uTorrent sends personal data w/o permission.

[Firon]

PFWs are stupid

[splintax]

it sends out packets with bytes. since the alphabet just have 26(?) letters it is NOT unlikely that it sends out packets that has the same byte order as what you call "Name".

Let's presume that ZA is reading bytes it presumes to be encoded in ASCII, and searching those for the name.

That means that it's not 26 letters in the alphabet that matters, but the 255 characters in ASCII. The chance of an n-letter word being detected is therefore 255^n. This means that given an 8-letter sequence, the chance of it being your name or something (8 letters) is 1 in 1.78781033 × 10^19. Which means you'd be getting a false alarm once every 1.78781033 × 10^19 × 8 bytes = 1.43024826 × 10^20 bytes = roughly 12 000 yottabytes (trillion terabytes), according to probability.

So there is something weird going on here, IMO. I'd say at this point it's more like ZA making shit up than µT sending your personal info. How would µT get that info anyway?

[jroc]

How would it get that info indeed? It doesnt install, cant get info it from the registry, u dont have to login to uT so how exactley could it get it? By the way I setup ID Lock in ZA since reading this post. Nothing yet on my end. I've seen ZA block BitDefender modules, certain ports/IP's, but nothing about my name, SS number, etc.

What version of uT are u using? Is there a folder that has files or torrents in it that has your name? Like C:\Documents and Settings\*your first name here*? Where did u get uT from? (yea im grasping for straws now)

Well it works. It poped up when I tried to login to hotmail. I have an address with my first and last name in it. I got 3 popups: First name, Last name and email address. Nothing for uT yet. Are u using the webui? Maybe thats where it coming from.

Now I can make it pop anytime for IExplorer just by posting in here and trying to login to hotmail with that bad email address.

[cyblivious]

That's exactly what i'm wondering, how did it get my info and why? how? where? Of course my computer has those information like name and email somewhere. I'm just getting those prompts randomly. only thing is it's always uTorrent on the alarm. Kinda unpredictable when it will show up again.

By the way I setup ID Lock in ZA since reading this post. Nothing yet on my end.

This would help verify it. But it might take a long while.

I'm using version 1.5.1 build 460. I only download it here. Anyway, i'll just set ZA to block it, just to be safe.

[cyblivious]

Here's a new screenshot of the alert after i redownloaded uTorrent.

[Firon]

There's probably a torrent you downloaded/created that has a text file with your first or last name.

[cyblivious]

1.) I have never created a torrent even one.

2.) I don't download a torrent that requires me to login or input any name or email.

3.) Previous torrents get deleted after seeding immediately.

4.) uTorrent is not in a folder with my details anywhere.

5.) Have note placed any personal information like email, 1st name, 2nd name and last name within uTorrent.

[Firon]

It doesn't have anything to do with you logging in or creating a torrent, it's possible someone has one of your names and it's in one of the torrents you're seeding/leeching right now.

Either that, or Zone Alarm is a worthless piece of crap, which is the most likely explanation.

Kind of reminds me how D-Link router's DMZ mangle packets that happen to have your local IP in it, by chance.

Anyway, stop screwing about with shitty firewalls and go give us an Ethereal packet capture.

[µtorrent-Guest]

once more for you to write with.

make yourself free from the sugestion that "first name" and "last name" has something to do with what we humans call name!

µT just sends long chains of 1s and 0s.

what you have entered in one of the fields that your stupid software watches for is "110001" and when ever whis comes in a stream of bits it freaks out.

00101001010010100101001010111011011 nothing

11010101110101010100101001000100101 nothing

01010010100111000110101010111110101 nothing

....

zone alarm thinking for himself

"Hm what a fucking job i have, nothing with national security status i can protect on this ramdom J. Household PC and no bad "hacker that wants to break into it and nothing to say for me to make the happy customer a little bit afraid (my bosses calls that "Snake Oil tactic" so lets see what can i do..."

"Hm the last piece of bytes i scanned does not has his so valuable "name" in it, but what was this?

01010010100111000110101010111110101 fuck, just a part of a string of bytes from that stupid Tv show he is sharing but who cares I#m bored to death here so;

yeah (Zone alarm smiles happily) I can freak out, i see it, i see it!! Now lets fast bring up a poppup that makes the user happy cause he feels then "save"

Thats what happends behind your fancy buttons and popups in ZA.

µT has no use/need to send anything of that data what you have entered in the field that ZA should watch for because you think thats valueable information.

Just enter some (for your human mind) stupid information there; first name: angela last name; merkel (note: If merkel is your last name choose something different please)

And you will see your software that has no understanding about "names" as we humans understand it will freak sooner or later out that the name of the female german chancelor was sent from your Computer.

[cyblivious]

Yeah, i get that point but it's just that it's quite frequent. And last 2 previous alerts came right after each other, 1st than 2nd name. If it was 1st name than took maybe 1 or 2 weeks before it pops-up again than that would be fine coz it could be by chance. but my 2 names? and after each other? and it happens once or twice a day, even without downloading or seeding any torrents!!!

And how do you explain the email address?Someone has the same email address as mine?And my name is not a common one by the way.From SE Asia, not US.

