Print

Please login or register.
1 Hour 1 Day 1 Week 1 Month Forever
Login with username, password and session length

[roseway]

Yes, I don't doubt that ZA is useful in that way, and there shouldn't be any problem in using it together with a router firewall. Dialling home isn't a problem I have to suffer from, thankfully.

[guest]

Users of Zonealarm may wish to stop their machines doing a Windows update this month :

http://www.theinquirer.net/gb/inquirer/news/2008/07/09/microsoft-update-kills

[scottiesmum]

I found this topic very interesting ..... about December 2007 I had a BIG problem with my machine, a general slowing down to snails pace,  system kept closing down, and then telling me it couldn't find the OS, and lots of other niggles.    I received a lot of help from Dave (Accordion) but in the end I had to visit 'my computer lady'  ..... during her 'inspection'  she questioned the firewall I was using, Zone Alarm,  and the Anti Virus-  Avast.  Following an intensive search she said there was nothing actually wrong with the system, and advised me to uninstall  EVERY hardware item, and reinstall.  She also told me to get rid of ZA and that Avast was having some problems and I would be advised to change that too.   When I queried her regarding ZA she asked WHY I had that installed when XP has it's own Firewall.  I gave her the  "standard" answer that XP Firewall was only one directional and therefore didn't offer the maximum security ....she looked puzzled and said that she used only the XP Firewall on ALL her several  computers, for  business and home and had no problems.      I followed her uninstalling/reinstalling  advice, changed my AV and then pondered long and hard about ZA .....finally I got rid of it and used the XP Firewall.  Following ALL this my machine ran  like an express train  (the TGV  in fact  )  I have done stealth tests from time  to time since and this is the latest one I did this morning, the results have all been the same .

(Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
   Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.)

I just thought it was interesting and wonder what others think  .... apart from that I'm mad of course 

[roseway]

You're mad (Sorry, couldn't resist it)

My view is that you don't need a 2-way firewall to protect your computer, but there are some possible consequences of not filtering outgoing traffic. There's the "dialling home" possibility which has already been mentioned, so you might unknowingly be giving information about your computer setup to a company whose software you just installed. And if you get a virus you might unknowingly be propagating it, or attacking other sites or whatever, because your outgoing traffic is unrestricted. Whether these issues apply to you depends on how you use the 'net.

[scottiesmum]

Eric  ...... (I'll forgive your crossed out comment  )     I hear what you say about the 'dialling home'  ....but does the paragraph from the Shields Up test


  Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet. 

not cover this aspect ....?     Now, that question could just prove  I'm mad      but I have NEVER pretended to understand ALL the workings of my system  (computer system that is  )   so I bow to your, and others,  expertise on this ... 

[roseway]

No, all that report means is that it's not possible to break into your computer from outside. But there's nothing there to stop software on your PC sending information out

[scottiesmum]

Ooooooooooooooooooooooooooooooooooooooooooh  !!        Thanks Eric.... I'll have to be careful where I go 

[Accordion]

I know what your computer lady said Kate, but I stand by Zone Alarm and have installed it for most of my customers too. The only people who ever seem to have 'problems' with it are other so-called computer experts.

If you have a router, and you have the Windows firewall too, then you are safe from anyone trying to get into your computer from Internet-land. The real advantage of ZA is preventing the sending out of a virus plus stopping the multitude of programs that want to call home without need. that to me is a biga advantage.

[kitz]

Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests).

And why do so many people have MTU problems?  Turning off ICMP breaks PMTU Discovery.
Unfortunately most home routers and many firewalls cant distinguish between ICMP pings and instead disallow all ICMP requests.

RFC 2979

ICMP messages are commonly blocked at firewalls because of a
   perception that they are a source of security vulnerabilities.  This
   often creates "black holes" for Path MTU Discovery [3], causing
   legitimate application traffic to be delayed or completely blocked
   when talking to systems connected via links with small MTUs


So what if someone can PING your router? 
Most routers have separate firewall detection rules for such things as PING of death etc anyhow.
All that ICMP ping does is allow someone to know that theres a connection up at that IP address.  As long as the rest of the system is secure then theres not else much they can do.

Outside of grc.com you will find many reports about theres no big deal about allowing your router to respond to ICMP, and that by denying ICMP "it can break the internet".

[scottiesmum]

I've taken on board everything Dave,Eric and Kitz have said, and I now have a fully fledged firewall again ....  many thanks.   

[Yorkie]

Got my updates today and installed, I did see the warning about ZA before doing so, but I only have it set on medium anyway so no problems.

Like Accordion I like ZA because you can specify who gets to access the internet, sometimes it can be a pain resetting everything after an update, but I'll live with that.

[kitz]

oops I just reread my post again and it sounded a bit like I may have been having a go at some of the users in here.   I wasnt.

The grc.com is an excellent site and has some very useful tools.. its just that many techies disagree with the way Steve Gibson has approached the ICMP pings on that test, so that its scared many users into thinking theyre not secure if their router is pingable.

[scottiesmum]

Kitz, For me personally, can I just explain that a lot of the language used in the result from the Shields Up Test means zilch   .....I can speak French, get by comfortably in Spanish, and Italian and STILL have a smattering of Russian    .....BUT computer speak is completely beyond me .....  the only thing that pings in my home is elastic, the microwave and the oven     Your comments and assistance, and those of Dave (Accordion, my own oracle !) and Eric (even if he does think I'm mad    ) are extremely valuable to me and I take notice.   My computer lady here is super and has helped me out of a lot of tricky situations and at very little cost, sometimes, no cost at all .....  typically French she does  have a wonderful que sera sera way with her  ...... so in this instance I've taken note - hence Firewall installed.....   I read some of the questions on here sometimes and my mind boggles  .....  and then I read the replies which sort people out  !!!!  and my mind boggles even more   ......   I know that on perhaps 2 occasions I have come up with a remedy ....  but they are few and far between       .....    many thanks to all again. 

[Floydoid]

the only thing that pings in my home is elastic,

I'm not even going to ask 

[scottiesmum]