Avast or Zone Alarm using proxy server?

[Zak]

I use XP+SP1. I am in the UK and I am connected to NTL broadband.

I am almost certain that I used to have no proxy sevrer set in IE6 >
Tools > Internet Options > Connections > Lan Settings.

However I now see that the Use Proxy Server box is ticked and the IP
address entered is the loopback address 127.0.0.1 on port 81.

Some web sites do not like this and they have problems.

I also have Zome Alarm 4.5 and also the antivirus Avast (version 4.5
home edition). Perhaps one of these two applications change the LAN
Settings?

I also use Firefox and Opera as browsers. Their own settings seem
unchanged and do not refer to a proxy server but when I try to go to
the problem web pages (eg http://www.firstdirect.com/) then they
return a message protesting about proxy servers.

How can I get around this?

 

[Gerald Vogt]

I use XP+SP1. I am in the UK and I am connected to NTL broadband.

My personal opinion: update to SP2, use the SP2 firewall and deinstall
ZoneAlarm. (No further comment necessary.)

I am almost certain that I used to have no proxy sevrer set in IE6 >
Tools > Internet Options > Connections > Lan Settings.

However I now see that the Use Proxy Server box is ticked and the IP
address entered is the loopback address 127.0.0.1 on port 81.

To check: open a command prompt. Type "netstat -a -o -p tcp" to list
your tcp connections and open ports. Look for the line with the local
address listening to port 81. The last column is the process id of the
process listening on that port. Remember the PID (eg. 1234).

Type

tasklist /fi "pid eq 1234" /v

(with the double quotes) to see the name of the process image. Replace
the /v with /svc to get service information if it is a running service.

If you don't recognize the name of the executable, search the drive for
it or look into the directories of ZoneAlarm to see if you can find it
there.

Some web sites do not like this and they have problems.

A web site does not know about this. The only possible problems is some
information that it filtered out, e.g. cookies.

I also have Zome Alarm 4.5 and also the antivirus Avast (version 4.5
home edition). Perhaps one of these two applications change the LAN
Settings?
Likely.

I also use Firefox and Opera as browsers. Their own settings seem
unchanged and do not refer to a proxy server but when I try to go to
the problem web pages (eg http://www.firstdirect.com/) then they
return a message protesting about proxy servers.

What's the exact message?

How can I get around this?

The easiest way probably would be to deinstall ZoneAlarm (if it is ZA)
and update to SP2, and use its firewall which is more stable and runs
much faster. Otherwise, (if it is ZA) you have to properly configure ZA
not to filter out whatever it is filtering out which probably means to
deactivate its privacy protection or whitelist the sites that have
problems with it. ZA support or help pages should be extensive about
how to do this.

Gerald

 

[Martin]

My personal opinion: update to SP2, use the SP2 firewall and deinstall
ZoneAlarm. (No further comment necessary.)

Gee, most people are recommending the exact opposite...... Do you work for
Microsoft???

To the OP: I also run ZoneAlarm and Avast and have no such problem, perhaps
it was something else that set the proxy settings? I'm not sure why Gerald
feels WinXP-SP2 firewall is more stable and better than ZA (or other third
party firewalls), seems almost all other software 'experts' say not to use
the Windows firewall - I certainly noticed more 'intrusions' using only the
Windows firewall, problems that were stopped by switching to ZA and turning
the Windows firewall off!!

 

[Lars-Erik Østerud]

Gerald Vogt skrev:

My personal opinion: update to SP2, use the SP2 firewall and deinstall
ZoneAlarm. (No further comment necessary.)

Uhu. ZA protects outgoing traffic from programs as well (you get a
notice about all new programs trying to talk to the net and can block
them). Windows FW only blocks incoming and server (listen) programs.

 

[Gerald Vogt]

Uhu. ZA protects outgoing traffic from programs as well (you get a
notice about all new programs trying to talk to the net and can block
them). Windows FW only blocks incoming and server (listen) programs.

What else do you need? Do you rely on the outgoing filtering? It is
extremely easy to circumvent the outgoing "filter" and there are many
examples how to do it. If you catch some Spyware on your computer it may
send data out and your PFW won't notice. (e.g. your browser is probably
enabled to send data out and any software running locally can use IE to
send data out...) I would not call this "protection": most of the
software you use that wants to send data out you will enable anyway,
because it needs the internet (e-mail, browser, etc.) while that
software that you really want to block out (spyware etc.) can easily
circumvent it. There is no real benefit in that.

