insult the intelligence of the other folks who voted for Skippy. But if DAR's Cisco guy could take a look at it that'd be good, it would put rest to it. But probably not. As he said in an eariler post "the glass is either half-empty or half-full" depending on how you look at it. Sorta like oil drilling in the Arctic Refuge, can it be done safely or not, and will it do any good? Americans are split on the issue. S 2/27/2001 11:39:08 RE: Win and ZA Spying on you?! Message: Put it in Recycle Bin. Run w/o it for a few days. If no problems, either save or get rid of it, your choice. TA 2/27/2001 15:58:11 RE: Win and ZA Spying on you?! Message: any really conclusive evidence so far if ZA is really spyware? Anonymous 2/28/2001 01:30:02 RE: Win and ZA Spying on you?! Message: Last time i was playing frecell, at the moment i was turning 9 of spade my modem was blinking could it be spyware, calling Alice in wonderland ?? Nobody 2/28/2001 13:13:43 RE: Win and ZA Spying on you?! Message: I've been using ZA along side ConSeal PC FIREWALL for well over a year and was very suspious of ZA at the start. When ZA first came out there was an issue with it phoning home on a regular basis but after a number of complaints they discontinued that feature. When you install ZA it registers itself as soon as you logon to IP# 216.15.66.222, after which I block that addy with ConSeal. I have never caught ZA trying to access that IP# again or any other attempt to phone home. And unless you have writtten a rule allowing FTP access to the specific IP#, ConSeal will stop LeakTest too. Riley 2/28/2001 13:19:59 RE: Win and ZA Spying on you?! Message: Why would you use ZA and ConSeal together? DoOrDie 2/28/2001 13:25:49 RE: Win and ZA Spying on you?! Message: RE: Win and ZA Spying on you?! Message: Why would you use ZA and ConSeal together? ***** For the same reason I use ZA and Black Ice together.. two firewalls are better than one. ZA, with all its infinite security has holes too and another firewall (i.e. ConSeal, etc.) helps plug those holes. They work together in perfect harmony covering each others' back (or, at least that's what we all like to think). DoOrDie Haggas 2/28/2001 13:51:51 Re: DAR and RTaylor Message: Excellent point and counterpoint. Thanks for taking to time to post your thinking on the matter. It's probably the most in-depth discussion to appear on this forum since it began. I don't have a dog in this fight, so to speak, since I don't use ZA. But Gibson and ZA have always been held in the highest regard. How many serious Internet users have not considered his page to be a mandatory stop? It is important to reach some kind of consensus on this "spyware" issue. Hopefully, with investigation, and discussions like this one, the answer will become clear. In the mean time, thanks to DAR for starting this thread, and to everyone else that contributed. It's definitely a keeper. Make 2/28/2001 16:05:21 RE: Win and ZA Spying on you?! Message: Official response from Zone Alarm: "We forwarded some of your comments and concerns on to Zone Alarm, and here is the company's response: ZoneAlarm does not collect surfing data about users' behavior. The only information we ever see from an end-user of ZoneAlarm is: (1) your registration data (if you chose to supply it), (2) your version and registration numbers (if you have one) every time you "check for updates"(if you have that option marked in the configure panel), and (3) Alert data, when you click the More Info button on an alert to get more information about an Alert. This information does not get shared with anyone else, as we guarantee in our privacy statement on our web site. Zone Labs never receives any other information from a ZoneAlarm client, and cannot retrieve any other info from your machine. Since ZoneAlarm does not log users' surfing behavior, there is no way for this information to be retrieved. ZoneAlarm does leave elements in the registry after an uninstall, but our FAQ details how to remove them in the event of a problem. That information is found at http:/ / www.zonelabs.com/ support.htm You also mentioned our relationship with Media Metrix. This company is the equivalent of Nielsen ratings for PC users and their Zone Labs statistics are confined to the number of downloads of ZoneAlarm off Zone Labs' servers and