Loss of HTTP connectivity going out

[Alan Meyer]

My wife's computer is running Windows Vista. The system works fine for
almost all purposes. It accesses the Internet successfully through a
wireless network card to our home WiFi router. The WiFi connection is
fine with a high signal strength. It's connecting to an old DLink
802.11b router using WEP encryption, which is all the router supports.

Periodically, on average every few days, she will lose HTTP
connectivity. This happens in both IE7 and Firefox 3.08. She can still
send and receive email and still use a web browser via HTTPS, but she
cannot connect to ordinary web pages on port 80. The problem normally
persists until she reboots, at which time connectivity is restored.

Two other computers on my home network (one Linux, one XP) are
unaffected. They work fine through the same wireless network while my
wife's Vista computer is not connecting.

It seems as if Vista or some installed piece of software is setting up a
proxy server that is intercepting attempts to initiate connection on
port 80 but, so far, I haven't found anything doing that. If, in
Internet Explorer, I click Tools, Internet Options, Connections, LAN
settings, the "Use a proxy server ..." box is unchecked. I have tried
checking it and then unchecking it, but that has no effect.

I have been running some software on her machine that could be causing
the problem. I was running the free versions of Spybot, Zonealarm and
AVG antivirus. None of them appear to be claiming to run proxy servers
when I read their help information.

I uninstalled Spybot with no effect.

I cannot find any controls in AVG Free that will allow me to tweak it,
and it appears that I cannot disable it without a complete uninstall -
which I'm loathe to do.

I tried tweaking various levels of "Program Control" in Zonealarm from
"High" to "Off". There was an effect of sorts. At "High", when I
attempt to connect to a web page it times out. At lower settings, a
connection attempt returns within a second or a few seconds telling me
that it could not connect. As with a lot of this kind of software
however, I can't seem to get it out of memory except by uninstalling it,
which I am also loathe to do - but I don't really think that has
anything to do with my problem. Neither Zonealarm nor AVG can be killed
with Task Manager, even when running as administrator.

The reason I'm loathe to uninstall the virus checker or firewall is that
my wife is a very unsophisticated computer user and I worry that she
needs all the protection she can get. We do have a firewall in the
router which will protect against hacking in, but nothing else. In
order to determine if Zonealarm or AVG is the problem I'd have to run
successfully for about two weeks without them - which is the longest we
have had the connection working.

Following a clue on the net, I tried creating a registry setting at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}

(see: http://www.catonett.com/blog/archives/194)

but it didn't help.

One more clue is that task manager currently reports that both IExplore
and Firefox are running, even though I have closed them and their
windows are gone. The processes appear to be zombies. The cannot be
killed in task manager, even when running taskmgr as administrator. I
don't know if this happens every time because I haven't checked it
before.

My next step is to uninstall Zonealarm and, if that fails, uninstall
AVG - which really scares me. But before I do that, I'm hoping someone
can give me either some better ideas, or some information to indicate
that one of those really is the problem.

Thank you very much for any solutions, info, clues, or just wild ass
guesses.

Alan

 

[the wharf rat]

Periodically, on average every few days, she will lose HTTP
connectivity. This happens in both IE7 and Firefox 3.08. She can still
send and receive email and still use a web browser via HTTPS, but she
cannot connect to ordinary web pages on port 80. The problem normally
persists until she reboots, at which time connectivity is restored.

Sure you don't have some kind of infection?

Try

netsh int ip reset
netsh winsock reset

then reboot

 

[Alan Meyer]

...
Sure you don't have some kind of infection?

One never knows for certain, but AVG says I'm clean.

Try

netsh int ip reset
netsh winsock reset

Interesting. It appears that these will wipe out my
existing TCP/IP and Winsock protocol stacks and re-install
them from scratch.

Would that wipe out any service pack changes since the
original Vista install? Is it safe? Does anyone have
experience with this?

Is it possible that TCP/IP or Winsock are corrupt given that
Internet access works on ports other than port 80? I'm hoping
that it's something at a higher level than this, though
you might be right and this might be the thing to do.

then reboot

A reboot by itself will automatically eliminate the problem
so it would take some time to find out if the resets solved
anything. But ultimately, I'll have to do that.

I think I'll keep the ip and winsock resets in my pocket for
a while and bring them out if I can't find anything to do
at a higher level - unless these are known to be very safe.

Thank you for your suggestions.

Alan

 

[Alan Meyer]

One never knows for certain, but AVG says I'm clean.


Interesting. It appears that these will wipe out my
existing TCP/IP and Winsock protocol stacks and re-install
them from scratch.

