ZoneAlarm loading last.

  • Thread starter Thread starter nemo
  • Start date Start date
N

nemo

WinXP and broadband.
With ZoneAlarm loading last in my start-up sequence, am I at any risk from
the UnGodly seizing on my machine before the firewall initialises?
I ask 'cos I keep getting asked by a local county-wide charity to set-up
their volunteers' computers and I'd hate to look a right eejit by installing
ZoneAlarm on their machines only for it to fall at the first hurdle.
 
WinXP and broadband.
With ZoneAlarm loading last in my start-up sequence, am I at any risk
from the UnGodly seizing on my machine before the firewall
initialises? I ask 'cos I keep getting asked by a local county-wide
charity to set-up their volunteers' computers and I'd hate to look a
right eejit by installing ZoneAlarm on their machines only for it to
fall at the first hurdle.
Click to expand...

You bet it can be beaten at boot, because third party PFW(s) are not an
integrated part of the O/S and they are unable to get to the TCP/IP
connection first before anything else can. You would have to know what
registry hacks on the dependencies for services that provide the network
TCP/IP connection and configure them that they couldn't start without ZA
or any other PFW solution starting first. That I know of, 3rd party PFW
solutions do not jack around with other service's dependencies,
especially O/S ones. Yes, you could hack the registry yourself *not
recommended*.

MS made a change in the XP FW so that it will get to the TCP/IP
connection first at boot before anything else can to protect the TCP/IP
connection, since it is an integrated O/S solution.

I am not going to stake my life on it, but I did try some of the more
popular PFW(s) full trail versions and free ones as to what was happening
in the boot and logon sequence by installing Gator on the machine and
setting rules to block Gator by IP(s), Domain Names(s) and use the PFW"s
App Control to stop execution and/or make contact with the remote sites
and Gator beat them every time at the boot and logon sequence and Gator
had the ability to start switching IP(s) too.

You can test it for yourself with some of the PFW solutions by using
Active Ports (free), putting a short-cut for Active Ports in the Start-up
folder and setting AP's refresh rate to high, installing Gator and boot
machine and see what happens, along with using a packet sniffer like
Ethereal. You'll most like find that Gator has made contact with several
IP(s) and has sent packets to them before the PFW can get to the TCP/IP
connection and stop it. You don't boot the machine and you'll have no
problem.

Not even with IPsec that's on the Win 2K, XP and 2K3 O/S that the rules
set in IPsec could stop Gator at the system boot and logon.

Duane :)
 
Duane said:
You bet it can be beaten at boot, because third party PFW(s) are not an
integrated part of the O/S and they are unable to get to the TCP/IP
connection first before anything else can. You would have to know what
registry hacks on the dependencies for services that provide the network
TCP/IP connection and configure them that they couldn't start without ZA
or any other PFW solution starting first. That I know of, 3rd party PFW
solutions do not jack around with other service's dependencies,
especially O/S ones. Yes, you could hack the registry yourself *not
recommended*.

MS made a change in the XP FW so that it will get to the TCP/IP
connection first at boot before anything else can to protect the TCP/IP
connection, since it is an integrated O/S solution.

I am not going to stake my life on it, but I did try some of the more
popular PFW(s) full trail versions and free ones as to what was happening
in the boot and logon sequence by installing Gator on the machine and
setting rules to block Gator by IP(s), Domain Names(s) and use the PFW"s
App Control to stop execution and/or make contact with the remote sites
and Gator beat them every time at the boot and logon sequence and Gator
had the ability to start switching IP(s) too.

You can test it for yourself with some of the PFW solutions by using
Active Ports (free), putting a short-cut for Active Ports in the Start-up
folder and setting AP's refresh rate to high, installing Gator and boot
machine and see what happens, along with using a packet sniffer like
Ethereal. You'll most like find that Gator has made contact with several
IP(s) and has sent packets to them before the PFW can get to the TCP/IP
connection and stop it. You don't boot the machine and you'll have no
problem.

Not even with IPsec that's on the Win 2K, XP and 2K3 O/S that the rules
set in IPsec could stop Gator at the system boot and logon.

Duane :)
Click to expand...

I have read that you shouldn't run 2 firewalls at the same time but I
use Sygate Personal Firewall along with Windows Firewall(WinXP Pro).
What I haven't seen is the reason why I should turn off WF.
I don't have a router and use my XP box as ICS.
-max
 
nemo said:
WinXP and broadband.
With ZoneAlarm loading last in my start-up sequence, am I at any risk from
the UnGodly seizing on my machine before the firewall initialises?
I ask 'cos I keep getting asked by a local county-wide charity to set-up
their volunteers' computers and I'd hate to look a right eejit by installing
ZoneAlarm on their machines only for it to fall at the first hurdle.
Click to expand...

How do you know it loads last? Because the icon in the tray appears
last? Not a good indicator.

I suspect the ZA core component loads as a service. That means it loads
at about the same time as your network connections. What you're seeing
in the tray is likely the control center.

If you're worried about the unGodly, make sure your system is well
patched and remove any superfluous services, like print and file
sharing. Buy a bottle of Meyers, get some ice and chill.
 