[Firon]

Well, like I said, I think Zone Alarm's just broken. Everything else about it is, don't see why this would be any different.

Get Ethereal and capture the relevant packets.

[Primus]

I've been doing some research on this (well, as much as I can considering I'm not going to install ZoneAlarm on my PC), and found some stuff out.

There's a lot of complaints about ID Lock getting squirrelly due to ZA's database getting corrupted. This seems to happen a lot. The only solution is to have ZA rebuild its database, which has the side effect of returning it to a default state meaning any custom rules/changes you've made will have to be re-entered. The method to rebuild the database is:

1. Go into the Overview Preferences tab and turn off "Load ZoneAlarm at startup".

2. Reboot into safe mode.

3. Go into the folder named internet logs {do a search if you don't know where it is in your OS}.

4. Delete everything in that folder.

5. Empty the recycle bin.

6. Reboot into normal windows.

7. Restart ZA manually.

8. Recheck the "Load ZoneAlarm at startup".

That seems to be a fairly bulletproof fix for a lot of ZA problems, at least according to the forum and Usenet threads I've scanned.

Did some packet traces tonight while running a torrent, and saw no sign of any non-torrent-related information going back and forth. This is using the latest 1.5.1 build 460 beta. I've done packet traces on uTorrent in the past and found nothing, so I'm not surprised that there still isn't anything there.

ZA is twigging on seemingly random IPs, that suggests that it's not uTorrent itself doing this. Otherwise you'd expect the traffic to be specific and targetted. I would bet that the IPs that ZA is alerting you to are other people in the same torrent cloud as you. Can't tell for sure since you haven't included snapshots of your peer table at the time ZA goes off.

I'm fairly sure it's ZA being stupid again. I trust tcpdump a hell of a lot more than ZA, but I'm still interested to see if the person upthread who said he'd try out ZA's ID Lock function comes back with any news.

[cyblivious]

Thanks Primus, i was just looking for explanations, don't wish to quarel or something. Since it's not open-source or something, that's why i have some doubts or worries. But still great app thru-and-thru. I understand what post #34 was trying to say but it was just highly unlikely considering the situation. I'll try your suggestion and post back if i got another alert and try to get more info. By the way, what free personal firewall would you suggest? Hope it doesn't have a huge memory footprint. Thanks.

[µtorrent-Guest]

the build in one is RELLY REALLY good enough! None of the "hackers" you want to be protected against can get thru the build in one.

Why the others are useless? Read this;

http://copton.net/Personal_Firewalls/ccc-vortrag-en.html

[Primus]

None. Get a hardware firewall like a Linksys router (preferably a pre-v4 WRT54G/GS, flashed with HyperWRT thibor or DD-WRT) instead. Over the years I've seen way too many problems caused by PFW software.

[Firon]

Primus: the v4 WRT54G is still OK, and the v4 WRT54GS is still Linux, but with the same amount of RAM as the G. It's the v5s that are VxWorks.

It's best to recommend the WRT54GL (which is a rebranded v4 54G), since it's guaranteed to let you change to alternative firmwares.

[cyblivious]

Sadly, i can't afford a hardware firewall even if i wanted to. It's just quite expensive for our style of living (if you get what i mean). Trying to be as secure as possible without spending too much. So Personal Firewalls are better than no firewalls at all, don't you agree?

I'll try the link posted in post #39, but the site has not much information on what the app does. What services will it disable? Will i still be able to use the net normally after using it? By the way, i've already disabled most of window's services that i don't need. I do it evry fresh install to save on resources.

[Firon]

Well, a WRT54GL is about $65, and a very sturdy Wireless/Wired router.

[Primus]

Primus: the v4 WRT54G is still OK, and the v4 WRT54GS is still Linux, but with the same amount of RAM as the G. It's the v5s that are VxWorks.

It's best to recommend the WRT54GL (which is a rebranded v4 54G), since it's guaranteed to let you change to alternative firmwares.

I suggested the pre-v4 ones if possible because they've got twice the memory (16MB RAM/4MB Flash), and since they're all not being made anymore anyways it's about as easy to find a v3 as it is a v4.

As for the GL, it's been discontinued as well.

[Firon]

v3.1 and v4 Gs have the same exact amount of memory. It's only the GS that had double the memory until the v4 (which has the same amount as the v4 and earlier Gs)

And are you sure about that?

[Primus]

Oh, my bad. I thought it was the Gs too.

I do know for sure that the GL is discontinued, though. One out of three.

[cyblivious]

Hey guys? Only software based personal firewall. I've ditched Zonealarm and am now using an old version of Kerio. What are your opinions on this?

But i'll keep those hardware firewalls in mind when i could afford them already.

[cyblivious]

And what services should i disable without affecting my net connection?

[Firon]

Primus: where did you see that? I can't find that out -anywhere-. One would think it'd be mentioned on Linksysinfo.org if it was.

[Dark Shroud]

Go ahead and use a current version of Kerio Personal Firewall. After 30 days is downgrades itself from the Pro version to the free version but it still works fine. It won't interfear with p2p like Zone Alarm & Norton.