http://home.att.net/~wymette programs cc: AptivaNotes Zone Alarm notes Teal Forum Regular posted 05-12-2001 09:06 AM -------------------------------------------------------------------------------- I installed the lastest version. I must say it's pretty neat. Upon visiting my homepage, Zone Alarm did let the tracker know the browser I'm using, but it refused to let the tracker recognize the operating system version. Anyway... Since I'm new to the program, anything I should know?..... do that is not default?...... definitely not do?..... any limitations on performance some of these settings might have? And thank you Jim! I have gotten rid of the splash screen as per your direction. But I been able to stop it from running at start up, and click to start it from a task bar shortcut, and I still don't see the splash. I'm happy. IP: 64.111.4.240 DON5408 Webmaster posted 05-12-2001 12:57 PM -------------------------------------------------------------------------------- "Since I'm new to the program, anything I should know?..... do that is not default?...... definitely not do?..... any limitations on performance some of these settings might have?" OK, here is a response I made to a similar request in an earlier thread which includes my own settings preferences and initial recommendations. Note that some of these settings are of less consequence than others and are largely matters of personal preference. "I am going to have to learn how to use Zone Alarm" Well that's an easy one...if you're the curious type you can use ZoneAlarm to keep tabs on who's sniffing around your PC's butt, however other than that after setting up ZoneAlarm you really don't have to do anything with it at all, with the alerts option disabled it sits unobtrusively in your taskbar tray and does it's thing without bothering you or requiring any maintainence. The only time you really have to make any decisions is when you initially install it and set it up. After loading ZoneAlarm the first time you use each of your programs which connect directly to the Internet you'll be prompted if you wish to allow that to happen. Provided that you recognize the program referenced and it's clearly something which you want to have able to access the web at will just check the "remember this answer" box and click the Yes button. You'll have to do this once with each of your programs which access the web (IE, Netscape, AOL, MediaPlayer, Real Player et al) however as long as you check the "remember" box you will only be asked this ONCE for each program. As far as the 'alerts' that's up to you...personally I'd suggest turning them OFF however you may want to enable them at times just to see who may be snooping inappropriately. You'll likely find that many times daily various IPs will attempt to ping or access your system for one reason or another...many of these accesses are legitimate, others likely aren't...however ZoneAlarm will block all of them so you really don't have to be bothered with being notified via a pop up message of each and every incident unless you want to be. If you don't uncheck the "Show the alert pop up window" box on the Alerts tab. Suggested Zone Alarm Settings: Alert tab - "Log alerts to a text file" CHECKED - "Show the alert pop up window" UNCHECKED Lock tab - Automatic Lock DISABLED Security tab - Local Security Level = MEDIUM - Internet Security Level = HIGH Programs tab - CHECK MARKS next to programs which you want to be able to access the web without ZoneAlarm asking you - QUESTION MARKS next to programs for which you want ZoneAlarm to ask you before allowing access - X MARKS next to programs which you don't want to be able to access the web under any circumstances Configure tab - "On top during Internet activity" CHECKED - "Load ZoneAlarm at startup" CHECKED - "Yes, I want to check for updates automatically" UNCHECKED Other than again that once you get ZoneAlarm set up you don't do anything with it or to it to use it, it'll load automatically at startup and as long as you see it sitting in your taskbar it's active and blocking all outside access to your PC. "I been able to stop it from running at start up, and click to start it from a task bar shortcut" hummm, I'm curious, why force the extra step? While personally I'm big on disabling TSRs which I don't need running 24/7 and loading them on an as needed basis (ex: the HPSJVXD and STIMON TSRs required to use my scanner) it would seem to me that on a system with an "always on" constant Internet connection ZoneAlarm would be a textbook example of a program one would want