PDA

View Full Version : Zone Alarm and Firefox



Victor Laszlo
05-03-08, 07:57 PM
I have a problem with Zone Alarm.

Whenever I now (this is very recent, since the first of the year) boot
up my Windows XP Home SP1 computed Zone Alarm always asks for me to
authorize a connection to the internet using the SAME IP address.
Furthermore, when I look at the settings Zone Alarm is always set to
"ask" instead of "allow" the ip address. The settings are always reset
when I shut down the system. Also, my settings for Firefox are also
reset to "ask" from "allow". Any ideas what is causing this and how it
can be corrected?

I've tried everything including the "trusted zone" setting even though
I am not on a LAN.

Volker Birk
05-03-08, 11:31 PM
Victor Laszlo <vlaszlo@worldnet.att.net> wrote:
> I have a problem with Zone Alarm.

A circle is round. Ice is cold. And you have a problem with Zone Alarm.

Do you like pleonasms? ;-)

Yours,
VB.

P.S.: There is an easy solution: just kick Zone Alarm.
--
The file name of an indirect node file is the string "iNode" immediately
followed by the link reference converted to decimal text, with no leading
zeroes. For example, an indirect node file with link reference 123 would
have the name "iNode123". - HFS Plus Volume Format, MacOS X

Straight Talk
05-04-08, 01:27 AM
On Sun, 04 May 2008 00:57:55 GMT, Victor Laszlo
<vlaszlo@worldnet.att.net> wrote:

>I have a problem with Zone Alarm.

'ere we go again.

>Whenever I now (this is very recent, since the first of the year) boot
>up my Windows XP Home SP1 computed Zone Alarm always asks for me to
>authorize a connection to the internet using the SAME IP address.
>Furthermore, when I look at the settings Zone Alarm is always set to
>"ask" instead of "allow" the ip address. The settings are always reset
>when I shut down the system. Also, my settings for Firefox are also
>reset to "ask" from "allow".

>Any ideas what is causing this and how it
>can be corrected?

ZA is causing this.

It can be corrected by getting rid of ZA (if possible).

>I've tried everything including the "trusted zone" setting even though
>I am not on a LAN.

Yes. That's your problem. You're experimenting with a crappy
"security" solution within an area you don't understand.

Kayman
05-04-08, 03:54 AM
On Sun, 04 May 2008 00:57:55 GMT, Victor Laszlo wrote:

> I have a problem with Zone Alarm.

Solution:
How to uninstall ZoneAlarm cleanly.
http://zonealarm.donhoover.net/uninstall.html
or
Revo Uninstaller.
http://www.revouninstaller.com/

> Whenever I now (this is very recent, since the first of the year) boot
> up my Windows XP Home SP1...

Your OS requires to be updated.

<snip>

> I've tried everything including the "trusted zone" setting even though
> I am not on a LAN.

The most dependable defenses are:
1. Do not work as 'Administrator'; For day-to-day work routinely use a
Limited User Account (LUA).
2. Secure (Harden) your operating system.
3. Keep your operating (OS) system (and all software on it)
updated/patched.
4. Reconsider the usage of IE and OE.
5. Review your installed 3rd party software applications/utilities;
Remove clutter.
6. Don't expose services to public networks.
7. Activate the build-in firewall and configure Windows not to use TCP/IP
as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP
ports 135,137-139 and 445 (the most exploited Windows networking weak
point) closed.
7a.If on high-speed internet use a router as well.
8. Routinely practice safe-hex.
9. Regularly back-up data/files.
10.Familiarize yourself with crash recovery tools and re-installing your
operating system (OS).
11.Utilize a real-time anti-virus application and vital system
monitoring utilities/applications.
12.Keep abreast of the latest developments - ***** happens...you know.
The least preferred defenses are:
Myriads of popular anti-whatever applications and staying ignorant.

Gary
05-05-08, 03:15 PM
Kayman wrote:
> 4. Reconsider the usage of IE and OE.

It would appear that your Usenet bot misread the subject line. Its form
letter response engine is also missing a most crucial step:

Lucky #13. Try opening a support incident with your software vendor before
soliciting biased advice from the the curmudgeons of Usenet.

FYI, not that Cisco haven't made their fair share of missteps over the
years but they actually include the Zone Alarm engine in their IPsec
client. Naturally, it's been stripped of its standard UI and access list
and enforces policies set by the VPN endpoint thus eliminating the newbie
factor from the equation. Of course, this is more restrictive for the end
user but that's the intention.

