Zone Alarm Suite ( Vista )

[Ryan Hayward]

I recently installed ZA Suite for Vista and run it through the Shields-UP
Tests.
Basically, it reported that none of my ports were stealthed and that Port
135
was actually open.

I then disabled the Zone Alarm firewall and re-enabled windows vista
firewall and run it
through the shields-up tests.
It reported that all of my ports were stealthed and that Port 135 was too.

My question is if I should continue using Vista firewall for incoming
protection and Zone Alarm's
program control for outbound protection. The two are not conflicting as Zone
Alarm firewall is actually turned
off ( and I have confirmed it ) but I still get popups asking me for
permission whenever a program of mine wants to use the internet which is
great !

I have left a message on the Zone Alarm Forum about this matter about 12
hours ago and nobody
has replied so I thought I would ask some of you tech heads in here.

Am I right about being concerned about the open port with Zone Alarm's
firewall or do you think that my computer is still safe with Zone Alarm,
even though the ports are reportedly not stealthed and 135 is open ?
I'm quite happy with the Vista/ZoneLabs combination for now, because program
control is as I mentioned, still working well with the Vista Firewall.
Would be nice however to use just the one program for inbound/outbound
protection...

 

[Daze N. Knights]

To get the "Stealth" settings using ZoneAlarm, open the control panel to
"Firewall," and under the "Main" tab, set both the "Internet Zone
Security" and the "Trusted Zone Security" sliders to "High." After
making this change, try the Shields-Up tests and see if your results
haven't changed.

 

[Ryan Hayward]

Thanks for the reply.

I did as you asked and still getting the same results.

 

[Daze N. Knights]

Really? I'm surprised, because that always worked for me in the past.
Perhaps there is a problem with ZA's new version for Vista. I'm using it
myself, but am also behind a NAT router and that has me stealthed
without the ZA, which I only really use for outbound filtering.

 

[Mr. Arnold]

I recently installed ZA Suite for Vista and run it through the Shields-UP
Tests.
Basically, it reported that none of my ports were stealthed and that Port
135
was actually open.

Stealth is Gibson trash talk. The most important thing is that the port is
closed. If you want the computer to be stealthed (sort of speaking), then
put the machine behind a router.

If the computer is behind a router, then unsolicited inbound traffic, which
are the scans, probes and attacks, cannot reach the machine, because the
router is stopping it. If the router is stopping the traffic in front of the
computer, then the computer cannot react to the traffic, and the computer is
stealth (sort of speaking).

http://www.homenethelp.com/web/explain/about-NAT.asp

 

[Ryan Hayward]

The 135 port is open though if I enable ZA's.
I think I might buy a router for piece of mind, thanks for that suggestion.
Should I still use Zone Alarm for its outbound protection ?

 

[Ryan Hayward]

Really? I'm surprised, because that always worked for me in the past.
Perhaps there is a problem with ZA's new version for Vista. I'm using it
myself, but am also behind a NAT router and that has me stealthed without
the ZA, which I only really use for outbound filtering.

Try Zone Alarm without the router and see if you get the same results as I.
Should be interesting.....

 

[Daze N. Knights]

Done. Bypassing the router, and with ZA set as I suggested, results show
all ports "stealthed" ("TruStealth"). Then, turning off ZA (no router,
no firewall), results show all ports "closed" EXCEPT 0, 135, 139, and
445, which four ports are "stealthed." After turning the ZA back on,
results show, again, all ports "stealthed" ("TruStealth"). Including my
router (plus ZA) again, results again show all ports "stealthed"
("TruStealth"). So, my ZA seems to be working as it should be.

 

[Mr. Arnold]

The 135 port is open though if I enable ZA's.
I think I might buy a router for piece of mind, thanks for that
suggestion.
Should I still use Zone Alarm for its outbound protection ?

The only time I use a personal FW like ZA or even Vista's FW, which I use
Vista's FW, is when the machine has a direct connection to the modem, and
therefore, to the Internet.

If I have any machine behind my FW appliance or FW router in your case, then
such solutions are disabled on the computers.

If you have a FW router solution, that you can set rules to stop inbound or
outbound traffic by port, protocol, subnet or IP, then you don't need
something like ZA running behind it.

You should get something that runs with Wallwatcher, like Linksys, Dlink,
Netgear possibly one that ICSA certified. Netgear has one that ICSA.

http://sonic.net/wallwatcher/

You should make sure you get a FW router that meets the specs for *What does
a firewall do?*.

http://www.vicomsoft.com/knowledge/reference/firewalls1.html

If you have malware running on a computer, then you can stop its traffic
inbound or outbound to a remote/IP, until you can find the malware using the
proper tools like Active Ports/CurrPorts (CP Vista) Process Explorer,
TCPview and other such tools.

http://preview.tinyurl.com/klw1

Here is another link that will help you understand what is a FW solution and
what is not a FW solution.

http://www.more.net/technical/netserv/tcpip/firewalls/

Solutions like ZA, Vista's FW and other solutions of that nature are not FW
solutions, but they are rather, machine level packet filters that protect at
the machine level.

 

[Daze N. Knights]

Notice how Mr. Arnold states that "Stealth is Gibson trash talk" and
then goes on to say that, behind a router, "the computer is stealth
(sort of speaking)." He thus bad-mouths Steve Gibson for using a certain
term to describe a certain state of one's ports, yet turns right around
and uses the term himself, because he has no better term than Gibson's
to use in describing that particular state of one's ports.

