| Computer Gripes | documenting the down side of computer stuff |
|
HomeSearchMerchandiseAboutMichael HorowitzMy CNET Blog
|
| Index: A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ALL |
 |
ZoneAlarm GripesZoneAlarm from ZoneLabs is a free personal firewall |
 |
August 5, 2007. ZoneAlarm does not detect the presence of either NOD32 or Kaspersky anti-virus.
The free version did not detect Kasperky and the anti-spyware version did not detect NOD32.
June 15, 2007. ZoneAlarm's 'Vista Ready' label is criticized. Windows Secrets Newsletter. June 14, 2007 edition. A newsletter reader purchased the ZoneAlarm Internet Security Suite because it said 'Vista Ready' on the box. But it wasn't, the software would not install under Windows Vista.And he was given a hard time getting a refund.
October 25, 2006. ZoneAlarm's New Auto-Updater Prompts Confusion by Brian Krebs in the Washington Post. In June 2006, ZoneAlarm 6.5 was given the ability to download patches automatically and update itself without any involvement from the user. Two problems: First, the vendor, CheckPoint, kept this a secret. You'd be working away and out of the blue ZoneAlarm would nag to reboot because it had just updated itself. Second, you weren't given a chance to opt out of the patch process. Using your computer for something too important to bother with this? Tough luck? Windows Update can run in a polite mode where it asks you before doing anything. Not ZoneAlarm.
July 11,2006. A reader wrote to say that while using the newest version of ZoneAlarm and then running a check disk in Windows XP, that Windows wouldn't boot. To recover, he had to use the Last known good boot time option. Apparently, a DLL in ZoneAlarm causes a session 5 stop error. The vendor is said to be aware of the problem. I can't confirm this. For more see After ZA 6.5, Stop error after running chkdsk in WinXP SP2
June 2, 2006. I recently had occasion to copy a Windows OS partition with Partition Magic to another partition on the same computer. When running Windows from the newly created copy, most of the ZoneAlarm customizations were lost. Among them were whether to show alerts about blocked incoming probes and the list of programs along with all of their permissions. The next day, I used Acronis True Image to backup a Windows partition from one computer and restore it to another, with both machines being the exact same make and model. Again, I lost most of the ZoneAlarm customizations when running Windows from the newly created partition.
December 10, 2005. When upgrading from v6.0.667 to v6.1.737 you lose any IP address ranges that were defined in the Zones section. I use this to define the IP address range of my local LAN to the Trusted Zone. The upgrade was done by un-installing the old version first.
December 9, 2005. When Firefox v1.5 starts up ZoneAlarm asks if it can access the Internet. I say yes, but not to remember the decision a number of times. Then, after doing it yet again, ZoneAlarm does not respond to clicks on either the Allow or Deny buttons. I can't rid of the Alert window. I can't even drag it around the screen. Right clicking on the ZA icon in the system tray produces the usual pop-up menu, however, ZoneAlarm fails to respond to any of the choices in this menu. That is, clicking on Shutdown ZoneAlarm does nothing. Clicking on Restore the ZoneAlarm Control Center also does nothing. Etc. etc. Task Manager could not kill either of the two ZA processes. I had to shut down Windows.
September 28, 2005. Still more. Re-booting did not solve the problem of ZA 6 blocking all Internet access. This left me no choice but to uninstall version 6.0.667.000. When I installed that last version of version 5 (specifically v5.5.094.000) it also generated the same group of errors in the Windows Application log. Other than that though, it seems to be working fine.
September 27, 2005. It gets even worse again. I had just installed the Adobe Acrobat reader version 7.0 and used its "check for updates" feature to get the bug fixes for 7.0.1 and 7.0.2 and 7.0.3. But it kept saying there were no updates. Thinking it may be a firewall problem, I shut down ZoneAlarm. It was not a firewall problem so I manually downloaded and installed the bug fixes for 7.0.1 and 7.0.2. Then, finally, the "check for update" feature in Acrobat did find the 7.0.3 update and I installed it. Boring, I know. Next I start NetMeeting and get a warning from the Windows firewall. Oops, ZoneAlarm is not running. So I start it.
No more Internet.
It blocked all net access. Shut down ZoneAlarm, the net is back. Start
ZoneAlarm, the net is blocked. IE was blocked. Firefox was blocked. Norton AV Live Update was blocked. All these programs accessed the Internet just fine before.
There were no messages or alerts from ZoneAlarm. The system was Windows XP Pro
SP2 with all bug fixes applied.
