Zone Labs *might* fix bug

[a)sna]

Zone Labs, the creators of Zone Alarm and Zone Alarm Pro, (and other products I'm guessing) was notified of a bug in their free version of the firewall. This is nothing unusual, bugs are reported all the time. The problem is that millions of people (including me) use this software to protect themselves from the ether beyond their ethernet, and they were not going to fix it.

See the story at Security News Portal

I was just wondering what all you guys thought about this: Whether Zonelabs should offer support and bugfixes for their free product, or just say you're out of luck, cheapo, buy the full version.

[FrameWork]

I was watching TSS the other day, and they said that ZoneAlarm changed their mind when they found out that TSS was going to run the story,and that they would have it fixed in a few weeks(this is what they claim).

Yes, i think if you are going to offer a "security product", then you need to make it secure as possible (including bug fixes) reguardless of whether it's free or not.

[a)sna]

Yep, that's what the story said,

"Zone Labs will make a fix for its free ZoneAlarm product available in the next two weeks," the company said, in a statement that was also published to the BugTraq list late Wednesday night

But it is still worrysome that they might not have done so, if the media hadn't said anything.

[keezel]

That's really cheap. I think that if they're going to offer a free firewall that tons of people rely on then it's their responsibility to patch it. Apparently they got that same message from a lot of people because now they've agreed to release a patch for it in two weeks, so that's good. I like how they quoted Symantec with

go to hell and buy the registered version because they don't support freebie users

[FrameWork]

But it is still worrysome that they might not have done so, if the media hadn't said anything.

I agree, this is why i believe media types are needed whether you love them or hate them.

[keezel]

I love 'em most of the time.....until they use the word "hacker" to refer to a cracker....or when they freak out about some SK's threatening to hack 6,000 geocities or angelfire websites

[lumpyporridge]

I think zonelabs attitude should be taken as all the reason in the world to use a different product.If i heard the same from Outpost, it would be off my windows box in a minute.

[Zonewalker]

hmm.. whilst I agree that

i think if you are going to offer a "security product", then you need to make it secure as possible (including bug fixes)

I'm not sure I totally agree with the sentiment

reguardless of whether it's free or not.

if the essential purpose i.e. a firewall, of the free product is as good as the paid product then theres no need to upgrade to the paid product - agreed?
Commercially speaking this is suicide for a company... I can understand where Zonelabs is coming from when they said in the article that

the cost to upgrade a free product would be prohibitive

I mean thats partly the reason why you pay for a product - to receive the updates... few things are free in this world so what do you expect.... I mean if the exploit was a fairly major one yeah ok fix it ASAP... but it doesn't sound like it was that major....

but then the paranoid in me shouts 'f***ers fix the damn thing now'.... I think I'm turning into something of a corporate whore .... should probably have a chat with Korpdeath

<scratches head and wonders off>

Z

[tonybradley]

I think that if they're going to offer a free firewall that tons of people rely on then it's their responsibility to patch it.

I disagree. They are in business to make money. They would prefer to actually sell their product and provide the free version more or less as a hook to reel in new customers. Hopefully you will like the protection of the free product but want the bells and whistles of the full package so you'll upgrade to a paying customer.

The fact that there are so many cheap people who only want to use free products doesn't obligate Zone Labs (or other free software providing companies) to cater to them. They have a base of registered, paying customers that they have to service.

They are still providing a service IMO. If they didn't offer a free version how many more machines would not have firewall protection? The people relying on the free one should be thankful for what they have and appreciative if Zone Labs provides maintenance updates or even continues to provide new versions and not try to make demands on the company as if they "owe" something to the community of users that don't make them any money.

Don't get me wrong- I use many freeware products and used the freeware version of ZoneAlarm for quite awhile (I now have the full-blown ZoneAlarm Pro 4). I am not saying companies shouldn't put the software out or that people shouldn't use it. I am just saying that those who use it should not suddenly get some feeling of entitlement that the company owes them more on top of providing free software.

[FrameWork]

if the essential purpose i.e. a firewall, of the free product is as good as the paid product then theres no need to upgrade to the paid product - agreed?

Yes i agree, to an extent.

I mean if it's a security flaw, then i feel they should fix it, or at the very least make an effort to tell all those who are downloading the free one from their site of the hole.

If it is a special feature or something, then go out and get the paid version, there is no obligation on their part to offer anyone that.

I'm still pleased that they are willing to offer a free version although my choice is Outpost. So yes, i see your point.