ZDNet servers. Absolutely no additional information is gathered from ZoneAlarm users. And just like Nielsen, Media Metrix's panels are comprised of volunteers who have given their permission to Media Matrix to measure their surfing habits. Zone Labs is a company formed by software engineers, exclusively for the purpose of creating great software. We have no interest whatsoever in what people do in privacy on their own PC." Best regards, Zone Labs and from Steve Gibson {optout author(spyware remover)} "Many people have been concerned that ZoneAlarm is free, and have wondered whether it might not, itself, be very cleverly marketed advanced spyware. Then, on January 11th, gasoline was thrown on the fires of these concerns when ZoneLabs announced that their "TrueVector" technology had been licensed to Media Metrix, a company that provides "consumer profiling" services to major Internet media users. This caused an uproar as people wondered whether the "TrueVector" technology that also forms the foundation of ZoneAlarm might not be spying on them. In other words, "Who's watching the watchers?" !! Since these are valid questions, which also initially concerned me greatly, I'll tell you what I know and now believe: I'm absolutely certain that the ZoneLabs guys are good guys. ZoneAlarm is the first application of their TrueVector technology. In the future they will probably be offering a non-free "pro" version which will offer more advanced features for people wanting detailed event logs, operation on NAT machines, more "granular" control over the ZA firewall, and so forth. But their main focus is upon the licensing of their underlying TrueVector technology (as they have with Media Metrix) and also upon the development of commercial "corporate scale" products. I've read their TrueVector US patent cover-to-cover, so I know how much more their technology can do. In the future they will be offering a suite of powerful solutions to the corporate Internet user who needs to maintain security controls over their entire enterprise's operation. So I ask you: How better to nail down every last nuance of their core technology's behavior and operation than to give it ultra-high volume exposure in the form of a technologically advanced free firewall for the masses? It is what I would do, and what I WILL do in the future, with my own work. What about the evil Media Metrix? Educate yourself as I did: Go take a look at the Media Metrix website. What you'll see is that Media Metrix is to web surfing as the Nielsen rating system is to television viewing. Just as a "Nielsen Family" gets paid to have a special "set top box" continually monitoring their viewing habits, Media Metrix pays 50,000 web users to have special monitoring software installed in their computers so that their surfing habits and behavior can be monitored. The technology Media Metrix had been using was limited and troublesome. So, they turned to ZoneLabs' TrueVector technology to provide a mature solution for their knowingly monitored user's needs. I see nothing wrong, nor the least bit evil or underhanded, in Media Metrix's use of the superior TrueVector technology, nor anything wrong with ZoneLabs making their core technology available to an above-board company like Media Metrix. It is specifically because of the financial support of the Media Metrix license that ZoneLabs can afford to make ZoneAlarm free to all of us, and specifically because of the data collected by Media Metrix (with the FULL KNOWLEDGE AND PAID PERMISSION of their sample user-base) that so many other free, advertiser-supported services are available to all of us on the web." RTaylor 2/28/2001 17:34:09 RE: Win and ZA Spying on you?! Message: Greetings, Thanks "Haggas" for your kind comments! A BIG thank-you to "Make" for helping me kill this rumor with even more FACTS! I was beginning to feel like a lone-wolf caught this trap of suspicions. With further assistance, I might not need to chew my leg off! ;-) Robert ô¿ô Anonymous 2/28/2001 18:06:28 RE: Win and ZA Spying on you?! Message: Don’t break your arm patting yourself on the back, Taylor. Regardless of the outcome, your reliance on the suspect only without independent corroboration is poor investigative technique. I wonder where the Marshal is? S 2/28/2001 22:15:49 RE: Win and ZA Spying on