Firewall problem

[Frank Booth Snr]

I'm using ZoneAlarm firewall, the free one, which has worked effectively
before. I downloaded an updated version of it today, and re-installed it
after uninstalling the older version. However on running it I see the
nuisance pop-ups are coming through informing me that my PC is infected
etc, and that I should download their respective fixes. So the firewall
doesn't appear to be doing its job, despite ZA's log showing that its
blocking various incoming intrusions.

When I started to run ZA I was asked by Zone Alarm if I would permit the
Services and Controller application to "act as a server" and I clicked
on "allow". Is this what is causing my problem?

 

[David H. Lipman]

From: "Frank Booth Snr" <[email protected]>

| I'm using ZoneAlarm firewall, the free one, which has worked effectively
| before. I downloaded an updated version of it today, and re-installed it
| after uninstalling the older version. However on running it I see the
| nuisance pop-ups are coming through informing me that my PC is infected
| etc, and that I should download their respective fixes. So the firewall
| doesn't appear to be doing its job, despite ZA's log showing that its
| blocking various incoming intrusions.
|
| When I started to run ZA I was asked by Zone Alarm if I would permit the
| Services and Controller application to "act as a server" and I clicked
| on "allow". Is this what is causing my problem?

What did they say in the Zone Alarm forums or in a FireWall News Group ?

http://forums.zonelabs.com/zonelabs

 

[Frank Booth Snr]

From: "Frank Booth Snr" <[email protected]>

| I'm using ZoneAlarm firewall, the free one, which has worked effectively
| before. I downloaded an updated version of it today, and re-installed it
| after uninstalling the older version. However on running it I see the
| nuisance pop-ups are coming through informing me that my PC is infected
| etc, and that I should download their respective fixes. So the firewall
| doesn't appear to be doing its job, despite ZA's log showing that its
| blocking various incoming intrusions.
|
| When I started to run ZA I was asked by Zone Alarm if I would permit the
| Services and Controller application to "act as a server" and I clicked
| on "allow". Is this what is causing my problem?

What did they say in the Zone Alarm forums or in a FireWall News Group ?

http://forums.zonelabs.com/zonelabs

There seems to be a mixed bag of opinion. The consensus view appears to
be generally don't allow programs to have server rights. Yet ZA during
set up suggest that services.exe should be allowed server rights. I can
tell you that since I have disabled it from server rights, the pop-ups
described above have so far ceased. That doesn't mean to say they are
not getting through - just that perhaps they are not being displayed.

 

[David H. Lipman]

From: "Frank Booth Snr" <[email protected]>


| There seems to be a mixed bag of opinion. The consensus view appears to
| be generally don't allow programs to have server rights. Yet ZA during
| set up suggest that services.exe should be allowed server rights. I can
| tell you that since I have disabled it from server rights, the pop-ups
| described above have so far ceased. That doesn't mean to say they are
| not getting through - just that perhaps they are not being displayed.

This is one of those cases where the file name is not as important as the fully qualified
name and path.

Like SVCHOST.EXE, SERVICES.EXE is a name often used by malware.
If it is; %windir%\system32\SERVICES.EXE I think allowing server rights is apropos. It is
an integral part of the NT based OS.
If SERVICES.EXE is executed from another location then it is most likely malware and no, it
should NOT be allowed to communicate out nor allowed server rights.

Examples;
%WINDIR%\inet20041\services.exe -- Downloader-AQV
%WinDir%\services.exe -- Downloader-AFW

 

[Duane Arnold]

There seems to be a mixed bag of opinion. The consensus view appears to be
generally don't allow programs to have server rights. Yet ZA during set up
suggest that services.exe should be allowed server rights. I can tell you
that since I have disabled it from server rights, the pop-ups described
above have so far ceased. That doesn't mean to say they are not getting
through - just that perhaps they are not being displayed.

You as the average job blow home user, you have nothing/no program on your
machine that needs server mode, because you have no program running on your
machine that's acting as a server to anything in a networking situation, as
the Internet is just a giant network.

If you have an IIS Web server running on the machine as an example and you
wanted it exposed to the Internet, then ZA would need to set IIS as a server
as that server must listen for unsolicited inbound traffic coming to it.
That unsolicited traffic would be such as I wanting to access your Web
server/your Website with a client application such as IE on my machine. If
you don't set IIS as a server application on ZA, then no one would be able
to contact your site, which is unsolicited in bound traffic that IIS would
need to receive.

On the other hand, IE running on your machine with ZA must be set to client
mode, because it's the one that must make contact with a Web site, as it's
making a solicitation to the Web site for traffic. With solicited inbound
traffic, ZA will let it through and unsolicited inbound traffic will be
blocked by ZA, unless you have a situation such as IIS or some other
application running on your machine where unsolicited inbound traffic must
reach that application.

Unless you have a situation where you know you have a program such as IIS or
others running that must listen for unsolicited inbound traffic -- you would
for sure know that with setting of ZA for that application as a server
accordingly, then nothing running on your machine needs server mode set with
ZA.

Duane