Zonealarm question

[Richard]

I have done a trojan search on my pc, and found quite a lot of resident
through various ports on ZA. I will appear stupid, but I can't see how I can
go into these ports and shut them down to these trojans. Can anybody help?

Thanks

 

[Ian.H]

I have done a trojan search on my pc, and found quite a lot of resident
through various ports on ZA. I will appear stupid, but I can't see how I
can go into these ports and shut them down to these trojans. Can anybody
help?

Thanks

Obviously, make sure your box is clean and then install a half-decent
windoze firewall.. something like Outpost or similar, that works on a
rule-based config. This is _much_ better as you can easily and
point-blankly say "_nothing_ is coming or going on port 31337" for
example.. ZA is for idiots developed by idiots.



Regards,

Ian

 

[Bart Bailey]

ZA is for idiots developed by idiots.

Maybe that's why it pisses off all those ultraleet hackers that can't
penetrate it when properly configured.
I've got the cheapest (free) ZA, haven't been hacked, nor gonna be.

 

[Richard]

again, can anyone offer any advice on ZA rather than opinions?

thanks

 

[David H. Lipman]

Try posting this in a FireWall News Group. This is an Anti Virus News Group.
Discussions on FireWalls is not in the charter.

http://www.stormpages.com/eaegis/antivirus.htm

Dave



| again, can anyone offer any advice on ZA rather than opinions?
|
| thanks
|
| | > I have done a trojan search on my pc, and found quite a lot of resident
| > through various ports on ZA. I will appear stupid, but I can't see how I
| can
| > go into these ports and shut them down to these trojans. Can anybody help?
| >
| > Thanks
| >
| >
|
|

 

[Richard]

will do. thanks

 

[rjdriver]

again, can anyone offer any advice on ZA rather than opinions?

thanks

Go to www.grc.com and test your ports (Shields Up). The site will give you
advise on how to close, block, or stealth any open ports. Check out the
entire site. Lots of really good info there.

Also, make sure you have all the latest security updates for your version of
Windows. New leaks and holes are found with alarming frequency.

BTW, the free verision of Zone Alarm works fine. It has protected my system
for years.

Bob

 

[Richard]

thanks but I'm not sure what it is I'm supposed to do here

 

[Richard]

found it!

thanks but I'm not sure what it is I'm supposed to do here


version how

 

[Frans Meijer]

again, can anyone offer any advice on ZA rather than opinions?

Haven't seen it in a looong time, but, you can specify for each program
whether it may access the internet (as client) and/or let others connect to
it. Look for a 'Programs' section somewhere in it's configuration.

I tried to find manuals on their site but it has become completely useless
(marketing I suppose)

 

[StarScripter]

Haven't seen it in a looong time, but, you can specify for each program
whether it may access the internet (as client) and/or let others connect
to it. Look for a 'Programs' section somewhere in it's configuration.

I tried to find manuals on their site but it has become completely useless
(marketing I suppose)

Hi,
This site could be very helpful on how to setup ZA:
http://www.markusjansson.net/eza.html

 

[Ian.H]

Maybe that's why it pisses off all those ultraleet hackers that can't
penetrate it when properly configured. I've got the cheapest (free) ZA,
haven't been hacked, nor gonna be.

I haven't tested in a while.. but I do remember the "vectorwhachamacallit"
(whatever dll / vxd it loads as resident) used to crash more than
frequently.. and on 2 boxes that I Nmap'd (on request).. both boxes were
DoSsed off the 'net, one requiring a full reboot (one running win98, the
other win2k). This was being pushed out from a 256kbit upstream, so
nothing heavy. I was actually somewhat surprised (I have run ZA on win95
in the past). My only thought was that it was working overtime blocking
the ports (stealth mode) that it choked the CPU / resources. This may have
all changed with later versions, but I have read comments from people
using it that the v4(?) is somewhat unstable (again, maybe the minor
releases have fixed some issues). I know one person very well too that
uses it.. but it's forever preventing ports from working properly and
often has to have apps removed and then permitted access again (Apache
being the main one).

I still believe though, that rules-based firewalls are _much_ better than
the method that ZA uses.. a lot more configurable.



Regards,

Ian

 

[Bart Bailey]

I haven't tested in a while.. but I do remember the "vectorwhachamacallit"
(whatever dll / vxd it loads as resident) used to crash more than
frequently.. and on 2 boxes that I Nmap'd (on request).. both boxes were
DoSsed off the 'net, one requiring a full reboot (one running win98, the
other win2k). This was being pushed out from a 256kbit upstream, so
nothing heavy. I was actually somewhat surprised (I have run ZA on win95
in the past). My only thought was that it was working overtime blocking
the ports (stealth mode) that it choked the CPU / resources. This may have
all changed with later versions, but I have read comments from people
using it that the v4(?) is somewhat unstable (again, maybe the minor
releases have fixed some issues). I know one person very well too that
uses it.. but it's forever preventing ports from working properly and
often has to have apps removed and then permitted access again (Apache
being the main one).

I still believe though, that rules-based firewalls are _much_ better than
the method that ZA uses.. a lot more configurable.



Regards,

Ian

The closest I guess I come to a DoS is on the weekends when the p2p
freaks are hammering everything in the SBC DSL ranges. It was worse back
when I was using ETrust EZ Firewall since it didn't block ping
responses, and as soon I showed live, there were massive requests. The
recent swen pings exceeded all those however. Never have I had a CPU
overload though, seems unlikely too, my aDSL is only 1.5M/160 with the
DL rate surpassing 2.5M occasionally, and the CPU is a 566MHz. There was
a sploit on GRC awhile back that relied on some minor SE to invoke a
second instance of a browser that had already been granted outbound
access, but I can't seem to find it now. I know I come off as arrogant
at times, and it's not so much derived from excessive personal smarts as
it's designed to provoke responses that would reveal vulnerabilities
that I'm unaware of. I was an old fan of ATGuard, and like the new Kerio
for its similarities, just had issues with its tendency to require a
reboot if I tried to disable/re-enable it. ZA can be toggled on/off/on
and its vsmon behaves quite nicely.
I've heard of complaints with the v4 ZAP, but since I don't need any of
its "features", like remote reporting etc. I stick with the freebie
v3.7.211.