Would that wipe out any service pack changes since the
original Vista install? Is it safe? Does anyone have
experience with this?

Further research reveals that the first of these commands
(maybe the second too), does not change any software. It
modifies the registry keys and values that control the tcp/ip
software.

I suppose that if I backup the registry and keep a logfile
from netsh using "netsh int ip reset resetlog.txt" I should
be able to do this safely.

I may pluck up my courage and try it.

Alan

 

[+Bob+]

One more clue is that task manager currently reports that both IExplore
and Firefox are running, even though I have closed them and their
windows are gone. The processes appear to be zombies. The cannot be
killed in task manager, even when running taskmgr as administrator. I
don't know if this happens every time because I haven't checked it
before.

I think this may be a major clue. It's possible that it's not a
network issue at all, but a browser issue (yes, both of them). When
those zombie processes are running, neither browser will work
properly.

Also, you clearly have a valid connection, so it's not general
connectivity.

Try installing a third browser such as something old from Netscape
like V4.something... or perhaps Opera. Next time it hangs, try that
browser and see if it works.

 

[JT]

My wife's computer is running Windows Vista. The system works fine for
almost all purposes. It accesses the Internet successfully through a
wireless network card to our home WiFi router. The WiFi connection is
fine with a high signal strength. It's connecting to an old DLink
802.11b router using WEP encryption, which is all the router supports.

Periodically, on average every few days, she will lose HTTP
connectivity. This happens in both IE7 and Firefox 3.08. She can still
send and receive email and still use a web browser via HTTPS, but she
cannot connect to ordinary web pages on port 80. The problem normally
persists until she reboots, at which time connectivity is restored.

Two other computers on my home network (one Linux, one XP) are
unaffected. They work fine through the same wireless network while my
wife's Vista computer is not connecting.

It seems as if Vista or some installed piece of software is setting up a
proxy server that is intercepting attempts to initiate connection on
port 80 but, so far, I haven't found anything doing that. If, in
Internet Explorer, I click Tools, Internet Options, Connections, LAN
settings, the "Use a proxy server ..." box is unchecked. I have tried
checking it and then unchecking it, but that has no effect.

I have been running some software on her machine that could be causing
the problem. I was running the free versions of Spybot, Zonealarm and
AVG antivirus. None of them appear to be claiming to run proxy servers
when I read their help information.

I uninstalled Spybot with no effect.

I cannot find any controls in AVG Free that will allow me to tweak it,
and it appears that I cannot disable it without a complete uninstall -
which I'm loathe to do.

I tried tweaking various levels of "Program Control" in Zonealarm from
"High" to "Off". There was an effect of sorts. At "High", when I
attempt to connect to a web page it times out. At lower settings, a
connection attempt returns within a second or a few seconds telling me
that it could not connect. As with a lot of this kind of software
however, I can't seem to get it out of memory except by uninstalling it,
which I am also loathe to do - but I don't really think that has
anything to do with my problem. Neither Zonealarm nor AVG can be killed
with Task Manager, even when running as administrator.

The reason I'm loathe to uninstall the virus checker or firewall is that
my wife is a very unsophisticated computer user and I worry that she
needs all the protection she can get. We do have a firewall in the
router which will protect against hacking in, but nothing else. In
order to determine if Zonealarm or AVG is the problem I'd have to run
successfully for about two weeks without them - which is the longest we
have had the connection working.

Following a clue on the net, I tried creating a registry setting at

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{GUID}


(see: http://www.catonett.com/blog/archives/194)

but it didn't help.

One more clue is that task manager currently reports that both IExplore
and Firefox are running, even though I have closed them and their
windows are gone. The processes appear to be zombies. The cannot be
killed in task manager, even when running taskmgr as administrator. I
don't know if this happens every time because I haven't checked it
before.

My next step is to uninstall Zonealarm and, if that fails, uninstall
AVG - which really scares me. But before I do that, I'm hoping someone
can give me either some better ideas, or some information to indicate
that one of those really is the problem.

Thank you very much for any solutions, info, clues, or just wild ass
guesses.

Alan

I've had issues with Zonealarm in the past. That's probably the issue if
the email still works. It can bloat up after a long period of use.
Installing a different firewall solved my issues. My parents had issues
with Zonealarm as well.

 

[Alan Meyer]

I think this may be a major clue. It's possible that it's not a
network issue at all, but a browser issue (yes, both of them). When
those zombie processes are running, neither browser will work
properly.

Also, you clearly have a valid connection, so it's not general
connectivity.

Try installing a third browser such as something old from Netscape
like V4.something... or perhaps Opera. Next time it hangs, try that
browser and see if it works.

