Spyware, Viruses, & Security forum

General discussion

Zonealarm - is it a spyware/malware?

by Izibia / February 16, 2013 6:35 AM PST

The heading is not meant to be 100% serious ... but there are some suspicious indications:

1) During a net traffic the Zonealarm's service "TrueVector Internet Monitor" (vsmon.exe) loads the processor even if all functionalities of Zonealarm are turned off.
Details: this post at zonealarm forums

2) Nobody wants to explain the case at Zonealarm forums: the related thread (link above) was closed with a senseless explanation.

Post a reply
Discussion is locked
You are posting a reply to: Zonealarm - is it a spyware/malware?
The posting of advertisements, profanity, or personal attacks is prohibited. Please refer to our CNET Forums policies for details. All submitted content is subject to our Terms of Use.
Track this discussion and email me when there are updates

If you're asking for technical help, please be sure to include all your system info, including operating system, model number, and any other specifics related to the problem. Also please exercise your best judgment when posting in the forums--revealing personal information such as your e-mail address, telephone number, and address is not recommended.

You are reporting the following post: Zonealarm - is it a spyware/malware?
This post has been flagged and will be reviewed by our staff. Thank you for helping us maintain CNET's great community.
Sorry, there was a problem flagging this post. Please try again now or at a later time.
If you believe this post is offensive or violates the CNET Forums' Usage policies, you can report it below (this will not automatically remove the post). Once reported, our moderators will be notified and the post will be reviewed.
Collapse -
McAfee did that too.
by R. Proffitt Forum moderator / February 16, 2013 6:50 AM PST

Not much new here. The issue of the firewall module still functioning after you turn it off is well, a very old issue.

Please. I don't have the explanation and I don't know what's at Area 51 or 52 either.

All I know is I dumped both.

Collapse -
A very old issue?
by Izibia / February 16, 2013 7:51 AM PST
In reply to: McAfee did that too.

A very old issue?
Security experts and public don't care? A security application that runs some shady code - that sounds alarming ...

Collapse -
It was well explained ...
by Edward ODaniel / February 16, 2013 9:20 AM PST

in the thread you linked to. VSMON is a part of the APPLICATION and monitors all internet connections so even if you have the firewall shut down it will continue monitoring as you likely have email, and various application updates running.

It is just how it works, NOTHING broken or buggy, just how Zone Labs chose to implement their app.

Some people don't like that and change while others like ZA and find work-a-rounds such as this one by Dianetix (Programmer) at this link - http://www.tek-tips.com/viewthread.cfm?qid=960579

This explanation covers cause and cure and was offered you in the ZA forum:

Running applications that keep a constant internet connection open will create extra cycles to be used for ZA. Your basically constantly pushing data through ZA that it has to analyze so there will be more resources used and 50% and more is not unusual with these types of applications.

Its always been this way with ZA its just how the ZA core technology works and it nothing that can be changed or fixed because its working as designed.

Best advise don't run these kinds of apps all the time.

Forum Moderator

Collapse -
And while some don't like it.
by R. Proffitt Forum moderator / February 16, 2013 9:41 AM PST

I've seen this area like this for over a decade.

My question is simple. Why use it if you don't like it?

Collapse -
I think you mix two issues
by Izibia / February 16, 2013 9:57 AM PST

The text you are quoting
"Your basically constantly pushing data through ZA that it has to analyze so there will be more resources used and 50% and more is not unusual with these types of applications."
answered my post #1 in that linked thread.

But my post #7 (and also this thread) is about a different issue:
ZA doesn't have to "analyze" if all its functionalities are disabled.

Collapse -
Yes it DOES!
by Edward ODaniel / February 16, 2013 10:35 AM PST

it is a CORE process running as a service and this behavior is common in many applications. Super Anti-Spyware for instance continues running SASCORE.EXE after shutting down the application.

I linked you to a "cure" for your specific complaint that terminates the service when you terminate the application.