you?! Message: Yes, thank you Anon, for reminding everyone the issue is not settled yet. I admit it, I went off half-cocked about ZA "phoning home". No evidence it does that here. But there is still plenty of reason for concern, as the "Nielsen" technology built into ZA was put there for a reason, not just to make it free. Was this the only way it could be freeware? Could Media Matrix 'activate' TrueVector whenever? And why weren't ZA users informed about this before now, and don't answer with "read the fine print." That kind of talk is for people who want to put something over on others. As for Gibson, ZLabs and MM, of course they're going to say it's not spyware. 2 of the 3 are arguably the most trusted people on the web, they have reputations to consider. But it is enough for this "patented" tracking technology to be built into ZA that should cause concern, whether ever used for covert Internet tracking or not. If they wanted people to participate in "Nielsen" type ratings on the web, ZA could have been given away by offering an extra "download" for this purpose, and Pro could have been marketed without it. But they did not do that. TrueVector was touted for increasing program control for the end-user, not the deliverer. In fact, it appears to likely work the other way around. The best post here was by "Nobody", who said ZA did phone-home immediately after installation. I thought you had to tell ZA to go there, not do so on its own. He blocked the IP, and it never made a noise after that. That's probably the end of the story. But it is enough when any software does something behind our backs, as companies like Microsoft are notorious for creating. It is their duty to inform us what goes on with their stuff, so we are not surprised when it happens. Instead ZA left us to figure it out for ourselves. This episode did inspire me to do two things. One is to learn all about sniffing, so I can examine packets myself and determine what they're doing. The other of course was to upgrade my firewall, to have something which offers a greater degree of control, so there aren't any surprises. But the idea of a 'registration bug' is just a lot of hooey, or bullshit as we used to say back home. LarsNapster 3/01/2001 05:25:00 RE: Win and ZA Spying on you?! Message: My Thoughts: ZA may not be spyware, but Truevector CAN be; watch for it elsewhere. Anon above is right, one should hardly count on the thief to tell the truth. Wild speculation and independent technically based investigation are what we need, not more reassurances, we have too damn many politicians already. CJ 3/03/2001 04:08:06 RE: Win and ZA Spying on you?! Message: Brand X asked about 3 different files he found on his computer. i haven't had time to do a thorough check but it seems all 3 are Microsoft products. ADVPACK.dll is advanced inf set-up and is linked to ie4. AMCOMPAT.tlb is linked to movie player compatability. And AMSTREAM is Direct show Run Time (Whatever that is).hope it is of some use. There have been a lot of messages about Zone Alarm. I looked at the various dll and EXE files and was interested to learn that the programs are copyrighted by varisign corp... Brand X 3/03/2001 10:41:47 RE: Win and ZA Spying on you?! Message: Well those three files have been long gone from my tin can. All is well so far, I'm figuring when I go to update some microsoft stuff I'll get "The big surprise". Until then I don't care lol.Remember the older version of ZA? WHEN IT WOULD ASK FOR PERMISSION TO ACCESS THE NET? What happened to that anyway? ZA pro doesn't do that. When I used ZA back when I wondered why that would happen. What does it want to access and why? hmmmm Someone posted that you are never anon they are right on the money. Let's all not kid our selves. That's not being paranoid, it's just seeing the way it is. If some script kiddie can hack NASA and the Navy and so on, what chance do we all have against the real pro's? Pro's like Microsoft, IBM etc.How about proxy trust? All the law has to do is get a warrant for that proxy's logs and your caught.The more technical stuff "we" have,just think of what the big boys out there have! If your not really doing anything wrong you have no worries.I'm a realist, big brother knows all about us and I think that bites! To sum it up we haven't even scratched the surface. Just my opinion I could be wrong. No One in Particular 3/04/2001 08:35:10 RE: Win and ZA Spying on you?! Message: Boy!!!!!!! Do something about the WIDTH of these messages. Turn Word Wrapping on!!!! Set Margin Width!!!! Do Something!!!! It is a real pain in the a*s to read this thread. The other One .... 