www.zonelabs.com (http://www.zonelabs.com)

I found this from a link at www.grc.com (http://www.grc.com)
A very interesting site itself.
Yes it is free!

I was wondering if anyone is using it?
It looks a very interesting program.
Any comments on this would be appreciated
Cheers

Downloaded it.
It seems excellent. I went back to the Gibson website to find that I am now 'stealth'!
There has got to be a catch somewhere, right???
If you find it please let me know.

What does it do?

Shuts your computer's curtains to prying eyes on the www who like to have a good look in at you,so to speak.
Plus quite a few other things it says.

http://www.pprune.org/ubb/NonCGI/confused.gif

(Just bringing this thread to the top of the list)

AGAIN
:)

BTW, a good FAQ for ZoneAlarm can be found here (http://grc.com/cb-faq.htm#zause-trace).

I think it was squiddley who put me onto this little gem in a previous, extremely informative post - belated thanks btw Squidders.
I have tried quite a few of the supposed firewall programs that have been touted and at the risk of being well and truly dudded at some future date I will give ZoneAlarm a huge thumbs up, from my experience with it.
For the minor inconvenience of having to "authorise" all your legitimate traffic during the early days of setting it up, you end up with a docile little doberman that sits quietly in the background, albeit with a lot of barking if the number of hits my machine takes from net burglars is anything to go by.
I hope not to be disappointed again like I was with Lockdown 2000 but I am quietly confident that this program is exceptionally good at what it does and there is even a 2.1 Beta version available now that may even be better.
In short - spend the money and get it NOW - after all, it IS free !!!!

Im using Nukenabber 2.9b myself. Is ZoneAlarm just another fancy "Nukenabber" doing essentialy the same thing or is it something much better?

Slasher - I have only used one of the earlier versions of Nukenabber so cannot make a direct comparison. The ZoneAlarm does SEEM to be far more active. It appears that some sites request information from your machine or attempt to send same, in the background and I am seeing Zone Alarm activity here. For us mugs it is all relative anyway I suppose but I feel a lot more comfortable with this program than I did with Nukenabber.

My daughters 17 year old boyfriend hacked around "Nukenabber", "NetBus detective" "BO Detect" and "Cleaner" in under two days, just for fun. He's impressed with ZoneAlarm as he hasn't got through it in six weeks. Most teenagers can hack any un-protected PC by the time they are 14. It isn't long before they can get around simple protection. A firewall that screens the PC from internet scanning makes the PC 'invisible' and so less susceptible to hacking. Entry attempts are logged as they try to transit any of the PCs ports. ZoneAlarm users who are recording a lot of access hits probably have trojans (or spy-software embedded in free-ware downloads) on board transmitting to their base through the firewall by permission granted to the host program. Their base station is then aware of the internet connection, it's address and the port in use. The biggest risk to ALL PCs is invasion via ICQ chat, when other participants can pass through the firewall to plant a trojan. ZoneAlarm blocks access during subsequent sessions but the door is open during the current session. I'm impressed with ZoneAlarm and so far have seen no ill effects.

**********************************
Through difficulties to the cinema

great reply Blacksheep and informative too. I am happy that the ZoneAlarm is earning it's keep but as I have only used Bo detect and AVP for resident trojan detection, I would be very interested to hear your recomendation for a worthwhile program to do this with.

Slasher.

ZoneAlarm is a different kind of product. Nukenabber gives you a warning that someone is attempting to access certain ports (which you have to specify yourself as I understand it) and has tracing tools built in. As far as I know, it does not actually BLOCK access. ZoneAlarm is a software firewall. It BLOCKS access and alerts you if you want it to. Unless you have specifically configured ZoneAlarm to allow internet access to a certain program the firewall will not permit a connection - which stops Trojans and Spyware sneakily communicating behind your back. If someone probes one of your ports, ZoneAlarm suppresses any response - effectively your computer plays dead to encourage the kiddie to try somewhere else.

So far, I haven't seen any unfavourable comments about ZoneAlarm. Give it a try.

SeldomFixit.

You might want to follow this (http://www.commodon.com/threat/threat-detect.htm) link to see how you can detect trojans yourself.

Yeh Im sold on ZA. Checked out the sites nomenclature and it spoke of the problems of Nukenabber. Downloaded ZA and its great! I then deleted Nuke from my drive.
Thanks Zombie for your contribution. Id like to offer something in return if you havent already got them (both are freebies):

Neotrace: http://www.neoworx.com/

Atom time: http://www.atomtime.com/

Hi, just a quick question.

I have Norton AV 2000, but not a firewall. I update the AV every 2 weeks and scan my HD. Will this be enough to detect any "planted trojans"?