As for the original poster, I would, unfortunately, have to suggest that
you try the de rigeur of Windows trouble-shooting steps; uninstall and
reinstall it unless advised otherwise by the vendor you're paying to
support your product. Does it have an option to export/import your
existing access policy? If so, be sure to export it first so you can
reimport it after reinstalling.

-Gary

Kayman
05-05-08, 08:13 PM
On Mon, 05 May 2008 20:15:36 -0000, Gary wrote:

> Kayman wrote:
>> 4. Reconsider the usage of IE and OE.
>
> It would appear that your Usenet bot misread the subject line.

How so? Why is re-evaluation provoking such a comment?

> Its form letter response engine is also missing a most crucial step:
> Lucky #13.

Your superstitious notions are of little importance. You may consider
"Myriads of popular anti-whatever applications and staying ignorant" as
item 13.

> Try opening a support incident with your software vendor before

Yeah right. The makers of commercially driven Illusion Ware are bending
over backwards...

> soliciting biased advice from the the curmudgeons of Usenet.

You don't know me, if you group me in some arbitrary fashion, that is your
own inability to see clearly and not my issue.
But yes, mea culpa, the advice favors common sense over advertisement
driven Phony-Baloney Ware.

> FYI, not that Cisco haven't made their fair share of missteps over the
> years but they actually include the Zone Alarm engine in their IPsec
> client. Naturally, it's been stripped of its standard UI and access list
> and enforces policies set by the VPN endpoint thus eliminating the newbie
> factor from the equation. Of course, this is more restrictive for the end
> user but that's the intention.

Spreading marketing hype instead of sound technical advice?
Which 'security' software manufacturer do you represent?

> As for the original poster, I would, unfortunately, have to suggest that
> you try the de rigeur of Windows trouble-shooting steps; uninstall and
> reinstall it unless advised otherwise by the vendor you're paying to
> support your product.

De rigueur steps are oftentimes inadequate when trying to remove
questionable software. Even Norton/Symantech and others provide speciality
removal tools, oh well.

> Does it have an option to export/import your
> existing access policy? If so, be sure to export it first so you can
> reimport it after reinstalling.

You obviously know little about ZA.
Would you care to meaningfully explain how your response, I guess
you deem it a reasonable explanation, is any except a self-centered
viewpoint expounding a self-centered approach.
--
Arguing with anonymous strangers on the Internet is a sucker's game because
they almost always turn out to be (or to be indistinguishable from)
self-righteous sixteen-year-olds possessing infinite amounts of free time.
(Neil Stephenson, author of "Cryptonomicon")

Gary
05-06-08, 02:01 PM
Kayman spewed:
> You don't know me, if you group me in some arbitrary fashion, that is
> your own inability to see clearly and not my issue.

What is your technical issue? Or is it merely one of attitude? *yawn*

> Spreading marketing hype instead of sound technical advice?
> Which 'security' software manufacturer do you represent?

None of them. I've been a unix sysadmin for 15+ years. What's your excuse?

-Gary

goarilla@work
05-07-08, 05:42 AM
Kayman wrote:
> The most dependable defenses are:
> 1. Do not work as 'Administrator'; For day-to-day work routinely use a
> Limited User Account (LUA).

i agree with this one

> 2. Secure (Harden) your operating system.

a missing manual ?
how does one do that
and why does it seem like nobody really wants to elaborate on how ?
in a sense this post appeared/Portraited itself as a 'how to
harden your PC' tutorial

> 3. Keep your operating (OS) system (and all software on it)
> updated/patched.
> 4. Reconsider the usage of IE and OE.
> 5. Review your installed 3rd party software applications/utilities;
> Remove clutter.

i agree again
but i'm a minimalist :D some people just like bloat
and a whole desktop filled with icons is usually an indicator
of this

> 6. Don't expose services to public networks.

is this really a problem if you have a NAT'ing router ?
a router shouldn't forward broadcasts and most of them
don't allow unsollicited inbound connections

> 7. Activate the build-in firewall and configure Windows not to use TCP/IP
> as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP
> ports 135,137-139 and 445 (the most exploited Windows networking weak
> point) closed.

how does one do that?
are you talking about the Netbios over TCP/IP option
in the NIC config iirc (the place where lmhosts is also present) ?
or just disabling netbios all together, which is kinda bad advice
since for most people with a home network
netbios == their network

> 7a.If on high-speed internet use a router as well.
> 8. Routinely practice safe-hex.

a hate that word !
hex is not that easy and
it takes most people amble time to tell me what
8146 is in hex

> 9. Regularly back-up data/files.

people who have no intention of learning how to automatize this
and/or don't know how will get confused when they have to deal with
multiple backups. as a result they'll tell you everything is backed up
while it hardly isn't and they'll start blaming 'you' of removing their
backups* and other evil stuff* if **** hits the fan.