And if you rely on it, i.e. you say "I've installed that PFW thus nobody
can spy me out. I can install any program on my computer I want. I am
safe anyway." There are many examples posted in various newsgroups with
people that installed virus scanner, PFW, spyware scanner and more to be
safe and still "catched" something because they thought with all that
security software nothing would happen. They just don't get it that the
biggest security problem they have is themselves.

So there is group A that downloads the craziest stuff from the weirdest
places. Those people live dangerous and no PFW or other security
software can help them in the end. Just think about all those pop-ups of
the PFW that ask you whether you want to allow this or that. Do you
always know the correct answer?

And group B does not download things. They just want browse their local
newspaper, send some e-mails, use some word processor. They are careful
and they don't open spam and in particular don't open documents
promising anything with strange attachments. Someone told them and they
know that and they are careful. For them, a PFW may be nice as it tells
them when Word tries to connect to the microsoft server. But then, you
wanted Word and you want the clip art, so you allow it anyway. You don't
need a difficult pop-up question for that. No need here for an outgoing
filter, either.

So the outgoing filter does not work 100%. Either you rely on it and
play it dangerous and loose eventually (all those other things blocked
like the automatic update from some legal software giving you the false
impressions it that it works perfectly) or you don't rely on it and be
careful. But then, you don't rely on it anyway so why do you need it?
The SP2 FW is perfect as incoming filter and cannot be as easily turned
off as a PFW from some software running on your system. (Whatever you
can do on your system any software that you run can do as well, it just
"simulates" a couple of mouse clicks and before you can see it your PFW
is turned off from its tray icon). You don't even need the SP2 firewall
if you do not install strange software and shut down all those "nice"
services that Windows usually starts but that you never need or
configure them that they do not listen to the internet interface...

Gerald

 

[Lars-Erik Østerud]

Gerald Vogt skrev:

What else do you need? Do you rely on the outgoing filtering? It is
extremely easy to circumvent the outgoing "filter" and there are many

Have you tried the outgoing filters. Lots of programs try to connect
the net for no apparent reason (ms programs, cd/dvd burning software,
services, even word and excel). I like to have control (and stop) such
attemts. Why should my DVD-burning software talk to someone out there?

I use 3 different spy/adware cleaning enginges too, but that does NOT
stop all the programs talking to the net without asking first :-/

 

[Beauregard T. Shagnasty]

and any software running locally can use IE to send data out...)

Not on my computer..

Why are you trying to discourage newbies from using a firewall?

 

[Gerald Vogt]

I use 3 different spy/adware cleaning enginges too, but that does NOT
stop all the programs talking to the net without asking first :-/

Again: it is easy to circumvent. Your PFW does not stop _all_ programs
talking to the net without asking first. It does stop those which kindly
agree to be cooperative and do simply use the windows IP stack for
communication. If the program does use other ways of communication (e.g.
your web browser) your PFW won't block nor notify because I assume that
your PFW is configured to allow outgoing web browser traffic. Programs
can also simply deactivate the PFW for a while and send out data anyway.

Again: There is no way to filter _all_ outgoing traffic on the computer
you are running. The only thing to do that would be some external device.

Gerald

 

[Gerald Vogt]

Not on my computer..

You are running Windows? You have Internet Explorer. We were talking
about Windows? And even then, it does even have to be IE but just a web
browser would do, too.

Why are you trying to discourage newbies from using a firewall?

I did not say that. Where did I say not to use a firewall? I told them
that the SP2 firewall is very good, does not mess with the system as
other PFW do, does not pretend to do things it cannot do without telling
you properly what it actually can do. It does not lead people to believe
that they are perfectly safe only by installing some software.

Gerald

 

[Beauregard T. Shagnasty]

You are running Windows? You have Internet Explorer. We were
talking about Windows?

Yes, yes, and yes.

And even then, it does even have to be IE but just a web browser
would do, too.

I agree with that. It does even have to be IE.

I did not say that. Where did I say not to use a firewall? I told
them that the SP2 firewall is very good,

...until you can get a far better one installed.

does not mess with the system as other PFW do, does not pretend to
do things it cannot do without telling you properly what it
actually can do. It does not lead people to believe that they are
perfectly safe only by installing some software.

But.. but.. having no outbound firewall is not a good idea! A
third-party firewall is better than *nothing*.

