Patti - re: Avast 4.6 and proxy

[Moe Hair]

are you using the generic 127.0.0.1 as your address for the local host
along with 12080 as recommended by Avas while running the web shield and
Zone Alarm? Are you keeping the cookie settings on medium or high for ZA?

 

[Patty]

are you using the generic 127.0.0.1 as your address for the local host
along with 12080 as recommended by Avas while running the web shield and
Zone Alarm? Are you keeping the cookie settings on medium or high for ZA?

I am not using Web Shield right now, I've turned it off. When I was
testing it for me, I used the word "localhost" for the proxy server and the
12080 as the port. I kept my cookie setting in ZA on Medium (which is
where I've always had it since some websites do send ok cookies, places
such as your bank, etc.) I had to turn the Ad block to none, though. This
all worked ok for me, but I decided to just forgo the Web Shield for now.

Patty

 

[Moe Hair]

I am not using Web Shield right now, I've turned it off. When I was
testing it for me, I used the word "localhost" for the proxy server
and the 12080 as the port. I kept my cookie setting in ZA on Medium
(which is where I've always had it since some websites do send ok
cookies, places such as your bank, etc.) I had to turn the Ad block
to none, though. This all worked ok for me, but I decided to just
forgo the Web Shield for now.

Patty

As per this thread:

http://forum.avast.com/index.php?topic=10690.0,

Avast tech support suggests changing the porn setting on your Webshield
to 8001, uncheck the ignore local communication box, and remove the Lan
setting of localhost.

It works for me, but I still can't dl the binaries without tweaking
internet mail as per one of the contributors to that forum.


See diagram:

http://forum.avast.com/index.php?action=dlattach;topic=10690.0;id=
2638;image

 

[Patty]

As per this thread:

http://forum.avast.com/index.php?topic=10690.0,

Avast tech support suggests changing the porn setting on your Webshield
to 8001, uncheck the ignore local communication box, and remove the Lan
setting of localhost.

It works for me, but I still can't dl the binaries without tweaking
internet mail as per one of the contributors to that forum.


See diagram:

http://forum.avast.com/index.php?action=dlattach;topic=10690.0;id=
2638;image

This looks interesting. However, it looks like they're discussing a
problem with using porn filtering software called Netfilter. But I tried
making the changes and I'll give it a test run for awhile. Not sure why
that would make a difference when not using Netfilter, but it does appear
to work with ZA. They also appear to go on to discuss setting blocked and
ignored URLs. But again, the original poster was having a problem with
WebSheild working while he was using Netfilter.

Patty

 

[Moe Hair]

This looks interesting. However, it looks like they're discussing a
problem with using porn filtering software called Netfilter. But I
tried making the changes and I'll give it a test run for awhile. Not
sure why that would make a difference when not using Netfilter, but it
does appear to work with ZA. They also appear to go on to discuss
setting blocked and ignored URLs. But again, the original poster was
having a problem with WebSheild working while he was using Netfilter.

Patty

so far it's working for me, but I wonder about security when changing
port settings in Avast or in the IE browser connection options with no
adjustments to Zone Alarm (unless ZA maintains firewall security no
matter what is done in any other program).

 

[Patty]

so far it's working for me, but I wonder about security when changing
port settings in Avast or in the IE browser connection options with no
adjustments to Zone Alarm (unless ZA maintains firewall security no
matter what is done in any other program).

I'm not sure. Perhaps one of the more knowledgeable people here can answer
that.

Patty

 

[Ernie B.]

I'm not sure. Perhaps one of the more knowledgeable people here can answer
that.

Patty

I'll take a crack at it and expose my ignorance for correction. <g>

My only experience with ZA is installing the free version on a
friend's computer when she shifted from dial-up to cable. I think
that she's since gone to the Pro version and is using Norton for an
AV program. She also runs AdSubtract, which acts as a server.

My impression is that most firewalls block everything by default and
must ask permission to allow programs to access the Internet. This
was certainly true in my friend's case and is also true in the
antique firewall I run on my system. So, bottom line, I doubt that
security of other ports is of much concern.

This doesn't change the requirement for safe hex however. If you
allow your browser access to the Internet through port 80 it's still
possible to download trouble if you're careless. The same is true of
SMTP on port 25 or NNTP on port 119.

 

[Ian Kenefick]

So what's the solution? Most anonymous proxies use port 80.

well 80 or 8080



Best regards - Met vriendelijke groeten - Bien à vous - Mit freundlichen Grüßen - Cordiali Saluti
Ian Kenefick
http://www.ik-cs.com

 

[Moe Hair]

If you
allow your browser access to the Internet through port 80 it's still
possible to download trouble if you're careless.

So what's the solution? Most anonymous proxies use port 80.

 

[Ernie B.]

So what's the solution? Most anonymous proxies use port 80.

I think that you missed my point. It doesn't make much difference
that I know of which port you use for HTTP.

Solution? Safe hex. Install a software firewall. Use an AV client
that you trust and keep it up to date. Be careful what you download
or open and use real-time scanning. Scan on your system at least
once per week with AV, AdAware, Spybot S&D, a-squared, etc. It ain't
perfect but it's the best we have.

 

[Moe Hair]

Scan on your system at least
once per week with AV, AdAware, Spybot S&D, a-squared, etc. It ain't
perfect but it's the best we have.

I've noticed that you didn't mention the Microsoft Anti-Spyware beta
version. Opinions anyone?

 

[Ernie B.]

I've noticed that you didn't mention the Microsoft Anti-Spyware beta
version. Opinions anyone?

It's a 16 meg download. I'm on dial-up. 'Nuff said? <g>

 

[James Egan]

This doesn't change the requirement for safe hex however. If you
allow your browser access to the Internet through port 80 it's still
possible to download trouble if you're careless. The same is true of
SMTP on port 25 or NNTP on port 119.

Your web browser isn't accessing the Internet via port 80. That's the
destination port on the web server you are connecting to. The local
port you are using might be any (non-reserved) port.


Jim.

 

[Ernie B.]

Your web browser isn't accessing the Internet via port 80. That's the
destination port on the web server you are connecting to. The local
port you are using might be any (non-reserved) port.

Ummm... You're correct. I'm running two browsers, at present
connected on ports 1029,1030 and 1054,1055. Thanks for pointing out
my error.

Doesn't change the requirement for safe hex though.

 

[James Egan]

Ummm... You're correct. I'm running two browsers, at present
connected on ports 1029,1030 and 1054,1055. Thanks for pointing out
my error.

Doesn't change the requirement for safe hex though.

Indeed not. There seems to be a misconception in this thread that a
firewall like zonealarm is going to block bad stuff coming in via a
web browser. Answer: It isn't. As you rightly point out, it doesn't
matter which port you connect to a web server on. Because the initial
connection is made by the user, as far as the firewall is concerned
everything else on the connection is permitted traffic.


Jim.