> 10.Familiarize yourself with crash recovery tools and re-installing your
> operating system (OS).
> 11.Utilize a real-time anti-virus application and vital system
> monitoring utilities/applications.
> 12.Keep abreast of the latest developments - ***** happens...you know.
> The least preferred defenses are:
> Myriads of popular anti-whatever applications and staying ignorant.
>
>

i agree we have to install mcafee here
and a girl who just got a new pc managed to attract a worm in 2 days
or so mcafee claims
i told her the obvious thing is to flatten the system again, but she
asked me if i could disable the pop-ups instead.

point of this
most users don't give a ****, it took me some time
trying to explain possible scenarios like keyloggers
logging her usernames/passwords, bankinformation
before she finally agreed to have me flatten the system

Kayman
05-09-08, 04:30 AM
On Wed, 07 May 2008 12:42:01 +0200, goarilla@work wrote:

> Kayman wrote:
>> The most dependable defenses are:
>> 1. Do not work as 'Administrator'; For day-to-day work routinely use a
>> Limited User Account (LUA).
>
> i agree with this one

I am glad you do :)

>> 2. Secure (Harden) your operating system.
>
> a missing manual ?

not really (Google is your friend :)
> how does one do that

> and why does it seem like nobody really wants to elaborate on how ?

because nobody asked for :)

> in a sense this post appeared/Portraited itself as a 'how to
> harden your PC' tutorial

here ya go:
2. Secure (Harden) your operating system.
*10 Immutable Laws of Security
http://www.microsoft.com/technet/archive/community/columns/security/essays/10imlaws.mspx?mfr=true

*Proceed with 'Hardening' your Operating System (all 3 websites have good
guidances)
http://www.5starsupport.com/tutorial/hardening-windows.htm
http://www.malwarehelp.org/Malware-Prevention-Hardening-Windows-Security1.html
http://labmice.techtarget.com/articles/winxpsecuritychecklist.htm
Note:
Both Plug & Play and DCOM can easily disabled manually in Services (Local)
panel and the Windows Messenger can be dealt with as mentioned in 2d.
Therefore there is *no* need to download the below mentioned tools:
a) To disable Windows Plug and Play,
b) To disable Windows DCOM,
c) To disable Windows Messenger,

And
*In Folder Options | File Types tab - *add* .CAB File.

*Right-click My Computer | Properties, System Properties - Advanced -
Performance/Settings - Data Execution Prevention is 'checked' Turn on
DEP...except those I select:
How to determine that hardware DEP is available and configured on your
computer.
http://support.microsoft.com/kb/912923

*Local Security Settings (Admin Tools - Local Security Policy) Network
security: Do not store LAN Manager hash value on next
password exchange
= ENABLED.

*Uninstall/disable Windows Messenger Windows Messenger in XP
http://www.kellys-korner-xp.com/xp_messenger.htm
Stop Windows Messenger from Auto-Starting.
Simply delete the following Registry Key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MSMSGS

*Security Policy Recommendations.
www.nsa.gov/snac/support/sixty_minutes.pdf
Security Attribute (page 27/28).
a) Network access: Do not allow anonymous enumeration of SAM accounts
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymousSAM = 1
Recommendet Setting: Enabled
b) Network access: Do not allow anonymous enumeration of SAM accounts and
shares
HKLM\System\CurrentControlSet\Control\Lsa\RestrictAnonymous = 1
Recommended Setting: Enabled
c) Network access: Let Everyone permissions apply to anonymous users
HKLM\System\CurrentControlSet\Control\Lsa\EveryoneIncludesAnonymous = 0
Recommended Setting: Disabled