to have running at all times, no? Like any decision concerning personal security I think that once the decision has been made that some form of protection from intrusion is needed in order for the protection to have maximum value it has to be implemented consistantly. Having the strongest door and the best lock in the world won't help if when you leave your home you only lock the door *some* of the time. ------------------ Best wishes, Don IBM Aptiva models: 2176-C66@400MHz (Win98) and 2137-E85@300MHz (Win98) Homebuilt systems: 200MHz (Win98) and 900MHz (Win98/Whistler BETA2) [This message has been edited by DON5408 (edited 05-12-2001).] IP: 24.229.58.157 Teal Forum Regular posted 05-12-2001 01:25 PM -------------------------------------------------------------------------------- Thanks, Don.. I should have added, "besides the basic setup and options", which I did get through okay. My answer to your 'why force two steps' may make my question more specific and probably how I should have worded it to begin with. On my DSL connection, I get a new IP each time I sign on... therefore, did not think I was on all the time, after disconnecting or prior to connecting. And I sign on by going through a tcp/ip 3com adapter. First, I assumed if I do not sign on with my username and password, I'm not hooked up to the net, (I often use the system without connecting) and second, assumed if my external modem is powered off, I too am not hooked up, or in harms way, even if it's wires are all connected. Also, there are times my modem is unplugged from the phone line, since the Dell is on the floor at the moment --- wires ALL OVER THE PLACE, and I type while sitting on hard oak. (And Ben wants me to run benchmarks :) To make things a little more neat around here, I unplug the modem from phone line often. So why force it? Because from the above, whether taking one of those into account or a combo thereof, I assume I'm not connected or in need of Zone Alarms blocking ability all the time. It's start up is right near my DSL connect start up... so simple enough to click one and then the other. I'm sure, once the Dell is where it should be (on a desk) and once I get it set up to my liking, I'll probably put Netscape (-> DSL connect) and Zone Alarm in Startup. But for now, I'm still using the Aptiva on dial up most of the time, to get finished with this semester --- lots of school info on it. My real question was more this --- If I'm assigned a different IP each time I access the net, my ISP must contact my system. I can see Zone Alarm notify me of this, and then deny access. I wonder if it's needed to contact, shouldn't I enable something to let it do so. Or does Zone Alarm know upon connect to let your ISP get in to assign an IP? If not, or if it can mess up on occassion by not letting it, I wondered if I could somehow enable Zone Alarm to let my ISP into my system. Their IP changes all the time, and doing a mindspring.com.. .net.. Earthlink.net.. and all others I ran tracert on don't seem to get the correct block of IP addresses. [This message has been edited by Teal (edited 05-12-2001).] IP: 165.247.39.132 Steve S Forum Regular posted 05-12-2001 02:46 PM -------------------------------------------------------------------------------- Hi Teal, Here is the Zonelabs faq on DHCP: http://www.zonelabs.com/services/support_common.htm#21 It looks like you are one of the ones who doesn't have to do anything. Best, Steve S IP: 24.16.128.35 Teal Forum Regular posted 05-12-2001 03:26 PM -------------------------------------------------------------------------------- Thank you Steve! That's just what I was wondering. I checked the included text file and html, but your url is MUCH better. I didn't read the thread Don sent me to before, but tried a short time ago. Where is obs?... with that huge, blinking, red text. I had to use IE to read it. Funny all the near debates about dsl and cable, which is better.. and on and on. I'm just glad we have it, as I used a 2400bps modem not too long ago. Heck! Try it all, and just enjoy it. Btw, Ben.. if you are reading this -- I had no idea you are in the 'city'. Now about this POTS and dsl being so old. I'm on Long Island. And we have had cable tv service for MANY years..... almost since I was born... 37 years ago (?), and many of those cables are just as old as the POTS out here. I'm glad parts of NYC finally got cable. But afterall, if we didn't have it out here, we'd have only a couple of station to watch with an antenna, years ago, while NYC had all those stations. I do not think age of the lines count so much as the technology put through them, and that includes cable and POTS. I really think it's all in what you prefer, what you can get, what you like. Cable is good near me too. But I'm not paying for both. I think it's better we all have a choice, and I'll support the little guy for now. That thread was really funny. Thanks for pointing me to it Don. (Were you surprised I got my service so fast, Steve? -- I know I was........ I was prepared to wait six weeks.) ****** Oh heck.. what am I saying? You mean fiber optic cable lines. -- sorry--- hardly any sleep last night. But still.... even if a POTS was newly installed, would that make it just as good as cable in your eyes? *** Boy did I mess up. Back to Finals for me. Or maybe a nap. Can I blame obs for the red blinking text? [This message has been edited by Teal (edited 05-12-2001).] IP: 165.247.39.132 DON5408 Webmaster posted 05-12-2001 03:58 PM -------------------------------------------------------------------------------- "On my DSL connection, I get a new IP each time I sign on... therefore, did not think I was on all the time, after disconnecting or prior to connecting. And I sign on by going through a tcp/ip 3com adapter. First, I assumed if I do not sign on with my username and password, I'm not hooked up to the net" Gotcha. While the fact that your service is using DHCP wouldn't preclude the type of "always on" perpetual Internet connection I'm accustomed to with cable if the way your setup is currently configured you are "signing on" with a username and password as one would with a dial up ISP that's a distinctly different scenario from most broadband setups in which if the PC is ON, it's ONline. "if my external modem is powered off...my modem is unplugged" Absolutely, if you pull the plug or shut off the modem there's no need for ZoneAlarm at that point in time. I was simply thinking in the context of a conventional always on broadband connection and wondering why one would want to have to start a program manually which is required at all times. If your particular use is such that the protection of ZoneAlarm is NOT required every moment the PC is powered up that solution makes perfect sense...in fact that's exactly what I would do myself if I wanted to use ZoneAlarm while connected on a system with a dial up modem or any other situation where a substantial period of time is spent without an active Internet connection. "If I'm assigned a different IP each time I access the net, my ISP must contact my system. I can see Zone Alarm notify me of this, and then deny access. I wonder if it's needed to contact, shouldn't I enable something to let it do so. Or does Zone Alarm know upon connect to let your ISP get in to assign an IP? If not, or if it can mess up on occassion by not letting it, I wondered if I could somehow enable Zone Alarm to let my ISP into my system." Well this will likely vary depending on the network configuration however FYI while my cable ISP assigns static IP addresses my router is set up as a DHCP server and this hasn't caused any problems or required any special steps on the systems I have here on which Zone Alarm is active. ------------------ Best wishes, Don Author Topic: Zone Alarm Update Jim Forum Regular posted 08-04-2001 05:46 PM Two days ago you could get free version 2.6.231 at http://209.122.173.44/za_download_update_2.html but I just checked it again and could not get through. Maybe it is just too popular. But here is another site for download http://www.wilders.org/downloads.htm ------------------ Jim Aptiva 2137-E85 WIN98, IE5.5 SP 1, Comcast Cable connection, USB Ethernet Adapter, ZoneAlarm Jane Forum Regular posted 08-04-2001 06:06 PM HI: I just went to Google, searched Zone Alarm, then to their home page and on to download site...seems to be working just fine now. I really like Zone Alarm. ool: I installed it about two weeks ago. It's so easy to use. I tried Tiny but it had NO help file. ------------------ Thanks Jane 2162 S9C, Win95 4.00.95b, OSR 2.1, 5/15/97, 64MB RAM, HP DeskJet 694C, Philips 3610 CD-RW, Umax Astra 2000U Scanner Netscape 4.7, IE 5.0 hewee Forum Regular posted 08-04-2001 06:21 PM Jim, Thanks Jim, wilders.org is a great site. You can also get from the http://www.wilders.org/free_tools.htm page other ZonAlarm add-ons. ZoneAlarm Log Lookup converts all IP addresses in hostnames Zonelog Analyzer v1.01 added 06/10/01 displays ZonAlarm log file, lots of extra features AlarmStat shows numerous statistics for events in the ZoneAlarm log file, nice extra features Mynetwatchman