3/04/2001 08:42:50 RE: Win and ZA Spying on you?! Message: *G* ... its matching exactly my config (1280x1024) ;-P arggghhh 3/04/2001 12:29:42 RE: Win and ZA Spying on you?! Message: I've found VSUTIL.DLL in my mcafee/viruscan directory. Windows/system seem to be clean as I did the custom uninstall to zonealarm, unless I missed something else. Anyone knows anything about this? RTaylor 3/04/2001 17:25:41 RE: Win and ZA Spying on you?! Message: No One in Particular, The problem viewing this thread is simply the result of a very looooooooong URL referenced earlier in this discussion. Nothing can be done except starting a new thread. Robert ô¿ô Matt 3/04/2001 22:22:38 RE: Win and ZA Spying on you?! Message: hmm, this topic sounds like the movie "The NET" ... Zone Lab may be the pretorians in the story :) On a completely subjective note: When I first saw the Zone Alarm mania (when everyone was downloading this app and sleeping better when using it), I felt something was wrong/bizare/bad with this thing... I don't know, call me crazy but I really thought (and still think) that thing was (is) only a "very good app that hides something". I'm probably one of the fiew out there who never installed Zone Alarm. I just didn't trust this at _all_, and still very suspicious. What about the proofs? I have nothing, I'm still seeking for that little PI on their homepages ;). I don't know... I really don't know. For the file that keeps growing, some says it stores the settings of the internet apps that you want to allow access to the network. Since I don't have ZoneAlarm on my computer I can't verify but just check out if there's no config file other than that one that stores this info, if there is one then this IAMDB file does look suspisious. Have a nice week, ... Emily 3/07/2001 02:50:40 RE: Win and ZA Spying on you?! Message: I deleted rpcss.dll from my machine and it puts itself back as soon as I delete it. ACtually. I can't delete the original file. I renamed it, changed its ext, then another one popped up and ever since I just delete. I do not have rpcss.exe, however. Anyone else notice that???? I'm running 2000 with no SP(and now I don't think I'll ever install one). Anonymous 3/07/2001 05:51:52 RE: Win and ZA Spying on you?! Message: Some tech details on rpcss with good links http://www.cexx.org/rpcss.htm Hamien 3/08/2001 18:17:09 RE: Win and ZA Spying on you?! Message: while were on the subject of conspiracy theories and suspicious files I got a quick question for all you guys and gals. Whenever I boot my machine two programs autoload in the background. I tried to use msconfig and dump them out of the startup but they dont exist. They are: mdm msgloop I know that mdm.exe is listed as a possible spy app in some places. what do you guys know about these progs? John 3/09/2001 17:17:48 RE: Win and ZA Spying on you?! Message: mdm.exe is Microsoft Machine Debug Manager, installed with MS Office configurations (2000 in my case). I can't say which Ofice component installs it, but it's only real purpose is to debug Internet Explorer scripts. It runs as a background service and robs system resources. Most people, including web developers, don't really need it. Go to www.98lite.net, poke around in there a while- they have an inf that will remove it completely from your system. Never heard of msgloop. Could that be "msg loop"? Iow, "message loop". Do you have any instant messaging stuff installed such as AIM? If so, that's where I'd start looking. Anon 3/11/2001 08:15:54 RE: Win and ZA Spying on you?! Message: There are independently verifiable ways to determine whether ZA (or any other software firewall) is trying to send anything back home. For example: A hardware firewall, which sits between the computer(s) and the Internet, will trap and log all traffic in and out of the computer or LAN it protects. If ZA ever (tries to) contact any external site, the hardware firewall will detect and record that. You can check the hardware firewall's logs to see if ZA, or any software