Bob, thank you for your reply.

I can't really imagine that both browsers are defective
in exactly the same way. Both can connect via HTTPS
and neither one can connect via HTTP. Two identical bugs,
both activated at the same instant, seems like too much
of a coincidence to me.

I should think that the problem has to be at a lower level,
and the fact that two zombies are created is caused by a
similar effect of the lower level error on both. Presumably
it's in a common DLL that both use - Winsock or below.

Alan

 

[Alan Meyer]

...
I've had issues with Zonealarm in the past. That's probably the issue if
the email still works. It can bloat up after a long period of use.
Installing a different firewall solved my issues. My parents had issues
with Zonealarm as well.

Zonealarm seems like a possibility.

Of the three security programs I was running, Spybot, Zonealarm
and AVG, Spybot was the one that I could most easily and safely
dispense with. So I uninstalled that first.

However I have now bitten the bullet and uninstalled Zonealarm.
If nothing fails for at least two weeks, I'll believe that was
it and look for an alternative firewall. If it does fail I
may take a chance and uninstall AVG.

If _that_ doesn't work, I'll try wharf rat's suggestion to reset
the tcp/ip and winsock registry records using the netsh commands
he described.

Thank you for your reply.

Alan

 

[JT]

Zonealarm seems like a possibility.

Of the three security programs I was running, Spybot, Zonealarm
and AVG, Spybot was the one that I could most easily and safely
dispense with. So I uninstalled that first.

However I have now bitten the bullet and uninstalled Zonealarm.
If nothing fails for at least two weeks, I'll believe that was
it and look for an alternative firewall. If it does fail I
may take a chance and uninstall AVG.

If _that_ doesn't work, I'll try wharf rat's suggestion to reset
the tcp/ip and winsock registry records using the netsh commands
he described.

Thank you for your reply.

Alan

You can still use the Windows Firewall that's built in. Not very robust,
but it's available.

 

[Alan Meyer]

...
You can still use the Windows Firewall that's built in. Not very robust,
but it's available.

I may enable that, though I don't think it's giving me
any protection I don't already get from the firewall
built in to my wireless router.

What I liked about Zonealarm is that it protects against
outgoing packets as well as incoming ones. It is amazing
how many programs installed on our Windows machines
attempt to communicate with servers without ever telling
us that they are doing so.

Unfortunately, it appears to me that the free version of
Zonealarm has been dumbed down in recent versions. Part
of that may be that they're just trying to make the program
simpler for the average user, who knows nothing about
ports, protocols, or other mechanics of networking. Maybe,
all in all, they're doing the right thing. Or maybe it's
just so they can differentiate their commercial product
from their freeware version. If so, it's hard to blame
them since they are, after all, in business to make money.

Alan

 

[Gene E. Bloch]

I may enable that, though I don't think it's giving me
any protection I don't already get from the firewall
built in to my wireless router.

What I liked about Zonealarm is that it protects against
outgoing packets as well as incoming ones. It is amazing
how many programs installed on our Windows machines
attempt to communicate with servers without ever telling
us that they are doing so.

Unfortunately, it appears to me that the free version of
Zonealarm has been dumbed down in recent versions. Part
of that may be that they're just trying to make the program
simpler for the average user, who knows nothing about
ports, protocols, or other mechanics of networking. Maybe,
all in all, they're doing the right thing. Or maybe it's
just so they can differentiate their commercial product
from their freeware version. If so, it's hard to blame
them since they are, after all, in business to make money.

Alan

Consider Comodo Firewall (free). Also, IIRC, Avira has a combined free AV
and FW. Or maybe it's Avast - I always mix those two up.

 

[JT]

Consider Comodo Firewall (free). Also, IIRC, Avira has a combined free AV
and FW. Or maybe it's Avast - I always mix those two up.

I just installed Comodo Firewall today as it has a 64bit version. Seems
good so far and doesn't use much system resources.

 

[Mike Torello]

Consider Comodo Firewall (free). Also, IIRC, Avira has a combined free AV
and FW. Or maybe it's Avast - I always mix those two up.

Make that "mix those three up"... whatever the third one is.

Neither Avast nor Avira has a firewall with the free version.

 

[Gene E. Bloch]

Make that "mix those three up"... whatever the third one is.

Neither Avast nor Avira has a firewall with the free version.

Note the IIRC above. It's been a while since I used those.

So I just looked *briefly* on their sites. I couldn't even find a firewall
on the paid version of Avast

Avira Premium Security Suite has one; that program is 40 euros for one
license; not free, sorry.