September 26, 2005. It gets worse. I installed ZoneAlarm v6.0.667.000 on a Windows 2000 SP4 virtual machine that consisted of nothing but the Operating System. This time I opted for the 2 week trial of ZoneAlarm Pro. Again, the same slew of errors appeared on the Application Log. As before the event types are 5003 and 5011 and the source is True Vector Service. The number of log entries and the details of each log event were exactly the same as the first time I noticed this problem. And again, there is no visual indication when using ZoneAlarm that anything is wrong.
September 25, 2005. The exact same thing described below happened again on another Windows XP computer. This machine was new. The only software installed on it were all the latest Windows bug fixes (using Windows Update) and Norton AntiVirus 2004, also with all of its bug fixes. No doubt about it now, the current version of ZoneAlarm is NOT ready for prime time.
September 22, 2005. Windows XP Home Edition. Up to date on all Windows patches. Pretty new machine, not much software on it other than Windows. There was no prior version of ZoneAlarm on the machine and I was running as an Administrative class user. In short, close to a best case scenario. Still, ZoneAlarm version 6.0.667.000 suffered a slew of errors.
I didn't even notice the errors at first, there were no visible error
messages and ZoneAlarm seemed to function normally. However, while looking
at the system logs for an unrelated reason, I stumbled across the 17
errors shown here (click the image for a full size version). That was not
a typo, there were 17 serious (red) errors on the application log. In each
case, the source of the error was the True Vector Service, part of
ZoneAlarm. The event IDs were either 5011 or 5003. |
A sample of the detailed information on the application log is shown at the
left (again, click on the image for a full size version). All
messages start the same: "The description for event ID (9999) in Source (True Vector Service) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE=flag to retrieve this description; see Help and Support for details. The following information is part of the event:" |
The only difference being the event IDs. The last sentences however, differ among the 17 errors. They are shown below with the last error at the top and the first one at the bottom
September 23, 2005. These errors no longer occur. I tried to contacted ZoneLabs for tech support. It seems their heart is not in it:
September 28, 2005. The current version is 6.0.667.000. Does someone at ZoneLabs get paid by the digit? This is the longest version number I've ever seen for a program.
September 15, 2005. ZoneAlarm update fixes tricky glitches By Brian Livingston. Quoting: "The new 6.0.667 build of ZoneAlarm products, released on Sept. 6, is being credited by experienced users with fixing most or all of the reported difficulties." Not the first time that waiting until the third version of a new release of ZoneAlarm was the correct way to go.
August 25, 2005. On the Personal Computer Radio Show, the host, Joe King announced that next week ZoneLabs will be releasing a big patch for ZoneAlarm version 6. I've heard from a number of people that the paid edition of version 6 puts out too many messages and that the messages are confusing.
July 28, 2005. ZoneAlarm version 6 was just released. In the July 28th issue of his newsletter, the Langa List, Fred Langa suggests avoiding it for a while. I agree.
March 30, 2006. This
may not be the problem it no longer is. With the version 6.1.737 there are now
two tvDebug files. The ".log" and a new ".zip". It seems the
zipped file is a compressed archive and it compresses very well - about 93% on
my computer.
July 3, 2005. ZoneAlarm version 5.5.062.011 on Windows 2000. I was looking at the ZoneAlarm files in the C:\WINNT\Internet Logs folder today and noticed file tvDebug.log was 17 megabytes.
I first wrote about this file back in December 2003 with ZoneAlarm version 3.7. At the time it was 3.6 megabytes and I simply deleted it after shutting down ZoneAlarm. All was well. In April 2005, I noticed that the file was 20 megabytes and was being updated every 10 seconds or so. Again today I deleted the file by shutting down ZoneAlarm, deleting it and restarting ZoneAlarm.
The gripe is that you have to remember to do this every few months or so or the file will grow forever.
An online search turned up some information: The "tv" is for True Vector, part of ZoneAlarm. This file records ZoneAlarm activities and is used for debugging by ZoneLabs. If there is no tvDebug.log file when ZoneAlarm starts up, it creates a new one.
May 1, 2005. On two Windows 98 machines using different levels of ZoneAlarm version 5, I observed frequent CPU usage spikes attributable to ZoneAlarm. This does not happen on newer versions of Windows.
October 4, 2005. Due to problems with version 6, I upgraded an old copy of ZoneAlarm version 5.1.011 to the last version of version 5: 5.5.094.000. In so doing, I lost all customizations, including the list of allowable programs.
|
April 12, 2005. FYI: On a Windows 2000 machine, I upgraded from an old version of v5.5.062 to a newer version of v5.5.062 by un-installing the old version first.