firewall, has tried to act improperly. Of course, ZA could be filtering any reports coming in from the hardware firewall, but: 1) it would have to know how to do so for every hardware firewall on the market, including ones that haven't been built yet; and 2) you could turn ZA off when checking the hardware firewall's logs, or check those logs from a different computer on the LAN that has never installed or run ZA. Since many people have both ZA and a hardware firewall, this kind of activity would have been detected long ago, and publicized on the web and in the press. It hasn't happened, so ZA isn't doing it. Hardware firewalls are pretty inexpensive now (some are $100 or less), so if you're still worried, you can get one, monitor ZA yourself, and as a fringe benefit, have a second layer of protection. Now, maybe there's a deeper conspiracy. Maybe Zone Labs is in a nefarious plot with every company who makes hardware firewalls, so that those firewalls deliberately do not log anything with ZA's signature. After all, a weak little company like Cisco really has to stay in the good graces of powerful, giant software companies such as Zone Labs. Or, maybe Cisco owns Zone Labs. Of course, if they do, why should Netgear or SonicWall cooperate? Maybe all of them are part of the same cartel? Maybe we should be more concerned with DoubleClick and the Music Industry, both of whom have publicly announced plans to monitor every computer they can reach. vivo 3/11/2001 11:21:10 RE: Win and ZA Spying on you?! Message: HI folks! In my opinion we've given this issue more importance it really merits! I don't think we have sure proofs that ZA is "guilty"! More, I used to surf with both ZA and another firewall wide open, months ago. Well: I've never received any alarm from the "other" program. If Za calls home, I think it couldn't be "stealth". Could it? Bye from Italy and enjoy your surfing! Nobody is spying you! :-)) Erauqstfoseht 3/11/2001 17:27:48 RE: Win and ZA Spying on you?! Message: This discussion is interesting and rather thought provoking. I believe someone asked if their were any sniffer reports on zonealarm... That's a cheap and effective way to determine if ZoneAlarm is indeed reporting any information on its own will. I heard TinyPFW was more robust than ZoneAlarm and i'd hate to delve into mere paranoia, but no sense in taking any chances :) Oh, almost forgot to mention, does anyone have any idea as to the frequency of these supposed connections are made to key servers to report user information? It would help to have a rough estimate, so i can know exactly how long the packet dump has to run... i don't know much about spyware or truevector, i'd hate to leave my dumper running for a month *chuckles* AND1 3/13/2001 16:14:00 RE: Win and ZA Spying on you?! Message: ok.. i uninstalled zonealarm off my PC>. im running win2k.. what are the files that i need to delete now ? i just wanna b on the safe side til the issue gets resolved.. thx :) piXel Army 3/14/2001 12:11:34 RE: Win and ZA Spying on you?! Message: Does anybody have the files: "Blackbox.dll" and/or "EyeDog.ocx" in your system folder! I do and they seem sort of a weird name for files plus I opened both with a prog names ResHacker and it seems something to look into.. maybe? Lord 3/14/2001 16:52:07 RE: Win and ZA Spying on you?! Message: *.ocx files are often used in Visual Basic programs for different effects. I dont think it should be anything to worry about. as for blackbox.dll, have no idea, its not on my comp. Brand X 3/14/2001 17:04:05 RE: Win and ZA Spying on you?! Message: Yes blackbox is on mine. So far all I can see is that it's one of microsoft's mystery files. c:\windows\system 193kb application extension. All the things I learned in school and....... QoF 3/14/2001 19:12:00 RE: Win and ZA Spying on you?! Message: I totaly beleve this and this is also illegal. a preschool game called arther or something had a spy in it and logged every site you send to aned e-mail the stats to fisher price. well some one found it and they got busted major penilty. any way i though i would just put in my 2 cents anon32 3/14/2001 19:41:03 RE: Win and ZA Spying on you?! Message: History lesson: There is a series of popular childrens books and CD's about the adventures of a cartoon animal, (that resembles a