There might be a third one ... I'd have to resurrect an old computer
to find it. Not tonight - I have a headache.

 

[Alan Meyer]

Gene E. Bloch wrote:
....

Consider Comodo Firewall (free). Also, IIRC, Avira has a combined free AV
and FW. Or maybe it's Avast - I always mix those two up.

Thanks Gene, JT and Mike.

I just looked for review of Comodo Firewall and found an old
one from Neil Rubenking at PC Magazine
(http://www.pcmag.com/article2/0,2817,1969225,00.asp)
that was very positive.

Alan

 

[Gene E. Bloch]

Gene E. Bloch wrote:
...

Thanks Gene, JT and Mike.

I just looked for review of Comodo Firewall and found an old
one from Neil Rubenking at PC Magazine
(http://www.pcmag.com/article2/0,2817,1969225,00.asp)
that was very positive.

Alan

As you probably saw from Mike Torello's reply to my post, I was wrong about
the possible free combined AV and firewall in Avast or Avira software, so
the separate Comodo FW ends up being the valid idea.

 

[Alan Meyer]

My wife's computer is running Windows Vista.
...
Periodically, on average every few days, she will lose HTTP
connectivity. This happens in both IE7 and Firefox 3.08. She can still
send and receive email and still use a web browser via HTTPS, but she
cannot connect to ordinary web pages on port 80. The problem normally
persists until she reboots, at which time connectivity is restored.
...
My next step is to uninstall Zonealarm and, if that fails, uninstall
AVG - which really scares me. But before I do that, I'm hoping someone
can give me either some better ideas, or some information to indicate
that one of those really is the problem.

For the record, in case anyone searches the archives for this,
it has now been a day over two weeks since I uninstalled
Zonealarm and we have not had to reboot Vista even once.
It might be a coincidence, but it's beginning to look like
Zonealarm did something that blocked any traffic to/from
port 80 on HTTP. I couldn't find anything in ZA that was
doing it, but there may have been something going on that
ZA didn't reveal.

It's bad when hackers hack you, but when you get bitten by
your own firewall, that's a pain.

Alan

 

[Jim]

For the record, in case anyone searches the archives for this,
it has now been a day over two weeks since I uninstalled
Zonealarm and we have not had to reboot Vista even once.
It might be a coincidence, but it's beginning to look like
Zonealarm did something that blocked any traffic to/from
port 80 on HTTP. I couldn't find anything in ZA that was
doing it, but there may have been something going on that
ZA didn't reveal.

It's bad when hackers hack you, but when you get bitten by
your own firewall, that's a pain.

Alan

Just curious : what firewall are you using now ?

 

[Alan Meyer]

Just curious : what firewall are you using now ?

Sorry, I haven't been monitoring the thread and just now saw
your question.

It's now three weeks since uninstalling Zonealarm and the http
connections are still up. I'm getting more and more convinced
that Zonealarm was the problem. I'm very sure we've never gone
three weeks before without loss of HTTP connectivity.

As to firewalls, I have two. There is a firewall in the WiFi
router that my wife connects through to the Internet, and there
is the built-in Windows firewall.

Neither one provides the protection that Zonealarm provided
against malware on the computer connecting outward, but they
do provide good protection against incoming threats - which
are the most dangerous I think.

Alan

 

[Planters]

Sorry, I haven't been monitoring the thread and just now saw
your question.

It's now three weeks since uninstalling Zonealarm and the http
connections are still up. I'm getting more and more convinced
that Zonealarm was the problem. I'm very sure we've never gone
three weeks before without loss of HTTP connectivity.

As to firewalls, I have two. There is a firewall in the WiFi
router that my wife connects through to the Internet, and there
is the built-in Windows firewall.

Neither one provides the protection that Zonealarm provided
against malware on the computer connecting outward, but they
do provide good protection against incoming threats - which
are the most dangerous I think.

Protecting you from malware is not a firewall's job. ZA is not a
firewall. It's only a personal packet filter with a lot of snake-oil in
it trying to protect you from *you*.

A firewall sits at the junction point between two networks. The firewall
protects from the network it is protecting from usually the Internet,
and the firewall protects the network it is protecting, the LAN.

A firewall must have at least two network interfaces. One interface must
face the WAN (Wide Area Network), and the other interface must face the
LAN (Local Area Network).

If the computer was running a host based firewall, then the computer
would have two network interface cards in it with one facing the WAN and
the other one facing that LAN.

Your router comes closer to being a firewall, because it has the WAN and
LAN interfaces and traffic is controlled between the WAN and LAN
interfaces on the router.