I am running Win XP Pro and ZoneAlarm Pro V 6.0.
In the Program Control panel I can recognise a number of programs like IE which I know I should allow internet access and a number of programs which I know are just trying to phone home but have no legitimate business accessing the internet and I should block them.
But then I see a growing bunch of programs which seems like I need to authorise but they are Windows programs which can be used by any other program to access the internet so it seems some programs can use these legitimately but others could still use them for internet access with evil intent.
- Windows NT session manager
- Userinit logon application
- Run a DLL as an app
- Services and controller app
- LSA Shell (export version)
- Generic Host Process for win32 services
- Client server runtime process
If any program can use “Run a DLL as an app” to access the internet then there’s no point in blocking the programs from accessing the internet directly.
So what am I misunderstanding? What do I need to know to correctly configure the firewall?