school-age boy) named "Arthur". One of the more popular CD's, which DID contain spyware, was the subject of a widely circulated news item introducing the general public to the existance of Spyware, AND to ZoneAlarm. The massive free publicity either hurt "Arthur" sales, (or may have BOOSTED sales, considering how some people just DON'T pay attention), BUT DID rocket ZoneAlarm to the top of its category. I'm too lazy to list references here -- do a net search on "Spyware" and look at the earliest cluster of references for the details. :) big K 3/14/2001 23:16:57 RE: Win and ZA Spying on you?! Message: I have read this thread basically from basically its beginning with quite a bit of interest for a couple reasons. One, I use and have recommended ZoneAlarm, so it has a direct effect to me. Two, I wonder how close we really are to living in an Orwellian nightmare. I like ZoneAlarm, I'd like to think it stopped a hack attack more than once. The only unexplained packet data I've ever encountered was from Netscape. I like to think it's good to be cautious when necessary, but paranoia over being constantly monitored I hope is simply that-- paranoia. I admit I don't know how much our or other countries' governments know about their populations on an individual-by-individual basis. Our trust has been shattered so many times over that it's natural for us to look at things with a skeptical eye. But you have to trust someone. -K- VETERAN 3/15/2001 06:25:19 RE: Win and ZA Spying on you?! Message: Here you go peeps a simple solution to the dilemma and Microsoft can kiss my ass. Stupid pieces of shit aint gonna keep my ass in check. If ever they got info off my computer it was too bad that not a damn thing i ever patched or cracked or illegally registered was ever under my real name or even any info. To Top it off they never did find anything cuz I know like you should all know that if keep up to date and inspect your info that creating a HOSTS file is the answer to the problem. If zone alarm is spying more importantly. Make that the primary address you add to the HOSTS file. The great thing about the hosts file is that as long as you keep it up to date it wont turn on you like so i've been hearing about ZA. Don't worry about deleting files just know where these files are trying to send information to. Here's the combo I suggest: -Download the latest version of Ad-aware I believe its 4.55 right now -Run a search and look for a damn good up-to-date HOSTS file dedicated to putting a stop to these assholes. -Zone Alarm as far as I know is still one of the best Firewalls so go ahead and use that as well but make sure you keep it in check with the HOSTS File. -If your really serious about your privacy form a community dedicated to keeping it. Inform eachother about the latest spyware I had also heard of a program Spyware Analyzer I believe it was. A pretty powerful tool but alas it was never released becuz of its potential. Its priceless in this area we talk about. It performs an analysis of what the .dll or .exe or whatever is trying to do and what calls its trying to make. More or less like a debugger or a monitor. The great thing is that it dukes the spyware or program into believing its really making a connection with its home server (Big Brother a.k.a. microsoft, etc.). In other words it simulates what should have happened to trick the spyware into coughing up the information. All you crackers this is also a prospective tool for warez. Its like instead of using softice and trying to make a jump to trap the code this program just lets you sit back and wait till it comes to you. Pretty kick ass if anyone can find this program or something extremely similar, I would give my right arm to have it. kero 3/15/2001 08:13:08 RE: For 'piXel Army' Message: What OS you have/had ? I remember M$ EyeDog.ocx for Memphis beta-testers... rover 3/15/2001 10:22:15 RE: Win and ZA Spying on you?! Message: EyeDog is patched every few months by microsoft for a new vulnerability. unbeknownst 3/17/2001 11:11:47 RE: Win and ZA Spying on you?! Message: i cant even find the rpcss.dll file on my computer. is that good or bad texdawg 3/19/2001 05:40:02 RE: Win and ZA Spying on you?! Message: I have three files in my c:\windows\internet logs folder. They are: (1) IAMDB.RDB (2) XXXXXXXX.LDB where the XXXXXXXX