added 16/07/2001 centralized firewall log analyzer for BlackICE and ZoneAlarm. Decodes, analyses, backtraces, filters the log file. Automaticly escalates appropriate incidents to the responsible site owner/ISP and provides full feedback (read FAQ!) hewee Forum Regular posted 08-04-2001 07:45 PM It's also available for download here: CNET Downloads: ZoneAlarm http://download.cnet.com/downloads/0-10105-108-57636.html ------------------ 2137-E14, 166MHz, 64 MB SDRAM Windows 95B, OSR 2.1 Dell Dimension 4100, 800MHz, 128 MB SDRAM Windows 98SE Wino Forum Regular posted 08-04-2001 08:30 PM Be careful on the CNET site - on Thursday all their links to download (even for the free ZA) took you to the PRO version download of ZA for 30 day trial. Wino MKR Forum Regular posted 08-04-2001 10:41 PM Wino, I had the problem that on CNET it downloaded the trial version of ZoneAlarm Pro. It turned out that in the meanwhile ZA corrected that sitution and apologized for the misdirection. If anyone has downloadded and installed that trial version and wants to go back to the free version, remove the trial version first! Wino Forum Regular posted 08-05-2001 03:12 AM quote: Originally posted by MKR: Wino, I had the problem that on CNET it downloaded the trial version of ZoneAlarm Pro. It turned out that in the meanwhile ZA corrected that sitution and apologized for the misdirection. If anyone has downloadded and installed that trial version and wants to go back to the free version, remove the trial version first! MKR, Also be prepared to remove files of the pro version + renaming one or two to be able to re-install the free version - I KNOW - in my infinite wisdom along with a large brain fart, I went through the pain - took me two hours to get back to the free version on my office machine. Wino MinnesotaMike Forum Regular posted 08-05-2001 11:20 AM Jim, Thanks for the info. I went to the CNET site and upgraded my program in just a few minutes. I did not get the trial version and it transferred all my settings without a problem. Thanks! ------------------ 2176-C66, Philips 17" monitor, Win 98, Netscape Comm. 4.7, Norton 2000, Powerleap K6-3 400, USR 56K modem, SB AWE64 Value, ATI Expert@Play 98, 96MB RAM, WD 4.3 slave drive, HP USB scanner, @Home cable Internet service Jim Forum Regular posted 08-05-2001 12:51 PM In spite of what ZA said/says on their site the free version of ZA 2.6.88 had MailSafe protection for all 37 file types (just like the Pro version) that could carry viruses, etc. in email attachments. I wonder if the latest v2.6.231 still offers this goodie, or if it is one of the "updates" to revert to protecting only against .vbs. I have not yet installed v2.6.231 so cannot answer my own question. If anyone who has installed it is willing, please report whether v2.6.231 MailSafe protects against file types like .js, .exe, .wsh, and .bat. You can determine that by sending yourself such a file as an email attachment or you can run Regedit for ZAMailSafeExt. That will show you all the protected file types one by one (each time you hit F3) in the left pane. The thing to look for is an open folder. The file type info in the right pane is coded, like zla or z0, so not too informative. Many thanks. ------------------ Jim Aptiva 2137-E85 WIN98, IE5.5 SP 1, Comcast Cable connection, USB Ethernet Adapter, ZoneAlarm Ramona Forum Regular posted 08-05-2001 02:27 PM Jim, You are on the mark, with 2.6.88, and I have 37 email attachment file ext. that are protected! Thanks for that tip. However, as you said, on the ZA site, their grid show only one email attachment protection file ext.: http://www.zonelabs.com/zap26_za_grid.html That's definitely a downer, and I may just stick with 2.6.88 a while longer, until someone lets us know if this is true. quote: you can run Regedit for ZAMailSafeExt. That will show you all the protected file types one by one (each time you hit F3) in the left pane. The thing to look for is an open folder. The file type info in the right pane is coded, like zla or z0, so not too informative. Look at the toolbar at the bottom of your regedit screen, and you will see the complete key name, e.g.: MyComputer\HKEY_CLASSES_ROOT\.ADE Much easier on these eyes than trying to spot that open folder! Ramona ------------------ 2137-E14, 166MHz, 64 MB SDRAM Windows 95B, OSR 2.1 Dell Dimension 4100, 800MHz, 128 MB SDRAM Windows 98SE Jim Forum Regular posted 08-05-2001 02:35 PM If anyone still has trouble getting the new ZA download, you can also try "Check for Update" on the ZA Control Center Configure tab. ------------------ Jim Aptiva 2137-E85 WIN98, IE5.5 SP 1, Comcast Cable connection, USB Ethernet Adapter, ZoneAlarm Jim Forum Regular posted 08-05-2001 06:11 PM Ramona and All--From another source I have heard that v2.6.231 still does protect email attachments from all 37 "bad" file types. Also an easier way to scan for the protected types is to go to Regedit| HKEY_LOCAL_MACHINE\Software\Zone Labs\ZoneAlarm\MailSafe Extensions Hewee--What does Zone Alarm Log Lookup do that More Info on the Alerts tab in Zone Alarm, itself, does not do? ------------------ Jim Aptiva 2137-E85 WIN98, IE5.5 SP 1, Comcast Cable connection, USB Ethernet Adapter, ZoneAlarm hewee Forum Regular posted 08-05-2001 11:10 PM Jim, "Hewee--What does Zone Alarm Log Lookup do that More Info on the Alerts tab in Zone Alarm, itself, does not do?" Look here. http://www.tznet.com/ghost/ hewee Gordon99 Forum Regular posted 08-06-2001 10:58 AM Hi Jim, I just installed Zonealarm ver 2.6.231 and have been testing the mailsafe feature by sending e-mail attachments to myself. It did change the VBS file attachment to ZLV when I received it. Then when I attempted to open this attachment, I got the ZoneAlarm warning box stating that this was a VBS file and gave me the options of (run) or (do not run). That worked great for VBS files. However, I can not find where it blocks or warns me for any other file extensions. Is this something that I have to configure and if so, how do I do that? Gordon After reading your post again, I see you were running ver 2.6.88. I have located a copy of that old one and will get it downloaded and saved before it goes away. Thanks Gordon ------------------ Aptiva 2158-270, Win98 ver 4.10, IE 5.5, monitor IBM 2237-00N USB dev = HP8230e CD-RW, Acer 640u scanner, Kodak DC240 camera Jim Forum Regular posted 08-06-2001 03:07 PM Hewee--Thanks! Understand now. Scary the tremendous increase in hits in the last few weeks. Many are from other PC's using the same ISP I do. Wonder if that means they are infected with something which automatically sends out attempts to infiltrate other PC's? As I understand SirCam, for example, however I think my email address has to be in the affected PC's address book. SirCam does not just send out messages at random. As you know ZALog Lookup indicates which attempts are sub-7 trojans. I have not seen indication of other viruses, trojans, etc. Don't know if that means no hits of those types have been attempted or whether ZALog Lookup does not flag these. ------------------ Jim Aptiva 2137-E85 WIN98, IE5.5 SP 1, Comcast Cable connection, USB Ethernet Adapter, ZoneAlarm Jim Forum Regular posted 08-06-2001 03:21 PM Gordon99--I have updated to ZA2.6.231 and find 1) .exe and .bat email attachment files (the only ones I've tried so far) are still flagged in addition to .vbs. The mechanism is the same as for .vbs. The attachment line in the email has the red/yellow ZA icon instead of the normal MS icon. The file extension code is, unfortunately, in the ZA system (i.e. .exe becomes zl9), so maybe you want to make yourself a list of the ZA codes which can be done from the info in your Registry. 2) the list of MailSafeExtensions in HKEY_LOCAL_MACHINE\Software\Zone Labs\ZoneAlarm\MailSafe Extensions remains at 37. So unless you find ZA is not flagging .exe, etc. when you send an email attachment to yourself, I suspect all is well and there is nothing more for you to do. 3) instead of just opening email attachments I "Save" them and then scan with AntiVirus. You can also right click on the saved attachment file, click on Properties and see whether the true file type is as represented by the attachment's icon. You may know that files can be sent as xxx.txt.vbs, but all you see in the attachment icon is xxx.txt unless you go to Properties. ------------------ Jim Aptiva 2137-E85 WIN98, IE5.5 SP 1, Comcast Cable connection, USB Ethernet Adapter, ZoneAlarm Gordon99 Forum Regular posted 08-06-2001 06:04 PM Jim, Thanks for the reply. (So unless you find ZA is not flagging .exe, etc). Yes that is what I was saying. The registry has all 37 file types, as it should. I sent myself 3 test e-mails with attachments. One each of VBS, EXE, and BAT. When the e-mails were received, the VBS file entension was changed to ZLV. The extension for the other 2 did not change. There must be some configuration options to control what mailsafe will flag, and I have not found that yet. Thanks Gordon ------------------ Aptiva 2158-270, Win98 ver 4.10, IE 5.5, monitor IBM 2237-00N USB dev = HP8230e CD-RW, Acer 640u scanner, Kodak DC240 camera