*Turn - Off Autoplay.
http://www.dougknox.com/xp/tips/cd_autoplay_pro.htm
To Disable CD autoplay, completely, in Windows XP Pro
a) Click Start, Run and enter GPEDIT.MSC
b) Go to Computer Configuration, Administrative Templates, System.
c) Locate the entry for Turn autoplay off and modify it as you desire.
Alternative:
http://www.microsoft.com/windowsxp/downloads/powertoys/xppowertoys.mspx
Scroll down to Tweak UI, download TweakUI.exe
Once you've installed TweakUI you'll find a lot of options in it. To
turn-off Autoplay, in TweakUI expand My Computer, and then AutoPlay.
Click on Drives and uncheck the drive letter that you no longer want to
AutoPlay. Click on Apply and that's it. No more "what would you like me to
do" dialogs.
>
>> 3. Keep your operating (OS) system (and all software on it)
>> updated/patched.
>> 4. Reconsider the usage of IE and OE.
>> 5. Review your installed 3rd party software applications/utilities;
>> Remove clutter.
>
> i agree again
> but i'm a minimalist :D some people just like bloat
> and a whole desktop filled with icons is usually an indicator
> of this
>
>> 6. Don't expose services to public networks.
>
> is this really a problem if you have a NAT'ing router ?

It certainly can be :)

> a router shouldn't forward broadcasts and most of them
> don't allow unsollicited inbound connections

Well, have a good look here and be guided accordingly (tweak the way it
suits *you*). This can be a tedious exercise but will bear fruits later on;
Initiate a good record of your activities).
Beginners Guides: Understanding and Tweaking WindowsXP Services
http://www.pcstats.com/
Page 1: Beginners Guides: Understanding and Tweaking WindowsXP Services
Page 2: Which services are running?
Page 3: Getting Information on Specific Services
Page 4: Properties of Services
Page 5: Why do does WinXP need Services?
Page 6: What services should be running?
Page 7: Services to disable for better security and performance
Page 8: Creating your own services
Page 9: Creating Services Continued

Windows XP Service Pack 2 Service Configurations
http://www.blackviper.com/WinXP/servicecfg.htm#

Windows XP SP2 default Services #1.
http://www.ss64.com/ntsyntax/services.html

Default settings for services #2.
http://www.microsoft.com/resources/documentation/windows/xp/all/proddocs/en-us/sys_srv_default_settings.mspx?mfr=true

Note: SP3 has 4 additional Services viz:
1.Extensible AuthenticationProtocol Service
2.Health Key and Certificate Management Service
3.Network Access Protection Agent
4.Wired AutoConfig
Leave the default settings (manual).

>> 7. Activate the build-in firewall and configure Windows not to use TCP/IP
>> as transport protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP
>> ports 135,137-139 and 445 (the most exploited Windows networking weak
>> point) closed.
>
> how does one do that?
> are you talking about the Netbios over TCP/IP option
> in the NIC config iirc (the place where lmhosts is also present) ?
> or just disabling netbios all together, which is kinda bad advice
> since for most people with a home network
> netbios == their network
The only reasonable way to deal with malware is to prevent it from being
run in the first place. That's what AV software or Windows' System
Restriction Policies are doing. And what 3rd party Personal Firewalls
*fail* to do.
If on dial-up internet connection:
Activate and utilize the Win XP SP2 built-in Firewall; Uncheck *all*
Programs and Services under the Exception tab and review exceptions
frequently (the less exceptions the better).
Read through:
Deconstructing Common Security Myths.
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
Scroll down to:
"Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe."

Exploring the windows Firewall.
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx
"Outbound protection is security theater—it’s a gimmick that only gives the
impression of improving your security without doing anything that actually
does improve your security."

How to Configure Windows Firewall on a Single Computer
http://www.microsoft.com/technet/security/smallbusiness/prodtech/windowsxp/cfgfwall.mspx

Troubleshooting Windows Firewall settings in Windows XP Service Pack 2
http://support.microsoft.com/default.aspx?kbid=875357

Understanding Windows Firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

Using Windows Firewall.
http://www.microsoft.com/windowsxp/using/networking/security/winfirewall.mspx

Using the Windows Firewall INF File in Microsoft Windows XP Service Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=cb307a1d-2f97-4e63-a581-bf25685b4c43&displaylang=en

Deploying Windows Firewall Settings for Microsoft Windows XP with Service
Pack 2
http://www.microsoft.com/downloads/details.aspx?familyid=4454e0e1-61fa-447a-bdcd-499f73a637d1&displaylang=en

Manually Configuring Windows Firewall in Windows XP Service Pack 2
http://technet.microsoft.com/en-au/library/bb877979.aspx

7a. If on high-speed internet connection use a router in conjunction with
#7 and #8.