FYI: The uninstall of the old version requires a re-boot to complete, so too does the installation of the new version. The un-install asks if you are doing this on purpose which is great protection from Spyware that might try to shut down ZoneAlarm without your knowledge. Uninstalling wiped out all files in the Internet Logs folder (see entry below from April 8th). All customized configuration and preferences were lost.
After installation, the only authorized program was "services and controller app", no IE. However, when I first used IE, it was allowed to access the Internet without my being asked. ZoneAlarm seems to have automatically added it to the list of authorized programs. This is a new behavior, at least to me, and brings up the question of which programs ZoneAlarm will automatically allow out. There is one file in the Internet Logs folder that was not created today: safePrograms.xml. I'm not sure what it is, but it includes programs that I would not allow to access the Internet. It is dated October 29, 2004. I fear that ZA will allow these programs to access the Internet without asking me.
April 13, 2005: version 5.5.062.011. The log viewer has two problems. First, if you shrink a column too far, it can be completely hidden to the point that you would not know it was there. The last column, Destination DNS, truncates the computer name and is very hard to resize so it displays the full name. When the ZoneAlarm window is maximized you can only enlarge this column a trivial amount. The trick is to not use a maximized window when resizing this column.
April 8, 2005. FYI. I have not run across this problem myself, but I'm told (thanks Richard) that if you upgrade from the free version of ZoneAlarm to the Pro version, a clean install may not be so clean. That is, some old rules from the free version may still impact the Pro version in undesirable ways. If you are upgrading, this can't hurt: 1) tell ZA not to run automatically at start-up time 2) reboot to safe mode 3) find the "Internet Logs" folder on your hard drive (it is probably in the C:\Windows folder) 4) delete all the files in that folder, but not the folder itself 5) empty the recycle bin and restart Windows normally 6) start ZA and again tell it to run automatically at start-up time. This totally cleans out all rules and customizations for ZoneAlarm.
This procedure can be helpful anytime ZoneAlarm is acting up, which may be due to a corruption of its rules database. This posting on the ZoneLabs forum says "Your database can get corrupt if your computer shuts down too quick, you have a crash, or a power outage."
On my computer, the "Internet Logs" folder is 52 megabytes. It includes a 20MB file called tvDebug.log that seems to be updated every 10 seconds or so. There were also 26 ".tmp" files, totaling 23 MB. I deleted all but the most recent ones. If these really are "temp" files, it is sloppy of ZoneAlarm to leave them around without deleting them.
January 30, 2005. Version 5.5.062.004 of the Free edition. When ZoneAlarm tells you that a program wants to connect to the Internet, it tells you the program name. This is not sufficient to make an intelligent decision about whether to allow the connection or not. You need to know the full path the program. The full path is logged by ZoneAlarm in its log, but is not shown in the Alert message to the user.
January 30, 2005. Version 5.5.062.004 of the Free edition. When ZoneAlarm tells you that a program wants to connect to the Internet, it shows an English description of the port number, for ports that it knows about. For example, AOL Instant Messenger is shown as wanting to connect to the AOL port rather than to port 5190. It should show both the name and number to help the user decide whether to allow the connection or not.
ZoneAlarm is also inconsistent here. It logs only the port number (no English name) in the log file but shows the user only the English name.
October 28, 2004. Windows 2000 SP4. ZoneAlarm v5.1.011. Shortly after booting, a ZoneAlarm pop-up said that "Spooler SubSystem App is trying to access the Internet". The program was spoolsv.exe and it was trying to get to the DNS server of my ISP. This program is configured with a permanent block. However, ZoneAlarm said the program has changed since the last time it ran. I don't think so. The ZoneAlarm log show it was blocked by the always-block-this-program rule earlier in the same day. I had not run Windows Update.
October 26, 2004.
Windows 2000 SP4. ZoneAlarm v5.1.011. Program ccApp.exe is part of Norton
AntiVirus 2003. ZoneAlarm identifies it as "Common Client CC App" and
has been configured to let it access the Internet for a long time.
Today, ZoneAlarm asked if I wanted to let it access the Internet. This despite
the fact that it has always had permission and the next day it still had
permission. It was trying to get to the DNS server of my ISP.
Why the question?
I said no and from them on could not read any
email. None. I tried 3 different email programs and tried to read from four
different mail servers for four different accounts. The next day, all was
well.
Update: November 2, 2004. Same thing again. This time I allowed the
outbound net access.
Update: December
12, 2004. Again today, out of the blue Common Client CC App wanted Internet
access shortly after booting windows. This on a computer where nothing had
changed. I denied it access and could not do email. I check multiple email
accounts on multiple email servers from multiple ISPs. None of them worked.
