Sign-in / Sign-up
Your question

Zone Alarm Free blocks everything

Tags:
  • Firewalls
  • Networking
Last response: in Networking
September 16, 2005 8:35:53 AM

Archived from groups: comp.security.firewalls (More info?)

I've had ZA free for several months. Was prompted to upgrade to newer free
version a few days ago. All was working fine. Had to re-train for various
programs but that was fine. All of a sudden after a warm boot... (And a prompt
to buy the Pro version) Zone Alarm free is blocking everything. All outgoing
requests to my network or Internet.
The popup said:
"The firewall has blocked routed traffic from 192.168.1.101 to whatever"
Of course that IP is my network IP address. (DHCP)
When I added the range 192.168.1.101 - 192.68.1.106 to a trusted zone...
everything became happy. Why did things work before and then they didn't and now
they do AFTER I added the IP range to the trusted zone? Is this one of the bugs
I've seen mentioned with the new version?

More about : zone alarm free blocks

Anonymous
September 16, 2005 4:36:26 PM

Archived from groups: comp.security.firewalls (More info?)

DanR <dhr22@sorrynospm.com> wrote:
> The popup said:
> "The firewall has blocked routed traffic from 192.168.1.101 to whatever"
> Of course that IP is my network IP address. (DHCP)
> When I added the range 192.168.1.101 - 192.68.1.106 to a trusted zone...
> everything became happy. Why did things work before and then they didn't and now
> they do AFTER I added the IP range to the trusted zone? Is this one of the bugs
> I've seen mentioned with the new version?

Just drop Zonealarm and use the Windows-Firewall. Then you'll not have
such problems.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
September 16, 2005 4:48:34 PM

Archived from groups: comp.security.firewalls (More info?)

"Volker Birk" <bumens@dingens.org> wrote in message
news:432aa02a@news.uni-ulm.de...
> DanR <dhr22@sorrynospm.com> wrote:
>> The popup said:
>> "The firewall has blocked routed traffic from 192.168.1.101 to whatever"
>> Of course that IP is my network IP address. (DHCP)
>> When I added the range 192.168.1.101 - 192.68.1.106 to a trusted zone...
>> everything became happy. Why did things work before and then they didn't
>> and now
>> they do AFTER I added the IP range to the trusted zone? Is this one of
>> the bugs
>> I've seen mentioned with the new version?
>
> Just drop Zonealarm and use the Windows-Firewall. Then you'll not have
> such problems.
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"

Then you get a trojan/virus/worm that sends out masses of data from your
machine (eating up bandwith) as Windows Firewall does not block ANY outgoing
traffic.
Related resources
September 16, 2005 5:12:11 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> DanR <dhr22@sorrynospm.com> wrote:
>> The popup said:
>> "The firewall has blocked routed traffic from 192.168.1.101 to whatever"
>> Of course that IP is my network IP address. (DHCP)
>> When I added the range 192.168.1.101 - 192.68.1.106 to a trusted zone...
>> everything became happy. Why did things work before and then they didn't and
>> now they do AFTER I added the IP range to the trusted zone? Is this one of
>> the bugs I've seen mentioned with the new version?
>
> Just drop Zonealarm and use the Windows-Firewall. Then you'll not have
> such problems.
>
> Yours,
> VB.

VB ... you seem to have a knack for changing the meaning of and by-passing any
question posed and causing the thread to take off in tangents. Your views are
not widespread.
Anonymous
September 16, 2005 5:51:40 PM

Archived from groups: comp.security.firewalls (More info?)

ABC <simonbray@nospamemail.afraid.org> wrote:
> > Just drop Zonealarm and use the Windows-Firewall. Then you'll not have
> > such problems.
> Then you get a trojan/virus/worm that sends out masses of data from your
> machine (eating up bandwith) as Windows Firewall does not block ANY outgoing
> traffic.

Also Zonealarm cannot do that - please read my postings here of the last
few days.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 16, 2005 6:36:21 PM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> ABC <simonbray@...> wrote:
>>> Just drop Zonealarm and use the Windows-Firewall. Then you'll not
>>> have such problems.
>> Then you get a trojan/virus/worm that sends out masses of data from
>> your machine (eating up bandwith) as Windows Firewall does not block
>> ANY outgoing traffic.
>
> Also Zonealarm cannot do that - please read my postings here of the
> last few days.

[Going a bit OT from the original post]

What about less-sophisticated malware that does not attempt to bypass
firewalls? You should not expect users to be careful to acquire only the
most recently produced malware.

Also, ZA (at least the "Pro" version, possibly all versions) renames the
extension of various e-mail attachments so that *accidentally* opening one
is not possible. Remember, some people use their computers when they are
drunk.