7b.Use Windows Firewall in conjunction with:
Seconfig XP 1.0
http://seconfig.sytes.net/
Seconfig XP is able configure Windows not to use TCP/IP as transport
protocol for NetBIOS, SMB and RPC, thus leaving TCP/UDP ports 135, 137-139
and 445 (the most exploited Windows networking weak point) closed.)
OR
Configuring NT-services much more secure.
http://www.ntsvcfg.de/ntsvcfg_eng.html

>> 7a.If on high-speed internet use a router as well.
>> 8. Routinely practice safe-hex.
>
> a hate that word !
> hex is not that easy and
> it takes most people amble time to tell me what
> 8146 is in hex

http://www.claymania.com/safe-hex.html
Hundreds Click on 'Click Here to Get Infected' Ad
http://www.eweek.com/article2/0,1895,2132447,00.asp

>> 9. Regularly back-up data/files.
>
> people who have no intention of learning how to automatize this
> and/or don't know how will get confused when they have to deal with
> multiple backups. as a result they'll tell you everything is backed up
> while it hardly isn't and they'll start blaming 'you' of removing their
> backups* and other evil stuff* if **** hits the fan.
>
>> 10.Familiarize yourself with crash recovery tools and re-installing your
>> operating system (OS).
>> 11.Utilize a real-time anti-virus application and vital system
>> monitoring utilities/applications.
>> 12.Keep abreast of the latest developments - ***** happens...you know.
>> The least preferred defenses are:
>> Myriads of popular anti-whatever applications and staying ignorant.
>>
> i agree we have to install mcafee here
> and a girl who just got a new pc managed to attract a worm in 2 days
> or so mcafee claims

A number of experts agree that the retail AV version of McAfee, Norton and
Trend Micro has become cumbersome and *bloated* for the average user and
can play havoc with your computer.

Removal tools for recent Mcafee products:-
Request assistance from here:
http://forums.mcafeehelp.com/
or download and run:
http://www.majorgeeks.com/McAfee_Consumer_Product_Removal_Tool_d5420.html
or
http://service.mcafee.com/FAQDocument.aspx?id=107083&lc=1033&partner=10005&type=TS
or
Download and run the McAfee Removal tool:
https://us.mcafee.com/root/MCPR2.exe
If you receive a security alert, click Yes.
Click Save to download the file to a location on your computer.
Navigate to the location where the file was saved.
Ensure all McAfee application windows are closed.
Double-click MCPR2.exe to run the removal tool.
Note: Windows Vista users must right-click and select Run as Administrator.
Restart your computer when prompted. Your McAfee products will not be fully
removed until you restart.

Good alternatives:
Avira AntiVir® Personal - FREE Antivirus
http://www.free-av.com/
You may wish to consider removing the 'AntiVir Nagscreen'
http://www.elitekiller.com/files/disable_antivir_nag.htm
or
Free antivirus - avast! 4 Home Edition
It includes ANTI-SPYWARE protection, certified by the West Coast Labs
Checkmark process, and ANTI-ROOTKIT DETECTION based on the best-in class
GMER technology.
http://www.avast.com/eng/avast_4_home.html
(Choose Custom Installation and under Resident
Protection, uncheck: Internet Mail and Outlook/Exchange.)
or
AVG Anti-Virus Free Edition
http://free.grisoft.com/
(Choose custom install and untick the email scanner plugin.)
or
Kaspersky® Anti-Virus 7.0 - Not Free
http://www.kaspersky.com/homeuser
or
ESET NOD32 Antivirus - Not Free
http://www.eset.com/

Why You Don't Need Your Anti-Virus Program to Scan Your E-Mail
http://thundercloud.net/infoave/tutorials/email-scanning/index.htm

and (optional)
On-demand AV applications.
(add them to your arsenal and use them as a "second opinion" av scanner).
David H. Lipman's MULTI_AV Tool
http://www.pctipp.ch/ds/28400/28470/Multi_AV.exe
http://www.pctipp.ch/downloads/dl/35905.asp
English:
http://www.raymond.cc/blog/archives/2008/01/09/scan-your-computer-with-multiple-anti-virus-for-free/
Additional Instructions:
http://pcdid.com/Multi_AV.htm
and/or
BitDefender10 Free Edition (*NOT FOR VISTA*)
http://www.bitdefender.com/PRODUCT-14-en--BitDefender-8-Free-Edition.html


> i told her the obvious thing is to flatten the system again, but she
> asked me if i could disable the pop-ups instead.

"The only way to clean a compromised system is to flatten and
rebuild. That’s right. If you have a system that has been completely
compromised, the only thing you can do is to flatten the system
(reformat the system disk) and rebuild it from scratch (re-install
Windows and your applications)..."
http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

<snip>

Good luck :)