Every attempt to read email results in an entry in the ZoneAlarm log that
program ccApp.exe was blocked. The strange this is that this program has full
Internet access permissions in the ZoneAlarm rules. I shut down ZoneAlarm
(v5.1.011), re-started it and all was well. This may be a Norton AntiVirus
gripe, I'm not sure.
October 20, 2004. I don't let ZoneAlarm check for updates on its own, instead I prefer to manually check. Today I was told that there was an update available to version 5.1.033 (the machine in question was using 5.1.011). Fine. But the update notification window has options to update now or be reminded in X days. There is no option to do nothing, and you can't close the window without selecting one of these two "must update" options.
September 12, 2004. Windows 2000 SP4. Uninstalled ZoneAlarm 5.1.011 and then re-installed it. After the install you have to reboot. After the reboot, you get the ZA tutorial. Then ZA finally starts. It immediately popped up an alert about a program accessing the Internet (services.exe) and that hung the computer. Clicking on the About option to get more information on the alert caused ZA to hang. I tried to run Process Explorer via Start -> Programs but it never started. Task Manager was already running and I used it to kill ZA. Then Process Explorer started.
After this mess, I rebooted. Again ZA warned about Services and Controller App (services.exe) trying to get to the Internet. Again I tried to run Process Explorer but it did not start up. I did not try to get more info from ZA. I answered this first prompt and then two more. When all the ZA alerts were dealt with, then Process Explorer started to run.
I told ZA to auto-configure itself as part of the install process. Despite that I still saw three alerts the first time it ran. It did even configure IE to be allowed out.
Update. September 18, 2004. The same thing happened again. Just after booting, ZoneAlarm alerted me that "Generic host process for Win32 services is trying to access the Internet". Since svchost.exe could be any Windows service at all, I tried to run Process Explorer to see which service wanted Internet access. Again, Process Explorer never started until I got rid of the ZoneAlarm alert. The destination IP address was the DNS server of my ISP.
Update. September 19, 2004. This time I clicked on the More Info button in the ZoneAlarm alert. Internet Explorer never started. I tried to run Firefox and it too never started. As soon as I responded to the Alert from ZoneAlarm both web browsers started up. The ZoneAlarm web page describing the error is Generic Host Process for Win32 Services is trying to connect to the Internet or your local network. My computer worked fine when I denied net access to svchost.exe. I next ran Process Explorer from Sysinternals which reported two instances of program svchost.exe. One of them had no active TCP/IP connections, the other was listening on the epmap (end point mapper) port. Process Explorer showed this to be the Remote Procedure Call Service which was being auto-started at boot time. You can't stop this service, but I set it to "manual" startup mode.
Update: September
20, 2004. The Remote Procedure Call service is set to manual and it was started
at boot time. The Remote Procedure Call Locator service is set to manual and it
did not start at boot time. With both services set to manual, ZoneAlarm no
longer issued an alert regarding program svchost.exe just after booting Windows.
I thought I was done.
But no. When I started MailWasher to read my email, it all happened again.
Same ZA alert. Again, Process Explorer would not run. I allowed the connection.
The RPC locator service is still not running. Process Explorer shows the same
info. The ZA log shows it was trying to get the DNS name server of my ISP.
Update. September 21, 2004. Its still happening. Sometimes just after booting,
sometimes later. Once it happened well after booting, when I right clicked on a
local disk drive partition and was about to make it shared.
Update. September 22, 2004. I started Process Explorer at boot time so today it
was available to poke around the two instances of svchost.exe. It wasn't obvious
however which one was waiting for the ZoneAlarm prompt to be resolved. The
services running were:
event system COM+ Event System,
netman network connections,
ntmssvc removable storage,
rasman remote access connection manager, sens system event notification,
tapisrv telephony,
rpcss remote procedure call. RPC was already listening on the epmap port, so
there went my prime suspect. No additional TCP/IP connections showed up after
allowing the net access.
October 4, 2004. I
gave up and granted svchost.exe permanent access to the Internet.
August 30, 2004. Version 5.1.011.000. When you have this many digits in the version number, its time to take a step back. This is the third edition of version 5.
Windows 2000: Just after installing ZA5 and rebooting, the first thing I did was try to get my email, only to be interrupted by a ZoneAlarm pop-up warning me that Common Client CC App was accessing the net. There was no reason for this warning. This program is part of Norton AntiVirus 2003 which, while running ZoneAlarm version 4.5 on this machine was happily checking my inbound email. When I installed ZA v5, I opted for an upgrade installation which should have kept all the existing rules. ZoneAlarm said that the program had changed. It did not. The only thing that changed was ZoneAlarm.