You may not (obviously do not) like how Zone Labs chose to implement their application but it is their application and there is NOTHING insidious about the service left running.

You choose to ignore the responses you don't like and just want someone to agree with you so I will. Yes it is dreadful so change to a different firewall. Microsoft's native firewall doesn't do this but avoid McAfee because it behaves like ZA. Issue solved (and that too was suggested in ZoneLab's responses).

I don't like the gray sky during storms, I prefer green or yellow but they tell me that is just how it is, something to do with light refraction but it isn't that light. Everyone tells me that is just how it is and if I want it different I will have to move to a different universe where the laws of nature are different and I find that to be "a senseless explanation". (I am looking for mutual commiseration here Wink )

Collapse -
"Yes it DOES!" sounds loud but doesn't bring any explanation
by Izibia / February 16, 2013 12:12 PM PST
In reply to: Yes it DOES!

Your "cure" didn't cure my mistrust of the company. I had uninstalled ZA and replaced it by Comodo. So you can see I didn't come here with a question "What shall I do?" but rather with "Why (the hell) ZA behaves that way?"

The fact that a similar behavior is common in many applications doesn't explain things.
I agree there is nothing insidious about the service left running: obviously ZA wants to stay and to wait until it is re-enabled. But it is insidious if it loads the processor quite heavily (apparently by monitoring the net traffic).

You probably know the reason why the sky is grey during storms, but I don't see
any reason why ZA does hard work when it is expected to do nothing.

Collapse -
"Why (the hell) ZA behaves that way?"
by R. Proffitt Forum moderator / February 17, 2013 5:29 AM PST

Since it's not open source, only they can answer. All I can share is we've see this for a very long time. Over a decade and no deep answer. There are guesses but you seem to want better. Back to ZoneLabs?

Collapse -
Re: Back to ZoneLabs?
by Izibia / February 17, 2013 6:31 AM PST
Cool you mean confiscate from CheckPoint and return to Zonelabs?
Collapse -
by R. Proffitt Forum moderator / February 17, 2013 6:38 AM PST
In reply to: Re: Back to ZoneLabs?

But the question was there when Boris was still around. Cool

Collapse -
may Zonealarm be a part of the PRISM program
by Izibia / September 17, 2013 1:35 AM PDT

... or of a similar surveillance program?
Common sense tells me that any malicious/spying behaviour of a security software would be revealed by independent testers sooner or later ... On the other hand, do testers care about such things? I didn't find such a test, it looks testers only care how security products can manage common threats: an example:

I will complete the info I sent in past:
After I uninstalled Zonealarm Firewall I replaced it by Comodo Firewall. So I can compare the load of my CPU by different security programs on my computer and during a 2Mbit/s download:

Avast Free Antivirus (with the Web Shield on) - AvastSvc.exe takes approx. 4% of CPU
Comodo Firewall (with Realtime Protection active) - takes approx. 0% of CPU
ZoneAlarm Free Firewall (with only Program Control and Basic Firewall set on) - vsmon.exe takes approx. 30% of CPU
ZoneAlarm Free Firewall (with every functionality set off, incl. Program Control and Basic Firewall) - vsmon.exe takes approx. 30% of CPU

(The CPU load caused by Avast and Zonealarm depends on the download traffic, so apparently the both monitor every byte of downloaded data)

The unbelievable point is Avast Antivirus must compare the downloaded data with its databases, and still loads the CPU 7 times less than the ZoneAlarm Firewall.

Popular Forums
Computer Help 49,613 discussions
Computer Newbies 10,349 discussions
Laptops 19,436 discussions
Security 30,426 discussions
TVs & Home Theaters 20,308 discussions
Windows 10 360 discussions
Phones 15,802 discussions
Windows 7 7,351 discussions
Networking & Wireless 14,641 discussions


Free trip to the Grand Prix

Don't miss your chance to win a trip to the Formula 1 Grand Prix in Monaco for you and a plus-one.