Mr. Arnold's understanding of computer security pales in comparison to
that of Steve Gibson (who, BTW, recommends using both a NAT router for
inbound protection and a decent software firewall to help with outbound
filtering). If you care to try following Mr. Arnold's advice, I wish you
luck. But since Mr. Arnold has, for no reason at all, already insulted a
friend of mine (Steve Gibson), I am not particularly interested in
discussing computer security with him myself.

Enough said.

 

[Ryan Hayward]

If its doing its job for you then I wonder if I need to tinker with some of
its advanced settings.
I've only got it set on its default settings with the highest security
settings possible in regards to Internet and Trusted Zones.
I may contact ZA directly and see if I can come up with a solution...
Thanks again for your time...

 

[Ryan Hayward]

Thankyou for the overwhelming amount of information.
If I only have basic level of firewall experience, would a router be easy
for me to install ?

 

[Daze N. Knights]

YW. I'm sorry I couldn't solve your problem. If you're using the free
version, ZA support won't help, but you can try posting to the forum:

http://forums.zonealarm.com/zonelabs/board?board.id=inst&page=1

 

[Mr. Arnold]

Notice how Mr. Arnold states that "Stealth is Gibson trash talk" and then
goes on to say that, behind a router, "the computer is stealth (sort of
speaking)." He thus bad-mouths Steve Gibson for using a certain term to
describe a certain state of one's ports, yet turns right around and uses
the term himself, because he has no better term than Gibson's to use in
describing that particular state of one's ports.

The port is either open or it's closed. There is no such thing as a
stealthed port. And if you frequented a FW and Security NG, like I have over
the last 7 years, you would be told and shown this like I have been shown.
They also will say that those that do the scanning is *if I don't get the
proper response back from the FW, then I know there is something there,
which can be investigated and possibly exploited.*, because that's a home
user that has a PFW running with a direct connection to the Internet.

I use the term stealth, because that's exactly what's happening behind a FW
router is that the machine and its ports are stealthed, because the traffic
is hitting the router's ports and not the computer's port. It's NOT reaching
the computer.

So how can any thing know that something is there under those conditions.

I didn't know that Gibson invented the word *stealth*.

Mr. Arnold's understanding of computer security pales in comparison to
that of Steve Gibson (who, BTW, recommends using both a NAT router for
inbound protection and a decent software firewall to help with outbound
filtering). If you care to try following Mr. Arnold's advice, I wish you
luck. But since Mr. Arnold has, for no reason at all, already insulted a
friend of mine (Steve Gibson), I am not particularly interested in
discussing computer security with him myself.

http://grcsucks.com/

Well, I found that out when he really didn't know what he was talking about
when he was bashing BlackIce. And that's when I discovered that Gibson
really didn't know what he was talking about concerning a whole lot of
things, and I was not going to be lead by the nose like some kind of a
sheep. That's when Gibson behind was kicked to the curb by me.

I also suggest that you step into a FW and Security NG and mention the word
Gibson and watch your behind get tarred and feathered by those who actually
work with FW(s) and Security for their livelihood.

*Gibson said*, what a sheep you are. Well, I got a friend down in
Mississippi that' got some swampland you can buy too, because you're that
type.

 

[Mr. Arnold]

Thankyou for the overwhelming amount of information.
If I only have basic level of firewall experience, would a router be easy
for me to install ?

Yes, a router is a plug it up and go device that needs very little
configuration on your part. It provides instant protection from the
Internet. It's hard to mis-configure a router. It's not hard to
mis-configure a software solution.

All the router's ports are closed by default, unless you start setting rules
to open those ports to the Internet, which you shouldn't have to do, unless
you have something like a Web server running on a machine and you wanted
people to contact the Web server over the Internet. Other than that, the
router is just plug it up and go.

 

[Ryan Hayward]

Yes, a router is a plug it up and go device that needs very little
configuration on your part. It provides instant protection from the
Internet. It's hard to mis-configure a router. It's not hard to
mis-configure a software solution.

All the router's ports are closed by default, unless you start setting
rules to open those ports to the Internet, which you shouldn't have to do,
unless you have something like a Web server running on a machine and you
wanted people to contact the Web server over the Internet. Other than
that, the router is just plug it up and go.

Awesome, I am definetly picking up one of those. A netcomm as you suggested
!

 

[Mr. Arnold]

Awesome, I am definetly picking up one of those. A netcomm as you
suggested !

That's a Netgear.

 

[Mr. Arnold]

YW. I'm sorry I couldn't solve your problem. If you're using the free
version, ZA support won't help, but you can try posting to the forum:

http://forums.zonealarm.com/zonelabs/board?board.id=inst&page=1

You couldn't help a *fly* find a garbage truck in 100 degree weather. But
I'll bet you can find some swampland and buy it, if Gibson told you to do
it. <g>

 

[Daze N. Knights]

And what part of "Enough said" didn't you understand? You began your
rants here with a personal attack on Steve Gibson, which you now
continue with personal attacks on me. You obviously *enjoy* pissing
contests, while I do not. Please continue (as I know you will) to piss
here to your heart's content. Just don't expect me to join you.

 

[Mr. Arnold]

Look you lunatic and Gibson is a friend of mine, I didn't bother to read it.

You should go whine and slobber over Gibson with ZA over at Gibson's chapel,
just make sure you can get off of your knees before you walkout, praying to
him. You shouldn't try to help anyone else, because like I said, you
couldn't help a fly.