When you get a warning from ZoneAlarm it tells you the program name. This is not enough information upon which to make a decision. Many malicious programs use the names of good programs but reside in different directories. ZoneAlarm should provide the full path to the program in question.
Researching "ZoneAlarm False-Proxy Detection" No date. Refers to ZA version 5.0.590.015. Stephen J. Friedl at Unixwiz.net
July 15, 2004. Now that version 5 is in its second edition (v5.0.590.043 - see the release history links at the top of the page) I decided to try it. If there are any installation instructions on the ZoneLabs web site, I couldn't find them. Basic things like what to do with a prior version of ZoneAlarm are unanswered. I guessed that it did not have to be uninstalled and should not be running when v5 is installed. Users should not have to guess. When the install starts it tells you to shut down all running programs, so my second guess was a good one. It seems to have installed fine, so the first guess worked out also.
In the Overview section, on the Preference tab, the checkbox for "Protect the ZoneAlarm client" defaulted to being off.
FYI: You have to reboot after installing v5.
FYI: There is a User
Guide for ZoneAlarm v5
FYI: If you are wary of using version 5, then you can download
the last edition of ZoneAlarm version 4.5. Up until the second release
of version 5 (5.0.590.043), this was the right way to go.
Update: There is no longer a need for version 4 of ZoneAlarm. Version 5
has been stable for months. September 6, 2005.
May 31, 2004. Version 5 of the free edition of ZoneAlarm (actually version 5.0.590.015) was released May 24, 2004. It did not take long for the gripes to appear.
New ZoneAlarm Version Disappoints by Fred Langa (May 31, 2004) tells a brutal tale. Mr. Langa starts with "ZoneAlarm is beginning to suffer from "kitchen sink" syndrome: Each version has added more and more features until what once was a simple, elegant firewall is now a complex security suite." In his case the new anti-virus features of ZoneAlarm Pro interfered with Norton AntiVirus to the point he had to recover Windows. The Langa List newsletter article also includes letters from readers describing other problems with ZoneAlarm version 5. One letter has advice about how to deal with ZoneLabs on these problems.
ZoneLabs describes the new AntiVirus monitoring feature as: "Helps manage other security solutions by alerting you when your AntiVirus protection (even from another vendor) has been disabled or is out of date".
June 14, 2004. A reader of this page has the update check feature of ZA
version 5.0.590.015 turned off. Despite this it seems to be phoning home. His NAT firewall log shows
Zone Alarm trying to get at the below URLs during system startup and other times.
hs2.zonelabs.com
ps2.zonelabs.com
I can't confirm this, as I'm avoiding version 5 for now. However, when I once ran the Norton Firewall at the same time as ZA 4 (by mistake) the Norton firewall also picked up outgoing connections from ZA.
June 16, 2004. The technical support section of the ZoneLabs web site no longer offers access to a Knowledge Base. Also, there is no FAQ for the free version of ZoneAlarm, only for the paid products.
FYI: A Microsoft Knowledge Base article 321434. When you install Microsoft Visual Studio .NET on a computer that uses third-party firewall software, such as Zone Labs ZoneAlarm Pro, the Microsoft Windows Component Update (WCU) does not install all the Microsoft .NET Framework components, and the installation may stop responding (hang). This applies to Visual Studio .NET, Visual C++ .NET, Visual Basic .NET, Visual C# .NET and Visual J# .NET. Last Reviewed: 6/11/2004
April 18, 2004. Windows XP. ZoneAlarm version 4.5.538. ZoneAlarm has many configuration options. My gripe is that some of them are per user while some of them are per computer. Also, this distinction is determinable only by trial and error, nothing in the ZoneAlarm user interface indicates whether an option applies to the entire computer or just to the currently logged on user. I experimented with some options:
Per User: When you click the X in the top right corner to close the ZoneAlarm user interface, you may get a warning that doing so does not terminate the firewall program itself. Whether you get this warning or not, is tracked per user. So too is the option of whether to check for updates automatically or manually.
Per Computer: Load ZoneAlarm at startup, Mail Safe On/Off, Protect the ZoneAlarm client On/Off and Alert Events On/Off.
Continued . . .
I also have gripes on older releases of ZoneAlarm and a list of articles about
ZoneAlarm.
I have been griping about ZoneAlarm for years. The old gripes page is 135K plus
images
| Page created: February 2000 | Page last updated: August 5, 2007 |
| Prior updates: June 15, 2007 | October 28, 2006 | |
|
Home |
Search | Merchandise | About | Griping by: Michael Horowitz | TOP |