I have read that you shouldn't run 2 firewalls at the same time but I
use Sygate Personal Firewall along with Windows Firewall(WinXP Pro).
What I haven't seen is the reason why I should turn off WF.
I don't have a router and use my XP box as ICS.
Click to expand...

I just like to have a border device in play such as a NAT router to protect
the O/S's services and shares and I will not do a direct connection of any
machine to the Internet with a PFW solution, unless I am forced to do so
with a laptop in a mobile situation.

I'll always use a NAT router for networking situations as a NAT router does
a better job of protecting the O/S's services and shares from outside
intrusion than software running at the machine level with the O/S, which
software running at the machine level can be taken down or attacked just
like the O/S by malware. Since the NAT router is a standalone device, it
cannot be taken down by malware exposing the machine of the entire network
to attack.

If you're in a networking situation, then most likely you're going to have
all the vulnerable services like MS F&P Sharing amongst other things active
on the machines, otherwise why network? The NAT router provides the better
protection, IMHO.

So, if it were me, I would use a NAT router and its protection and a PFW to
supplement behind the NAT router.

Some people run with two PFW(s) and if it's not giving you any problems
then do it. I run BlackIce and IPsec with IPsec supplementing BI on the
laptop, when the laptop is not connected to my network.

Duane :)
 
How do you know it loads last? Because the icon in the tray appears
last? Not a good indicator.

I suspect the ZA core component loads as a service. That means it loads
at about the same time as your network connections. What you're seeing
in the tray is likely the control center.

If you're worried about the unGodly, make sure your system is well
patched and remove any superfluous services, like print and file
sharing. Buy a bottle of Meyers, get some ice and chill.
Click to expand...
Thanx everyone.
Having had experience of AV programs interfering with each other, I was
reluctant-to-apprehensive about running two firewalls simultaneously. As
the machines are all domestic stand-alones, with no file-sharing, etc, I now
have an inclination to set the Windows firewall as well. I'll start with my
own machine and see how we go.
I'll also ask ZoneLabs and, if they reply, and if I can make sense of their
answer, I'll post it here.
 
Art said:
So have you hardened the machines by disabling all unnecessary
services? If you close all open ports you can quit worrying about it.

Art

http://home.epix.net/~artnpeg
Click to expand...

I use WXP SP2 on a cable modem with Kerio 2.1.5. How do I know what
ports to close without affecting the surfing or online game-playing
ability of my computer? I am open to using other PFW applications as
well.
 
I use WXP SP2 on a cable modem with Kerio 2.1.5. How do I know what
ports to close without affecting the surfing or online game-playing
ability of my computer? I am open to using other PFW applications as
well.
Click to expand...

Can't help you with that. I'm a Free Cell fanatic myself :) But you
can close all ports without affecting your surfing. All I know about
online gaming is that my wireless router allows port forwarding for
that sort of thing. But I've never used it.

Art

http://home.epix.net/~artnpeg
 
badgolferman said:
Art, 6/28/2005, 6:57:52 AM, wrote:




I use WXP SP2 on a cable modem with Kerio 2.1.5. How do I know what
ports to close without affecting the surfing or online game-playing
ability of my computer?
Click to expand...

You do that by disabling services that pose a significant degree of risk.


I am open to using other PFW applications as
 
Bart Bailey said:
Some years back,
during a boring fugue with Napoleon,
I tried and became a fan of FC too. ;-)
Click to expand...

I became hooked on Free Cell on windows NT 4.0.
Finally learned that you can win from ANY starting position.
Got bored and quit after a win streak of 200 consecutive games.

Some starting positions take a LONG time to beat, thoiugh.
 
I became hooked on Free Cell on windows NT 4.0.
Finally learned that you can win from ANY starting position.
Got bored and quit after a win streak of 200 consecutive games.

Some starting positions take a LONG time to beat, thoiugh.
Click to expand...

I find with a few of the games that I can get started wrong and
soon get into a impossible situation and lose. Sometimes it takes
me another two or three starts and losses to find THE way to
start and eventually win. Those games are few and far between.

I like Free Cell because it's always at least somewhat of a challenge
even on those long win streaks. Oddly, I find it relaxing. It doesn't
place a demand on the kind of _real_ thinking and concentration that,
say, assembly language programming does, or studying certain
mathematics and physics, which can really be a energy drain.
Instead, a game like Free Cell is refreshing to me.

Art

http://home.epix.net/~artnpeg
 
On Tue, 28 Jun 2005, Art wrote:
[snip]
Can't help you with that. I'm a Free Cell fanatic myself :) But you
can close all ports without affecting your surfing. All I know about
online gaming is that my wireless router allows port forwarding for
that sort of thing. But I've never used it.
Click to expand...

Just Microsoft'a version of Freecell? Or do you also have Freecell Pro?

"FreeCell -- General Information and Index of Solutions"
http://www.solitairelaboratory.com/freecell.html

"FC Pro"
http://www.solitairelaboratory.com/fcpro.html

"Freecell Pro"
http://www.rrhistorical.com/rrdata/Fcpro65/

"FreeCell Pro - home.earthlink.net - Games"
http://www.yoopi.com/site/solitaire-home-earthlink-4587

"Freecell Solver - The Next Presentation"
http://vipe.technion.ac.il/~shlomif/lecture/Freecell-Solver/The-Next-Pres/slides/
 
Back
Top