Well, it's obviously on your mind Snigs. If someone here said "Yep, your Norton thingie will do the job for you", would you really be happy? Remember that Norton AV will not stop some sad bastard accessing your PC and trashing your hard drive for the fun of it. Download ZA - peace of mind for free.

Mmmmm . . .

I downloaded ZA and set it up so it doesn't block ICQ or DialPad - oh yes, and McAfee Clinic too! Not too much activity spotted here, but I do seem to get "pinged" every now and then - who'd want MY data!!??!!

Got an interesting email this morning from someone with pseudonym "Arora" with an ISP that appears to be in GMT+5 (didn't think I knew anyone there!) and an attachment caled "Pretty Park.exe"

Ran the attachment through virus checker - no bad reports - but due to the circumstances of its arrival, I'm still not gonna run it!

Did "Arora" ([email protected]) get my name from someone else's circulation list? or perhaps there's another way that this can happen (the email address that I use normally is NOT the one that I use in "profiles", although that one is genuine too)

Any comments?? I'm rather intrigued!

Hey, I just got "pinged" again and noticed that the IP address ot the ping starts with the same two groups of digits as "Arora" - "212.100 . . ." I believe IP addresses are allocated on a roughly geographical basis - does that mean anything???

------------------
Flight Sims, very expensive toys - but real fun to play with!



[This message has been edited by ExSimGuy (edited 11 April 2000).]

ExSimGuy

I suggest that you read this report from McAfee (http://vil.mcafee.com/dispVirus.asp?virus_k=98500), and take the appropriate action.

DO NOT RUN THE ATTACHMENT

Oh, and it may be prudent to update your virus checker!

[This message has been edited by Snigs (edited 11 April 2000).]

Thanx Snigs,

No, I did not run it! I'm stoopid but not that much! I was pretty suspicious, even though I ran it against the VERY LATEST "McAfee online clinic" files (I updated them yesterday morning for that very reason) and it came up CLEAN according to the McAfee online service!

I have passed the URL that you sent me to a number of friends on my addres book who I know may open it without being so careful!

It's worth noting to everyone that opening ANY attachment, unless you ar 100% sure of it's safety, is a risky business! From what you sent me, it's a BUGGER to get rid of once you run the damn thing!

Thanx again!

ESG

As a result of comments here I have ditched "Nukenabber" and downloaded "ZoneAlarm".
So far I am very happy with ZA.
It seems also to be much more "user friendly" than NN.
Thanks for the tip.
:) :)

Firstly, thanks Max for that very useful and informative link.
Secondly, can so many paranoid people with just enough information to frighten themselves be wrong about ZoneAlarm ?
Nah - it's good kit - I am happy with that. The underlying thread here is the number of us who don't really understand the "horses for courses" aspect of different programs. As previously mentioned, Nukenabber ISN'T a bad program - it's just not as comprehensive as ZoneAlarm in the way it hides ALL the ports rather than those you manually ( or by default ) chose to guard with Nabber.
No one program is going to cover you for Trojan/virus/unauthorised access.
Use the experiences of those guys here who have used and tested the various programs and then make a reasonably informed decision on what you need to have running for peace of mind.
I respect the opinions of many of the contributors to this forum very much and will continue to use that experience as a part of my overall defence strategy.
Finally, for those of you, who like me are a little paranoid ( no doubt due in part to ignorance ) THEY ARE OUT THERE !!!! but with ZoneAlarm the bastards can't see me.

Am I being overparanoid? ZA seems to block certain intrusions that seem inocuous. Sometimes Ill get a block that Ive traced to pprune.org and I hardly think Danny is in the hacker business.

Heres another for example:

The firewall has blocked Internet access to your computer (TCP Port 2050) from 128.11.47.159 (HTTP).

Occurred: 9 times between 14/4/2000 10:15:36 and 14/4/2000 10:36:12

Now I put this IP address into Neotrace and got:

Node: 17 of 17

Name: Burstmedia27.cam-colo.bbnplanet.com

IP Address: 128.11.47.159

Geographic location unknown

Network: Bolt Beranek and Newman Inc

So is a [HTTP] a genuine hack? What about a block for [NetBIOS Name]? Must admit Im not too knowlegable in this area.

Slasher - I have wondered exactly the same thing myself. Certain miscreants out there want to get into your ( read that as anyone's ) system. I am certain some sites elicit info from your machine that you in the normal course of things would be unaware of. Perhaps the receipt of a cookie will trigger the ZoneAlarm BUT when all is said and done - Zonealarm BLOCKED and DROPPED the request. Sleep peacefully Slasher me old chum - they don't even know you exist now. Have you taken the GRC shields up test yet ?
Wonderful feel good value in that one even though the thinking man accepts that you are never totally fireproof.