Andrew
Anonymous
September 16, 2005 7:16:56 PM

Archived from groups: comp.security.firewalls (More info?)

DanR <dhr22@sorrynospm.com> wrote:
> Your views are
> not widespread.

Please offer arguements, why I should be wrong.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 16, 2005 7:57:13 PM

Archived from groups: comp.security.firewalls (More info?)

Andrew Morton <akm@in-press.co.uk.invalid> wrote:
> What about less-sophisticated malware that does not attempt to bypass
> firewalls? You should not expect users to be careful to acquire only the
> most recently produced malware.

I'm not talking about recently produced malware or older malware or
something. I'm talking about security, how can one be safe from malware
running on one's host and sending information "home".

You could argue then, it is better to have such a filter the "Personal
Firewalls" offer than no filter at all, because then at least malware,
which is programmed by extremely dumb people, can be stopped.

But this is not the point. It cannot be the point, because this is not
security against malware "phoning home" at all, but only "security"
against extremely dumb malware.

In practice this means, that the user is bombarded with popups and
questions, all false positives, and he has a false impression of being
secure, because her/his "Personal Firewall" is "blocking" so much
"attacks" and "phone home" trials, this "Personal Firewall" stuff
must be great! Just like we see all day.

And for feeling so secure, She/he starts to lack carefulness. She/he
does not need so careful any more, because of the great protection of
this super "Personal Firewall" software.

In reality then, the one and only information, which was send out hidden,
the user does not recognize, because her/his "Personal Firewall" does not,
and this is the information from the real malicious software.

The point must be: "how can I prohibit malware from running on my PC",
not "how can I deal with malware, which is running on my PC".

The latter is not securely possible with classical operating systems,
and not at all with Windows.

BTW: a good question also is "how can I handle the situation, if I'm
detecting malware on my PC".

This is, why NOT working as administrator is a very good idea, and
having a disk image up one's sleeve is a great idea.

Remember: no-one wants backup - everybody wants restore ;-)

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
September 17, 2005 4:08:33 AM

Archived from groups: comp.security.firewalls (More info?)

Volker Birk wrote:
> DanR <dhr22@sorrynospm.com> wrote:
>> Your views are
>> not widespread.
>
> Please offer arguements, why I should be wrong.
>
> Yours,
> VB.

Once you reply to a post you hijack the post. There is not one reply that has
anything to do with the original post. You say the same thing over and over and
over. I for one like to have some idea of what software on my computer accesses
the Internet. Can you offer examples of typical computer software that common
folks have on their computer that is written to bypass or fool the software
firewall when that software attempts to access the Internet. I like to have the
option to block programs like Adobe Acrobat that constantly want to check for
updates.
Anonymous
September 17, 2005 1:28:13 PM

Archived from groups: comp.security.firewalls (More info?)

DanR <dhr22@sorrynospm.com> wrote:
> > Please offer arguements, why I should be wrong.
> There is not one reply that has
> anything to do with the original post.

If somebody asks you, shell I use the S&W 38 to shoot into my knee, or shell
I use the 44 Magnum, which one is better? Then the right answer is not,
that the 44 Magnum has more penetrating power, while the 38 is more common
and widespread.

The right answer is: "think about it - you don't need to shoot into your
knee".

> like to have the
> option to block programs like Adobe Acrobat that constantly want to check for
> updates.

Did you already realize, that the online update check of Acrobat simply can
be switched off?

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
September 17, 2005 7:53:16 PM

Archived from groups: comp.security.firewalls (More info?)

Volker, I have a great place for you and your tripe. Message/block sender...
BYE


"Volker Birk" <bumens@dingens.org> wrote in message
news:432bc58d@news.uni-ulm.de...
> DanR <dhr22@sorrynospm.com> wrote:
>> > Please offer arguements, why I should be wrong.
>> There is not one reply that has
>> anything to do with the original post.
>
> If somebody asks you, shell I use the S&W 38 to shoot into my knee, or
> shell
> I use the 44 Magnum, which one is better? Then the right answer is not,
> that the 44 Magnum has more penetrating power, while the 38 is more common
> and widespread.
>
> The right answer is: "think about it - you don't need to shoot into your
> knee".
>
>> like to have the
>> option to block programs like Adobe Acrobat that constantly want to check
>> for
>> updates.
>
> Did you already realize, that the online update check of Acrobat simply
> can
> be switched off?
>
> Yours,
> VB.
> --
> "Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
> deutschen Schlafzimmern passiert".
> Harald Schmidt zum "Weltjugendtag"
Anonymous
September 18, 2005 9:59:14 AM

Archived from groups: comp.security.firewalls (More info?)

