zonealarm insanity!

Discussion in 'Windows Desktop Systems' started by dubstar, Aug 26, 2003.

  1. dubstar

    dubstar format c:

    Messages:
    1,357
    Location:
    Southern California
    I had 155,000 attacks, and now i have 651 more 15 minutes later... since i installed this the internet has felt slower, is there anyway i can just block off my ports and NOT see any info, maybe that would speed it up. I dont care about their IPs, its not like i can report them or anything. (yes i saw the report button on ZoneAlarm, but that doesnt do anything that can get anyone in trouble, or stop them).

    i guess im just asking for a faster firewall, one that has a feature to send them back a message saying "YOU A55, GET A LIFE!"
     
  2. Enyo

    Enyo Moderator

    Messages:
    1,338
    There are applications that can relay a message back to a "attacker" but i should point out that out of those 155,000 attacks its safe to bet none will be a "hacker". 99% of stopped traffic is made up from worms or script kiddies passively scanning a subnet.

    If you were to echo back a message you would be 1) Send a message to a infected system 2) Be showing that your system is up 3) Be sending a message the other system may not ever receive (they would have to be listening for traffic back to see what it was)

    Don't know if you were serious but thats that.

    If the amount of incoming traffic is that high then you do need to speak to your ISPs abuse team, normally abuse@isp.com

    It may just be left overs from the msblast worm.

    As for a new firewall, ditch ZA and try one of the many other options. Kerio for example.
     
  3. dubstar

    dubstar format c:

    Messages:
    1,357
    Location:
    Southern California
    thanks, i'll talk to my ISP, and test out Kerio. laytro Enyo


    edit: its asking me for a Admin Password.. but i never set one up...
     
  4. lechtard

    lechtard Guest

    Zone Alarm has a tendecy to give false information - If you want to use a good firewall use Sygate Pro, it has trace back with whois features in it ... You will find that most ISP's tell you not to use Zone Alarm, mine has even told me straight out they think it's junk lol .. and if you have a dial up connection you don't need a firewall ..
     
  5. alloy25

    alloy25 Guest

    Explain to a novice why dial-up dont need a firewall....

    I'm interested as I have a dialup connection and I also have Z/Alarm Pro.......

    Alloy25:)
     
  6. ming

    ming OSNN Advanced

    Messages:
    4,252
    Location:
    UK
    I find ZoneAlarm sh!t. Reason being that I can only open or close the stupid program and nothing more and I have no idea why.
    When I open it to the configuration screen, all I can see is a blank white window with the 'stop traffic' icon at the top.

    I know the only way to resolve this problem is to remove and re-install the software, but what's the point if it's going to happen again?!
     
  7. Enyo

    Enyo Moderator

    Messages:
    1,338
    Dial up does need a firewall. It's only because dial up is less exposed due to its none presistant nature that people feel comfortable not having a firewall.

    IMO dial up or broadband, you need that firewall in place.
     
  8. lechtard

    lechtard Guest

    People who are dial up are'nt on long enough to worry about anything .. Most people who are on dial only get on long enough to check their mail surf to a webpage, or try to download a song or two from a p2p, they don't have it on 24/7/365 like broadband does .. Now if someone is that paraniod tthen they can have as many firewalls as they want, but in anycase - there is no need for a person who is on dial up to have one ...
     
  9. I have dial-up connection and connects almost 24/7. So I do have the usual internet protection programs intalled and updated. I've had some attacks but Norton Personal Firewall stopped the attack and blocked it.

    So..no matter what connection you have, ALWAYS have an AntiVirus and a Firewall program installed.
     
  10. Perris Calderon

    Perris Calderon Moderator Staff Member Political User

    Messages:
    12,332
    Location:
    new york
    my feelings fall in between these two points of view

    since good firewalls do not slow down even the dialip...not even one bit,...there is no harm or trade in running a firewall with a small footprint, (hint, kerio), and there is protection against both in and out traffic to consider, not only the attack from without

    although the likely hood of an attack being affective when you're on dialup, never the less, you don't even want the attempt do you, and the firewall prevents even the attempt

    so, as I say, since there is no trade in performance, I fall on the side that everyone should run an unintrusively configured firewall

    however

    if you find you are running slower with the firewall when you are on dialup, if it were me, it wouldn't be worth the trade.

    but I have no security concerns, and in the end, I can fix any damge that's done to my box...so my worry is performance more then security

    again

    a good firewall does not give a trade in your intenet speed, so in this case, everyone should really run one
     
  11. Kr0m

    Kr0m Moderator

    Messages:
    1,390
    Location:
    Turtle Island
    IMHO, after testing various firewalls, I'll stick with ZAPro.
     
  12. dubstar

    dubstar format c:

    Messages:
    1,357
    Location:
    Southern California
    i've decided to stick with Sygate Personal Firewall Pro. I like how it lets you approve each .dll thanks.
     