Well, Burstmedia is an ad-company which specialises in 'niche' sites. Perhaps connected with the ads at the top of these pages?

At least three times now I have had the ZA 'window' come up asking if I want to accept Windows Critical Update, however, before I can say 'yes' and 'don't show me this again' all is gone, when I go to Windows Critical update it shows 'no updates available' - who do I believe?

I keep getting hits from ip addresses starting with 62.6, I can trae it back to the USA, but is there anyway I can send them a note to **** off and leave me alone?
:)

Am I paranoid or what! I havent had a single ZA alarm in the last 2 days! Have the b@stards figured out a way around ZA already?

Slasher - have you possibly unchecked the Pop up waening box ? Take a look under the "lock" tab when you maximose the control panel - you will find the checkbox there.

...or have you dropped your security levels to LOW, perhaps to allow eg. Neotrace to run, and forgotten to set them back to HIGH? Be afraid, be very afraid...

Incidentally, am I the only one who's getting p'ssed off at this flood control thing? It's probably OK for the one fingered typists, but I'm getting a bit hacked off at having to wait 5 minutes between posts.

Guys (esp Zombie and Slasher),

Thanks for all the top info. About 4 hours online later i'm much better informed, got my machine 'protected' AND i've got an accurate time from the Atomic Clock.

( ;) Oh, and i'm paranoid about internet security!!!! ;) )

Slasher et al,

you can run Atomtime & World clock together
and they update each other automatically.
I listed them both back in Oct in Laptop Essentials. :)

As for Zonealarm, I got fed up with all the popup warnings, so my jury is still out on that one.

Has anyone managed to get the ship's bells to work instead of Big Ben in WorldTime?

Blackadder.

You have two options then:

1. Disable the pop-ups. Next time one appears, check the "Do not show this in future" box. Should you wish, you can always turn notification back on again.

If you still want to know who has been trying to probe you (not a bad idea!) then

2. Download the latest beta version, which has worked perfectly well for me and keeps a log of access attempts which you can review at any time.

[This message has been edited by MAX REVERSE (edited 20 April 2000).]

addinfurnightem,

AFAIK, Windows Critical Update checks for updates quite regularly. My task scheduler says every 5 minutes, so I guess you'll be asked the question that often. I checked the box that says "Remember this for future requests?" (or whatever it says to that effect) and it's no longer a bother.

Interesting experience I've had with Zone Alarm: 2.0 works fine, but 2.1 trashes Windows Auto Update. I'm dead certain ZA 2.1 is the culprit as the problem goes away when I uninstall 2.1 and replace it with 2.0, and returns when I vice versa. Pity about that as I like the logging feature of 2.1 and I like Auto Update, but the two do not seem to like each other http://www.pprune.org/ubb/NonCGI/frown.gif

Anyone had similar experience?

A good companion prog to run with Zone Alert is Sam Spade from www.samspade.org/ssw/ (http://www.samspade.org/ssw/) It's an integrated suite of tools that help you to trace the source (and lots of other info) of suspect pings reported by Zone Alert - very interesting.

BTW, due to above experiences with Windows Update I have almost memorised a routine to fix a broken Windows Auto Update. If anyone wants it, I'll post it here - it's an amalgamation of steps taken from various articles from the MS Knowledgebase.

And many thanks to the contributors to this forum who put me firstly on to Web Washer and then on to the www.grc.com (http://www.grc.com) site, from which I learned about Zone Alarm. No ads, no extra windows, no intrusions. Very cool.

AA


[This message has been edited by Ausatco (edited 20 April 2000).]

MAX REVERSE

Please can you provide a URL for the latest beta version of Zone Alarm. I just don't seem to be able to locate it and would love to have a try of the latest software.

Many thanks

Exsimguy, sorry, was away some days, the email you mentioned is from the ISP

Global
Internet
Access
Server
Bangalore (server 01)
VSNL Pvt. Ltd.
which is the only (state-owned) Internet provider in India.


Arora" ([email protected]

Anon-x, you can get the latest, which is V 2.1.10, at http://www.zonelabs.com/download_ZAfree.htm

That is a recent full public release (7 April 2000) I don't know if there are any later betas.
AA

No my ZA settings were all ok thats why I got worried. I went to the Shields Up test page and everything works fine. Just panicked when everything went quiet for a couple of days. Today I managed to get 4 alerts from HKG and JPY. Now I feel better!
Yeh Blacks it was from your post where I originaly got AtomTime from. Im happy with AT but is World Clock better somehow? Dont use it myself.
Ausatco yeh could you post your Broken Windows Autoupdate Non-Normal checklist here? Thanks.