is the name of my computer. (3) ZALog.txt On March 12th / 13th I installed Tiny Firewall and quit using ZoneAlarm (free one). Neither of these three files have been updated since March 13th when I completely cut over to Tiny Firewall. Also, I don't have any file named rpscc.dll on my computer. Is there a definitive list of other log files and dll's that I should look for? Can I delete, rename or move the IAMDB.RDB and the xxxxxxxx.LDB files? Anonymous 3/19/2001 10:31:51 RE: Win and ZA Spying on you?! Message: Check the alt. privacy link in the first post for a list of the ZA dlls. If you are no longer using ZA you can safely delete Iamdb and Zalog. If you choose to reinstall ZA, they'll be reinstalled too. No Rpcss? So much the better. DAR13 3/19/2001 18:48:01 RE: Win and ZA Spying on you?! Message: 75 Posts, still front page news! I admit I was probably paranoiacally wrong about ZA,it's a professional hazard in my business, but what the hell ,I've probably generated one of the longest posts in net history, good entertaining food for thought anyway. Been all over this board with various names anyway. Go ahead, flame me, flatter me, ignore me, dealer's choice. S 3/19/2001 19:25:07 RE: Win and ZA Spying on you?! Message: I admit I freaked out when I saw that giant IAMDB file, courtsey of ZA. No, there's no proof that ZA or TV or MM is "Spying" on any of us. I even admit ZA is probably the best combo of easy use f-wall + security available today. But does anybody else know of a firewall that collects so much data on one's sufing habits (okay, permissions) without enabling a log? What is up with that? Is this really necessary? I'm happy with ConSeal, but it does have a decent learning curve, and I haven't mastered it yet. I did figure out how to block Ident and FTP, and can allow in the connections I want to. If Sam Spade can't find a name for it, it's blocked. And I'm grateful to DAR for posting the link, because I want to avoid even a hint of spyware on my PC if I can. Just doesn't make any sense to me why ZA allowed MM access to TV, I mean if their really interested in bringing privacy to the masses. But then I don't think a $1.6 trillion tax cut is going to benefit many "middle-class" people either. nobody 3/19/2001 21:04:52 RE: Win and ZA Spying on you?! Message: S, I hate to see you struggle trying to learn how to write a ruleset for ConSeal. Here's how I do it. Rules are based on the priority system with smaller numbers, 90, taking priority over larger numbers, 100. (200 is the exception but don't worry about that now.) Start with your default ruleset and rename it. Click Rules, Add to make a new rule. Name it in the Description space and click Next. Click Services and make a rule to block everything listed with a priority of 100 for your default rules. Now make a rule to block UDP from ports 0-65535 UPD with a priority of 110. Make a rule to block TCP ports 0-1023 and one to block ports 5001-65535, both with a priority of 110. Then make rules to always take priority, such as blocking SunRPC Portmap port 110, with a priority of 80. All ports except the temp range are now blocked, with the default action being to block when there is not a applicable rule. Default rule #15 "Allow most Internet Access TCP" allows access from any IP and port to your temporary range of 1024-5000. Delete it! When surfing I make a temp rule as I go, when not using a proxy. A less secure method is to delete it and make a rule allowing access from any addy port 80. Now you need to enter the IP#'s of your email, DNS, etc. If you don't know them set it to learning mode to make a rule as you go with a priority of 90. S 3/19/2001 21:35:36 RE: Win and ZA Spying on you?! Message: Dear Mr. Nobody: That's generally what I've been doing, altho for Rule 15 I've allowed outbound on temp ports and blocked all inbound. This appears to work alright as CS asks me for permission with progs or connects I haven't already okayed. Like I said if I don't recognize an app it gets blocked. (What is SunRPC anyway? I always block it.) The frustrating thing as been getting my update d-loads to connect on single or double ports. I mean, CS tells me which IP, port and protocol they are using but when I go to set rule there must be conflict with other rules. I leave default rules on 100 and config