  13. My first ever firewall was ZA, then I moved onto ZAP which Ive always used since. I dunno if its just me being sentimental or something, but I love it and think its the best Ive tried (and thats a fair few).
     
  14. Erbmaster

    Erbmaster Moderator Folding Team

    Messages:
    1,195
    Location:
    Middle Of Nowhere - UK
    Hmmmm this is very interesting...I take it lechtard you are unfamiliar with just how dangerous p2p apps can be...aside from all the spyware/keyloggers that are waiting to launch (many install with p2p apps)

    Do you realise there are viruses that only propogate exclusively through p2p?

    In particular they steal serial numbers and keys etc.
    Leaving any port open and unmonitored whilst connected to the internet is just asking for trouble.

    I feel you need to read some of Enyo's previous threads regarding security as you seem to be missing 1 or 2 crucial pointers.
    A firewall is one of the 1st things i'd install before hitting the net, even before an AV solution. (& I don't mean XP's inbuilt 1 way crap either.)

    It's true that dial-up are effectively connected for less time than broadband PC's but don't be fooled into thinking you're safe. Viruses/trojans etc existed long before broadband.

    Imagine the mess the recent worms would have caused had none of us had been running firewalls.
    As dealer quite rightly said. A good firewall won't sap your bandwidth (noticeably) ergo it makes sense to run one...belt & braces 4 me :)

    BTW i have a Netgear FR-314 h/w firewall router, plus NIS for extra "configurable access rules" and last night my router was getting hit left, right and centre, It made my ping increase between 7 to 8 times the norm.
    If it weren't there. That would be my PC on the receiving end, and with M$'s track record at dealing with "vulnerabilities" it would only be a matter of time before chaos ensued.
     
  15. lechtard

    lechtard Guest

    O.k - I see your point and respect it ..

    My point is that people are to paranoid ,, I don't use an AV - the reason being that I have never got hit with a virus, and if I did I have everything backed up to where I don't have to worry about it. I have a linksys router with dmz disabled and a software firewall, the only reason I use a firewall is because I don't want things getting out of my pc, even without the firewall I'm stealth from things getting in .. I use p2p occasionally, it's not an everyday thing - I don't like them to tell the truth, they all lie and mislead..

    The chance of actually getting hit with anything dangerous is slim to none, and just because you are getting pings don't mean anything, the biggest part of the pings you usually get are from your isp doing a scan to see if you are running anything you should'nt be, like an FTP .. and also NIS gives false information - so if it said you were being pinged I would'nt believe it ..
     
  16. Henyman

    Henyman Secret Goat Fetish Political User

    kerio is great, it doesn't slow my conection down + has never failed ;)
     
  17. Erbmaster

    Erbmaster Moderator Folding Team

    Messages:
    1,195
    Location:
    Middle Of Nowhere - UK
    I admire your confidence. Let's hope that none of your data is
    subject to trojans etc.
    How would you know if you have a virus if you haven't noticed
    the payload or scanned for it's existence.?
    A recent virus doing the rounds disguises itself as a SVCHOST
    process. Pretty hard to detect by eye. ;)
    At least you should ensure your backups aren't harbouring any
    nasty surprises, should the worst come to the worst.

    I'm not trying to scare you or blow this out of proportion.
    It's just imho, AV, and firewalls are important aspects of PC
    security

    Agreed ISP's do perform these PING tests, but the level of traffic
    I referred to was inconsitent with anything experienced before.
    I've had the connection established for over 2 years.
    That was the 1st time it's really been hit hard.

    I also agree that NIS can mislead :D, but the problem didn't lie
    there.
    The traffic was from the WAN hitting my firewall/router and being
    denied access to my PC/LAN, thus making NIS irrelevant.

    I regularly check my (hardware) firewall logs, and see many
    references to "probable TCPFin scan" "Port probes" etc. I feel
    happy that these do not make it as far as my PC, thus saving me
    the worry of false positives, and ****-ups by NIS. :)
     
  18. dubstar

    dubstar format c:

    Messages:
    1,357
    Location:
    Southern California
    ught oh, my SVCHost has been trying to make connections a lot! my Norton is up-to-date, but i have noticed when it starts up, before the firewall loads, Norton is NOT-Auto Protecting, then when the firewall is loaded, it goes to its preset Auto Protect mode....
     
  19. Erbmaster

    Erbmaster Moderator Folding Team

    Messages:
    1,195
    Location:
    Middle Of Nowhere - UK
    Don't panic Dubstar, it may even be related to Spyware...Check
    this post by gonaads here
    Seems this one uses SVCHost32 asa disguise, dunno if this is
    relevant in your case m8, but it makes good reding either way ;)
     
  20. dubstar

    dubstar format c:

    Messages:
    1,357
    Location:
    Southern California
    computers are stupid.