DanR wrote:
> Volker Birk wrote:
> > DanR <dhr22@sorrynospm.com> wrote:
> >> Your views are
> >> not widespread.
> >
> > Please offer arguements, why I should be wrong.
> >
> > Yours,
> > VB.
>
> Once you reply to a post you hijack the post.

many people can respond to you. especially if they do not agree with
one person's response. Dont' blame somebody for responding.


>There is not one reply that has
> anything to do with the original post. You say the same thing over and over and
> over. I for one like to have some idea of what software on my computer accesses
> the Internet. Can you offer examples of typical computer software that common
> folks have on their computer that is written to bypass or fool the software
> firewall when that software attempts to access the Internet. I like to have the
> option to block programs like Adobe Acrobat that constantly want to check for
> updates.

If you rely on a firewall blocking outgoing connections to ultimately
save you from spyware, then it'd be wrong.

Whether you do or do not use a firewall to block outgoing . I am not
taking any side on that debate.

I suggest some software to monitor (though not block) connections at
any given time.

netstat <-- built into windows, is not that good since it doesn't
display processes.
'Active Ports' is very good.

I can think of oter ideas. netstat live. a 'packet' sniffer.


Looking from VB's perspective,

you really should know that spyware is communicating, and shouldn't
need a firewall to tell you

you shouldn't rely on a firewall as the last 'reliance'. This is a huge
danger.

Blocking outgoing connections is a bit like locking yourself in your
own house. Making yourself a prisoner in your own home, when really
with a little care, spyware shouldn't communicate, and if it does, you
should notice and catch it early. spyware is just advertising really.
It's usually obvious when it's there anyway. Even users notice "my
internet is going slow".

And he knows how easy it is to get past. Just like he knew that to get
past stealth required a simple switch on nmap! In that instance, you
know how easy it is, you say 'big deal' and you block him off at a
'higher level'.

You can allow ICMP(as TCP/IP specifies), and you can allow Outgoing
connections. You can allow these without putting your computer at
risk.

You dont need to put banana skins on your driveway(then avoiding them
each time you walk out the house). Secure your home instead.

You should take into account when a poster does know his RFCs,

Also, is it such a big deal if some spyware runs on your computer for
10 minutes before you notice it? To have got into that situation you
have to be quite careless.
I even use internet explorer and I don't get into that situation!!
(though I recommend anybody else does).

To me, and I do not have much knowledge, reading VB's argument, it
isn't a bullet proof argument. Since what to VB is a banana skin, may
not be a banana skin to the average spyware. It may be a poisoned dart.
So, you're right to ask what spyware does so.
It would be careless tohave spyware running on your comp for any length
of time and not know. And if you're smart enough to configure a
firewall to block outgoing connections. You shuld be smart enough to
watch your windows computer with the right sofware (Active Ports,
packet sniffer(ethereal,iris) )

It would be careless/unlucky to get it on your system in the first
place. So you should be prepared for it to happen, and monitor your
established connections, , which procsses. maybe even using a packet
sniffer if you're suspicious.

Maybe if the system is for a user that says he will only browse the web
and he is not technically curious about anything. And he's not going to
watch his computer and secure it as best as possible. Then perhaps it's
a bullet proof argument that
you want to block all outgoing connections except port 80.


So you see. By listening to a poster that reads his RFCs, you learn
that a good techie will be monitoring his established connections. And
if he is suspicious, he will be checking any out with a packet sniffer
if he is suspicious. At least that is the conclusion I draw.
Anonymous
September 18, 2005 2:36:56 PM

Archived from groups: comp.security.firewalls (More info?)

Woody <TheDuck@pond.net> wrote:
> Volker, I have a great place for you and your tripe.

It's a pity. I'm still waiting for your first argument, why I'm wrong
in your opinion.

Perhaps you don't have any arguments at all. Of course, then a discussion
will be very difficult for you.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
Anonymous
September 19, 2005 4:12:38 PM

Archived from groups: comp.security.firewalls (More info?)

jameshanley39@yahoo.co.uk wrote:
> To me, and I do not have much knowledge, reading VB's argument, it
> isn't a bullet proof argument. Since what to VB is a banana skin, may
> not be a banana skin to the average spyware. It may be a poisoned dart.
> So, you're right to ask what spyware does so.

Please explain, what argument you're referencing.

Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"
April 30, 2011 5:40:47 AM

Thanks, assholes for wasting my time reading a pissing match when I'm trying to FIX MY ******* FIREWALL. Can someone delete this thread? Please? What the *** is this bullshit doing on the internet? If I want to read about the many ways windows sucks I can go to the ZDnet comments.

******* WASTE OF TIME AND BANDWIDTH.

But yeah, windows sux blah blah blah