exceptions to 90. One thing CS should do is allow you to set sets of ports instead of ranges, as their may be ports in-between ports you don't want to allow access for. My main Q would be about ARP, does it need such wide access? Not sure I like that. But this is a damn fine firewall, once I realized to block Ident I ran stealth at sdesign for over 2 hrs. I shall follow-up on your suggest's, dankeschoen. sensi 3/20/2001 03:31:14 RE: Win and ZA Spying on you?! Message: Here's some nice investigative reporting on ZA's relationship with spying.. Worth a look. http://groups.google.com/groups?hl=en&lr=&safe=off&th=1f9213da39dff7bd&rnum=1&seld=925269354&ic=1 sensi 3/20/2001 03:34:52 RE: Win and ZA Spying on you?! Message: My first forum posting and I made a complete idiot of myself.. Never again will I post anything past 3am. Sorry for the stupidity i will now kill myself. nobody 3/20/2001 07:56:57 RE: Win and ZA Spying on you?! Message: SunRPC Portmapper port 111, not 110 as I posted. 110 is POP3. I believe you need to allow ARP to be recognized as logged on. Block RARP and IXP/SPX unless you're on LAN. If you're having a rule conflict just see which one is blocking you and work with it. GoodLuck yy 3/20/2001 11:48:06 RE: Win and ZA Spying on you?! Message: Just tried deleted IAMDB.RDB & XXXXXXXX.LDB, and ZoneAlarm re-installed these two files. At first they just 0 byte, two clicks on my IE made them grew to 22K. I've uninstalled ZoneAlarm then... BTW, anybody tried eSafe Desktop from Aladdin? the latest version(3.0) got a function similar to ZoneAlarm--disallow softwares use internet unless pre-selected. Is that software trust-worthy? DAR56 3/20/2001 12:27:45 RE: Win and ZA Spying on you?! Message: yy, Being the arsonist here, I'll fess up and say that there's no real evidence to believe that ZA is spyware; use it,it's free, easy and fine. Wish my Wife still was. tewton 3/20/2001 15:55:23 RE: Win and ZA Spying on you?! Message: 1: i have atguard running at same time as zone alarm pro, it seems to sit outside zonealarm. i know it works because i've never had anything go through zonealarm straight to atguard. i can test this by giving programs one time access through zonealarm, atguard immediately pops up! trust in zonealarm :-) i found full pro version on FOSSI ages ago in addition: 2:if i understand it right the zonealarm program just acts as an interface for the truevector monitor, changing permissions and such? if the zonealarm program crashes you are still protected from the truevector.dll but can't change permissions and such <i have no knowledge, i am probably wrong about the second part?????> lakini 3/20/2001 18:21:12 RE: Win and ZA Spying on you?! Message: Chicken little chicken little, how hard and fast will the sky fall? Isnt IAMDB.RDB the log for what services you will allow to connect to the net hmmm yes. so if you delete it and restart zone alarm it will be o byte then as you allow diffrent programs to access the internet through zone alarm the size of the file will increase right? so how is this "disturbing" whats to worry what else is there, a whole lot of drivers? no crap its a complex program... If your 're worried about true vector why dont you just go into your system configuration utlity and disable the true vector drivers that way i promise zone alrm will still work and the sky wont be falling anymore... S 3/20/2001 20:36:15 RE: Win and ZA Spying on you?! Message: RT: It doesn't work that way, you can't run ZA w/o the TV.dll's. Plus, if it were ONLY recording which apps are allowed connects, the file would not nearly be that large. It's recording where you go and does not need to; once an app is enabled it only needs to allow the app, nothing else. But then again, some people think supply-side and trickle-down are real economic theories. (Christ, here we go again!) S 3/20/2001 23:10:17 RE: Win and ZA Spying on you?! Message: In all fairness I suppose you could just delete the contents of the VS* files and dll's (if their not write-protected that is. I don't remember whether I could or not when I un-installed ZA). After all we have to purge cache, cookies, history, temp files and other hidden goodies. Why should ZA be any different? Post a reply to this message: Name: Email: Notify me when I get a reply to my message:Yes  No Subject: Message: