ZoneAlarm not blocking AVG auto update

The ZoneAlarm people have always given assurances that even though
the icon for ZoneAlarm take a while to show up on the monitor, the
firewall itself is running and working immediately to block any
Internet traffic to or from your computer.

Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
Free 6.1.737. AVG can phone home from my computer at boot-up, and
download its anti-virus update *before* ZoneAlarm starts.

There's no doubt about this. I do not have any permissions in
ZoneAlarm to allow AVG access, and no warning popped up in
ZoneAlarm telling me that AVG wanted to access the Internet.

I disabled the AVG update service, so AVG won't be automatically
connecting anymore, but if AVG can do it, so can any other
program. Which makes ZoneAlarm more or less worthless.

Al Smith

on 8/9/2006 2:03 PM Al Smith said the following:
> The ZoneAlarm people have always given assurances that even though the
> icon for ZoneAlarm take a while to show up on the monitor, the firewall
> itself is running and working immediately to block any Internet traffic
> to or from your computer.
>
> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free
> 6.1.737. AVG can phone home from my computer at boot-up, and download
> its anti-virus update *before* ZoneAlarm starts.
>
> There's no doubt about this. I do not have any permissions in ZoneAlarm
> to allow AVG access, and no warning popped up in ZoneAlarm telling me
> that AVG wanted to access the Internet.
>
> I disabled the AVG update service, so AVG won't be automatically
> connecting anymore, but if AVG can do it, so can any other program.
> Which makes ZoneAlarm more or less worthless.

Which raises the question, can't you control this by changing the load
order? Personally, I think I'd rather have my AV software load first so
it can take a look at anything else that loads. I use Kaspersky, i can
imagine a malware that loads B4 KAV, and hides itself from KAV. But KAV
can handle it if you can reverse the order.

Anyone know how to do this and if it is desirable?

John Hyde

>> The ZoneAlarm people have always given assurances that even though the icon for ZoneAlarm take a while to show up on the monitor, the firewall itself is running and working immediately to block any Internet traffic to or from your computer.
>>
>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free 6.1.737. AVG can phone home from my computer at boot-up, and download its anti-virus update *before* ZoneAlarm starts.
>>
>> There's no doubt about this. I do not have any permissions in ZoneAlarm to allow AVG access, and no warning popped up in ZoneAlarm telling me that AVG wanted to access the Internet.
>>
>> I disabled the AVG update service, so AVG won't be automatically connecting anymore, but if AVG can do it, so can any other program. Which makes ZoneAlarm more or less worthless.
>
>
> Which raises the question, can't you control this by changing the load order? Personally, I think I'd rather have my AV software load first so it can take a look at anything else that loads. I use Kaspersky, i can imagine a malware that loads B4 KAV, and hides itself from KAV. But KAV can handle it if you can reverse the order.
>
> Anyone know how to do this and if it is desirable?


Seems to me that the firewall should load first when you have an
always-on Internet connection. It's worrying, only because if AVG
can load before ZA, probably anything else can also. Major point I
wanted to make is that when ZoneAlarm tells you that the firewall
loads first, even though the icon may not be up on the screen,
they are lying through their teeth.

Al Smith

on 8/9/2006 4:04 PM Al Smith said the following:
>>> The ZoneAlarm people have always given assurances that even though
>>> the icon for ZoneAlarm take a while to show up on the monitor, the
>>> firewall itself is running and working immediately to block any
>>> Internet traffic to or from your computer.
>>>
>>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free
>>> 6.1.737. AVG can phone home from my computer at boot-up, and download
>>> its anti-virus update *before* ZoneAlarm starts.
>>>
>>> There's no doubt about this. I do not have any permissions in
>>> ZoneAlarm to allow AVG access, and no warning popped up in ZoneAlarm
>>> telling me that AVG wanted to access the Internet.
>>>
>>> I disabled the AVG update service, so AVG won't be automatically
>>> connecting anymore, but if AVG can do it, so can any other program.
>>> Which makes ZoneAlarm more or less worthless.
>>
>>
>> Which raises the question, can't you control this by changing the load
>> order? Personally, I think I'd rather have my AV software load first
>> so it can take a look at anything else that loads. I use Kaspersky, i
>> can imagine a malware that loads B4 KAV, and hides itself from KAV.
>> But KAV can handle it if you can reverse the order.
>>
>> Anyone know how to do this and if it is desirable?
>
>
> Seems to me that the firewall should load first when you have an
> always-on Internet connection. It's worrying, only because if AVG can
> load before ZA, probably anything else can also. Major point I wanted to
> make is that when ZoneAlarm tells you that the firewall loads first,
> even though the icon may not be up on the screen, they are lying through
> their teeth.

Oh, I got that. And I see your point about the FW first. Basically I
see both AV and FW as basic level services and IMHO the only things that
should load before either are the services that are essential to getting
the FW and AV to function.

In the specific case of ZA, maybe they aren't "lying" per se, just
wrong. Suppose their installer is designed to have the FW load first,
and as far as they know, it works. But AVG is designed to do the same
thing (since the AVG coders think the order should be AV then FW) and
their software "won" the load first battle.

Shouldn't the user be able to control this behavior? Gee, I'm back to
my original question. Buhler? . . . Buhler? . . . Anyone? . . . Anyone?



JH

John Hyde

On Wed, 09 Aug 2006 23:04:14 GMT, Al Smith <>
wrote:

>>> The ZoneAlarm people have always given assurances that even though the icon for ZoneAlarm take a while to show up on the monitor, the firewall itself is running and working immediately to block any Internet traffic to or from your computer.
>>>
>>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free 6.1.737. AVG can phone home from my computer at boot-up, and download its anti-virus update *before* ZoneAlarm starts.
>>>
>>> There's no doubt about this. I do not have any permissions in ZoneAlarm to allow AVG access, and no warning popped up in ZoneAlarm telling me that AVG wanted to access the Internet.
>>>
>>> I disabled the AVG update service, so AVG won't be automatically connecting anymore, but if AVG can do it, so can any other program. Which makes ZoneAlarm more or less worthless.
>>
>>
>> Which raises the question, can't you control this by changing the load order? Personally, I think I'd rather have my AV software load first so it can take a look at anything else that loads. I use Kaspersky, i can imagine a malware that loads B4 KAV, and hides itself from KAV. But KAV can handle it if you can reverse the order.
>>
>> Anyone know how to do this and if it is desirable?
>
>
>Seems to me that the firewall should load first when you have an
>always-on Internet connection. It's worrying, only because if AVG
>can load before ZA, probably anything else can also.

AFAIK, the only firewall that does that truly reliably is the build-in
windows firewall (XXP SP2) since it is an integral part of the OS.
It has a special (non-configurable) boot-time filter allowing only
initial network traffic (DNS, DHCP etc.) until machine is running and
firewall is in place. That's when the "normal" filtering rules take
effect.

>Major point I wanted to make is that when ZoneAlarm tells you that
>the firewall loads first, even though the icon may not be up on the screen,
>they are lying through their teeth.

I wonder why that would'nt surprise me.

B. Nice

On Wed, 09 Aug 2006 21:03:10 GMT, Al Smith <>
wrote:

>The ZoneAlarm people have always given assurances that even though
>the icon for ZoneAlarm take a while to show up on the monitor, the
>firewall itself is running and working immediately to block any
>Internet traffic to or from your computer.
>
>Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
>Free 6.1.737. AVG can phone home from my computer at boot-up, and
>download its anti-virus update *before* ZoneAlarm starts.

I don't see what you mean. I'm using ZA 6.1.744.001 and AVG doesn't
update without ZA asking for permission. I deleted the AVG Update
download entry from ZA's program list, and it ask for permission on
the next update. It seems to be working as I expect it to for me. :/
--
Zilbandy - Tucson, Arizona USA <>
Dead Suburban's Home Page: http://zilbandy.com/suburb/
PGP Public Key: http://zilbandy.com/pgpkey.htm
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Zilbandy

>>Seems to me that the firewall should load first when you have an
>>>always-on Internet connection. It's worrying, only because if AVG
>>>can load before ZA, probably anything else can also.
>
>
> AFAIK, the only firewall that does that truly reliably is the build-in
> windows firewall (XXP SP2) since it is an integral part of the OS.
> It has a special (non-configurable) boot-time filter allowing only
> initial network traffic (DNS, DHCP etc.) until machine is running and
> firewall is in place. That's when the "normal" filtering rules take
> effect.
>

I'd be tempted to run the Windows firewall in combination with
ZoneAlarm, except that ZoneAlarm wants to deactivate the Windows
firewall when it runs (probably for good reasons -- conflicts).
I'm not sure if I can turn the Windows firewall on in any case
with ZoneAlarm running, but I guess I can try.

Al Smith

>>Well, bullshit. I recently installed AVG. I'm running ZoneAlarm
>>>Free 6.1.737. AVG can phone home from my computer at boot-up, and
>>>download its anti-virus update *before* ZoneAlarm starts.
>
>
> I don't see what you mean. I'm using ZA 6.1.744.001 and AVG doesn't
> update without ZA asking for permission. I deleted the AVG Update
> download entry from ZA's program list, and it ask for permission on
> the next update. It seems to be working as I expect it to for me. :/


Sure it asks for permission -- if ZoneAlarm is running. Maybe on
your machine, ZoneAlarm starts before AVG. On my machine, AVG
starts first.

Al Smith

On Wed, 09 Aug 2006 14:42:00 -0700, John Hyde <>
wrote:

>on 8/9/2006 2:03 PM Al Smith said the following:
>> The ZoneAlarm people have always given assurances that even though the
>> icon for ZoneAlarm take a while to show up on the monitor, the firewall
>> itself is running and working immediately to block any Internet traffic
>> to or from your computer.
>>
>> Well, bullshit. I recently installed AVG. I'm running ZoneAlarm Free
>> 6.1.737. AVG can phone home from my computer at boot-up, and download
>> its anti-virus update *before* ZoneAlarm starts.
>>
>> There's no doubt about this. I do not have any permissions in ZoneAlarm
>> to allow AVG access, and no warning popped up in ZoneAlarm telling me
>> that AVG wanted to access the Internet.
>>
>> I disabled the AVG update service, so AVG won't be automatically
>> connecting anymore, but if AVG can do it, so can any other program.
>> Which makes ZoneAlarm more or less worthless.
>
>Which raises the question, can't you control this by changing the load
>order?

Why should he? - ZoneLabs claim all their products provide boot-time
protection. I qoute:

"In addition, security has been further hardened across the entire
ZoneAlarm product line with the addition of "boot-time protection,"
which begins protecting the PC before network drivers are loaded. This
extra layer protects the PC at the earliest possible opportunity, thus
providing no window of opportunity for malicious programs to
communicate." - pasted from
http://download.zonelabs.com/bin/fre...pr_zass50.html

So of course it should work, or otherwise we will just start to
believe they are lying.

B. Nice

On Thu, 10 Aug 2006 18:50:40 GMT, Al Smith <>
wrote:

>>>Seems to me that the firewall should load first when you have an
>>>>always-on Internet connection. It's worrying, only because if AVG
>>>>can load before ZA, probably anything else can also.
>>
>>
>> AFAIK, the only firewall that does that truly reliably is the build-in
>> windows firewall (XXP SP2) since it is an integral part of the OS.
>> It has a special (non-configurable) boot-time filter allowing only
>> initial network traffic (DNS, DHCP etc.) until machine is running and
>> firewall is in place. That's when the "normal" filtering rules take
>> effect.
>>
>
>I'd be tempted to run the Windows firewall in combination with
>ZoneAlarm, except that ZoneAlarm wants to deactivate the Windows
>firewall when it runs (probably for good reasons -- conflicts).
>I'm not sure if I can turn the Windows firewall on in any case
>with ZoneAlarm running, but I guess I can try.

Maybe you should just get rid of ZoneAlarm.

What version of ZA? Free or Pro?

What do you expect ZoneAlarm to do for you?

B. Nice