 

[Gerald Vogt]

..until you can get a far better one installed.

What is far better? A PFW that messes pretty badly with your system,
slows it down pretty much, introduces new security risks into your
system (there have been worms that target PFWs!), that can be turned off
or circumvented pretty easily? The SP2 runs stable and does not produce
much overhead. It cannot be turned of unless you are administrator. And
it does not pretend to do things that it cannot do.

But.. but.. having no outbound firewall is not a good idea! A
third-party firewall is better than *nothing*.

Why a third-party firewall when you have a better one coming with your
XP SP2? As I said before, the outgoing firewall is only going to detect
traffic when the software does not make any effort to do it silently. So
if it wants to make an outgoing connection it is able to, somehow.

All these nice pop-ups of outgoing connections in a PFW usually make
people believe that it a) does filter _all_ connections which it never
can and which keeps people in a wrong feeling of security and that b)
they do not have to configure their software properly and just turn off
the automatic update checks for example as it is possible in most software.

Malware and other software from dubious sources does whatever it wants.
If you assume that some software you install is "bad" and they want to
give away information from your computer and you desperately need a
outgoing filter then I just can say: why did you install the software in
the first place? It is your fault to install it and then you rely on
unreliable software to fix this?

Gerald

 

[James Egan]

Gee, most people are recommending the exact opposite...... Do you work for
Microsoft???

No. What he says is pretty much correct. It's the third party firewall
shills who say the opposite.

To the OP: I also run ZoneAlarm

Now there's a surprise. Misfiring firewalls, particularly zonealarm I
might add, account for a large percentage of problem posts on the
networking newsgroups.

and Avast and have no such problem, perhaps
it was something else that set the proxy settings? I'm not sure why Gerald
feels WinXP-SP2 firewall is more stable and better than ZA (or other third
party firewalls), seems almost all other software 'experts' say not to use
the Windows firewall - I certainly noticed more 'intrusions' using only the
Windows firewall, problems that were stopped by switching to ZA and turning
the Windows firewall off!!

I can't say the windows firewall is perfect because it too gets it's
knickers in a twist sometimes. However, it is adequate for the job it
does and doesn't cause problems to the extent of the others with all
the bells and whistles.


Jim.

 

[James Egan]

I use 3 different spy/adware cleaning enginges too, but that does NOT
stop all the programs talking to the net without asking first :-/

Not so much an issue now with always on connections but I've seen
quite a few posts on networking groups in the past where posters have
been wondering what's been causing a dialup or pop-up window (asking
to connect) and the culprit was the firewall itself trying to resolve
the names of local ip addresses by dns. lol.


Jim.

 

[blackfoot]

Malware and other software from dubious sources does whatever it wants.
If you assume that some software you install is "bad" and they want to
give away information from your computer and you desperately need a
outgoing filter then I just can say: why did you install the software in
the first place? It is your fault to install it and then you rely on
unreliable software to fix this?

Gerald

I am no pc expert but just a thought came into my mind
reading this,

How can I know that the software I am about to, or want to install in
my pc will send out information after installation?

Anyway to find this out,,, before hand

Thanks and regards




Blackfoot

 

[Lars-Erik Østerud]

Gerald Vogt skrev:

Again: it is easy to circumvent. Your PFW does not stop _all_ programs
talking to the net without asking first. It does stop those which kindly
agree to be cooperative and do simply use the windows IP stack for

But that's better than nothing. All the ones I stop are stopped, right
(like all the Windows programs, MediaPlayer, DVD-burning software etc)

 

[Gerald Vogt]

Gerald Vogt skrev:

But that's better than nothing. All the ones I stop are stopped, right
(like all the Windows programs, MediaPlayer, DVD-burning software etc)

a) this is a poor workaround. Why don't you just reconfigure the software?
b) how do you know it works? Isn't it one of these "MediaPlayers" that
does have mechanisms to transmit its information via a normal browser if
it cannot do otherwise? What is your assumption that they "are stopped"
based upon?
c) What is it exactly what you are blocking? How do you know if it is
good or not? How do you make sure it is not an update check that would
inform you about an important security update available?
d) When you block all the Windows programs including WindowsUpdate,
well, I suppose you won't have the newest security updates for Windows...

Gerald

 

[Lars-Erik Østerud]

Gerald Vogt skrev:

a) this is a poor workaround. Why don't you just reconfigure the software?