Thanks so much to everyone who has been posting here and on the 'hackers' thread, I have found your info to be most helpful and a bit scary too !!
On the suggestion of the majorities, I have just dowloaded ZA, and within minutes I had a little alert screen pop up on me!
I did have the Guard Dog program installed, but it certainly did not provide the info that ZA does.
The only problem is now I have to figure out how to drive the ZA program :) Any basic tips would be greatly appreciated, as I am not a computer buff by anyone's standards!
Thanks, once again for all the help thus far.

GG

Slash,
World Clock will allow you to setup a taskbar style list of cities with their local time.
It sits on your desktop and doesn't interfere with anything.
Marry it to Atom Time and it updates the correct time everytime you logon. Neat kit.
Have a look at the demo.

FL310

Thanks, I finally got a reply from the email I sent to "Arora" - it was the uncle of a guy I used to work with and who used me to send messages to his nephew. He hadn't realised that he had been "hit" and I sent him a copy of a file someone passed to me to kill the PrettyPark worm. (anyone wants a copy, email me - but if you need it please don't put me in your address book - I'm getting that one sent to me once every two days - I must have "unclean" friends!)

------------------
Flight Sims, very expensive toys - but real fun to play with!

Anon-X.

Sorry for the delay in replying. You can get the latest beta here (http://www.zonealarm.com/beta_download.htm).

------------------
Five sodding minutes! It's enough to make you click the ads out of sheer boredom.....aha!

[This message has been edited by MAX REVERSE (edited 24 April 2000).]

GG.

Set security levels to 'high; suggest you DON'T allow automatic access to any program unless it won't work without it (so you know that none of your programs can access the internet "behind your back"); switch off notification and get on with enjoying the internet.

If you want a good FAQ, (I'm tempted) click here (http://grc.com/cb-faq.htm). It has a good section on ZoneAlarm and the writer makes it easy reading.

------------------
Five sodding minutes! It's enough to make you click the ads out of sheer boredom.....aha!

[This message has been edited by MAX REVERSE (edited 24 April 2000).]

Max,

thanks for the FAQ address.

blackie

Ta Max.....much appreciated.

GG :)

News from the firewall newsgroup:

<Snip>

If one uses port 67 as the source port of a TCP or UDP scan, ZoneAlarm will let the packet through and will not notify the user. This means,that one can TCP or UDP port scan a ZoneAlarm protected computer as if there were no firewall there IF one uses port 67 as the source port on the packets.

<Snip>

Apparently the latest beta closes this loophole. The url is in one of my posts above. Suggest you download it!

[This message has been edited by MAX REVERSE (edited 26 April 2000).]

World Time will update the time automatically when you log on if you check the :"I am using a modem" box under "Network Preferences"- you don't need to marry it with Atomic time.

The list of cities is good.

Slasher,

I haven't forgotten about posting my non-standard checklist for fixing a broken Win98 AutoUpdate. Been a bit busy, will get to it ASAP.

AA

AUSATCO - Many thanks.

Has anybody out there used both ZA and Black Ice and care to compare the advantages and disadvantages of both programs?

Yeh thanks AUS. No hurry.

wingslevel - i don't think blackice is much cop - they are currently refunding my money due to the bugs in the program.
just about to try zonealarm

Slasher,

I've written up my method for fixing a broken Windows Update. In the delay between when I first posted and now, I've found out a bit more but not enough to make a nice tidy short checklist. It runs to 9 pages! (including explanations)

I don't think I should post it here fro two reasons

1 It is too long

2 It is a cut and paste of three articles from Microsoft's knowledge base, and all their stuff is copyrighted. Would be the wrong thing to do for me and the Captain to have it appear here.

I'll email it to you and if anyone else is interested I'll email it to them too - just express interest here.

If anyone's interested, the MS Knowledge Base articles are Q193657, Q243787 and Q195155. There's other stuff there on the same subject. www.microsoft.com (http://www.microsoft.com) , and follow the links through Support. Search on windows update and also java.

AA

[This message has been edited by Ausatco (edited 10 May 2000).]

I downloaded ZA after reading this thread. I've had it for 3-4 days now; I've noticed that I get the most alerts when I'm on pprune...strange (2 alerts in last 15 mins).

------------------
rgds Rat

Excuse my ignorance chaps but could some tell me what is meant by the term Trojan, as used at the begining of this posting.

Thank you

FBW.

Try reading this (http://www.cert.org/advisories/CA-99-02-Trojan-Horses.html).