Permitting "Act as Server"

[E/B]

Seeking advice about possible rules of thumb/guidelines for granting rights
for various Windows programs to act as a "server" (as opposed to permitting
just "access") on a single home-based PC protected by ZA that is only used
for email and general browsing?
Requests from firewall occur almost daily and I have heard "never" and
"maybe" for Server permission.

ZA explains it as follows in their documentation:
Granting a program permission to act as a server
Exercise caution when granting permission for programs to act as a server,
as Trojan

horses and other types of malware often need server rights in order to do
mischief.

Permission to act as a server should be reserved for programs you know and
trust, and

that need server permission to operate properly.

My initial reaction each time is 'no', but there may be an unknown
underlying justification. Ex: get fairly frequent requests for Windows
Explorer to act a server but admit to not having any rationale for a Yes or
No. Denial does not seem to have a noticable effect.
How may I determine that a program must have Server needs in order to grant
the permission prospectively?

 

[Doug Kanter]

Seeking advice about possible rules of thumb/guidelines for granting rights
for various Windows programs to act as a "server" (as opposed to permitting
just "access") on a single home-based PC protected by ZA that is only used
for email and general browsing?
Requests from firewall occur almost daily and I have heard "never" and
"maybe" for Server permission.

ZA explains it as follows in their documentation:
Granting a program permission to act as a server
Exercise caution when granting permission for programs to act as a server,
as Trojan

horses and other types of malware often need server rights in order to do
mischief.

Permission to act as a server should be reserved for programs you know and
trust, and

that need server permission to operate properly.

My initial reaction each time is 'no', but there may be an unknown
underlying justification. Ex: get fairly frequent requests for Windows
Explorer to act a server but admit to not having any rationale for a Yes or
No. Denial does not seem to have a noticable effect.
How may I determine that a program must have Server needs in order to grant
the permission prospectively?

I've been using ZA for a couple of years. Only ONE program needs to be able
to act as a server: PCAnywhere, when someone at my home office wants to
access my machine. Everything else is set for "No - NEVER", and I've seen
abolutely no ill effects. This includes Explorer, OE, Outlook, AOL Instant
Messenger, Microsoft Messenger, ICQ etc etc etc.

It's always surprised me that ZoneLabs didn't have a list of the most common
programs and why they might ask for server permission. Meanwhile, keep
saying "No" and if you have a problem with a specific program, deal with
that alone.

 

[Alex Nichol]

My initial reaction each time is 'no', but there may be an unknown
underlying justification. Ex: get fairly frequent requests for Windows
Explorer to act a server but admit to not having any rationale for a Yes or
No. Denial does not seem to have a noticable effect.
How may I determine that a program must have Server needs in order to grant
the permission prospectively?

Really only by seeing what happens if you refuse. There are not many
things for which it is truly needed. Some FTP programs may; Windows
Messenger does if you want to use that to *send* files (that is handled
by the accepting site sending a 'please serve it to me' request). Aside
from that the only things I have on 'always yes' are one Autodownload
(for my eTrust AV) and Application Layer Gateway (for the benefit of
Internet Connection sharing)