Can't be done with all software. Of course I try to disable all
communication I don't want when it is possible to configure that

b) how do you know it works? Isn't it one of these "MediaPlayers" that
does have mechanisms to transmit its information via a normal browser if

Have some idea (I have a router and can see if there is traffic

c) What is it exactly what you are blocking? How do you know if it is
good or not? How do you make sure it is not an update check that would

And how do I now it's not spying on what I play.
I usually do my updates manualle (hate software that checks
for updates without asking me, or without a configuration)

d) When you block all the Windows programs including WindowsUpdate,
well, I suppose you won't have the newest security updates for Windows...

WindowsUpdate is allowed. I allow programs that I trust. But I want a
warning when programs access the net without having allowed that first

 

[bassbag]

What else do you need? Do you rely on the outgoing filtering? It is
extremely easy to circumvent the outgoing "filter" and there are many
examples how to do it. If you catch some Spyware on your computer it may
send data out and your PFW won't notice. (e.g. your browser is probably
enabled to send data out and any software running locally can use IE to
send data out...) I would not call this "protection": most of the
software you use that wants to send data out you will enable anyway,
because it needs the internet (e-mail, browser, etc.) while that
software that you really want to block out (spyware etc.) can easily
circumvent it. There is no real benefit in that.

And if you rely on it, i.e. you say "I've installed that PFW thus nobody
can spy me out. I can install any program on my computer I want. I am
safe anyway." There are many examples posted in various newsgroups with
people that installed virus scanner, PFW, spyware scanner and more to be
safe and still "catched" something because they thought with all that
security software nothing would happen. They just don't get it that the
biggest security problem they have is themselves.

So there is group A that downloads the craziest stuff from the weirdest
places. Those people live dangerous and no PFW or other security
software can help them in the end. Just think about all those pop-ups of
the PFW that ask you whether you want to allow this or that. Do you
always know the correct answer?

And group B does not download things. They just want browse their local
newspaper, send some e-mails, use some word processor. They are careful
and they don't open spam and in particular don't open documents
promising anything with strange attachments. Someone told them and they
know that and they are careful. For them, a PFW may be nice as it tells
them when Word tries to connect to the microsoft server. But then, you
wanted Word and you want the clip art, so you allow it anyway. You don't
need a difficult pop-up question for that. No need here for an outgoing
filter, either.

So the outgoing filter does not work 100%. Either you rely on it and
play it dangerous and loose eventually (all those other things blocked
like the automatic update from some legal software giving you the false
impressions it that it works perfectly) or you don't rely on it and be
careful. But then, you don't rely on it anyway so why do you need it?
The SP2 FW is perfect as incoming filter and cannot be as easily turned
off as a PFW from some software running on your system. (Whatever you
can do on your system any software that you run can do as well, it just
"simulates" a couple of mouse clicks and before you can see it your PFW
is turned off from its tray icon). You don't even need the SP2 firewall

Many firewalls have component control which would notify of a programme
trying to use or piggyback another programme to connect out,and also
loopback (localhost) that can be enabled or disabled (apart from sygate i
believe)I dont believe xps firewalls can offer the extra protection.
me

 

[bassbag]

I am no pc expert but just a thought came into my mind
reading this,

How can I know that the software I am about to, or want to install in
my pc will send out information after installation?

Anyway to find this out,,, before hand

Thanks and regards




Blackfoot

You dont know.... however
You can check preferences and disable any options that might want to use
outgoing connections in the programme.You can deny access to any outgoing
application that you dont think needs to connect out ,using the firewall
(Xps firewall doesnt support outgoing filtering).The problem is that
theres lots of software from reputable sites that now contain trojans.In
the event that your AV doesnt detect trojan ,there would be a very good
chance that your firewall would detect its presence by its application
filtering and component monitoring.
me

 

[Gerald Vogt]

Gerald Vogt skrev:

And how do I now it's not spying on what I play.
I usually do my updates manualle (hate software that checks
for updates without asking me, or without a configuration)

But here is exactly the problem: Why do you install and run software
that you don't trust and suspect to spy on you??? If you install
software that you don't trust and it wants to spy on you it will do so
without your consent circumventing your PFW. It will let you block its
connections to the update server but at the same time will tunnel the
interesting information without you even noticing.

a) don't install software you don't trust.
b) don't rely on software that promises things it cannot keep to cover
up where you violate a)

Gerald