Firewall configuration (Zonealarm)

I am running Win XP Pro and ZoneAlarm Pro V 6.0.

In the Program Control panel I can recognise a number of programs like IE which I know I should allow internet access and a number of programs which I know are just trying to phone home but have no legitimate business accessing the internet and I should block them.

But then I see a growing bunch of programs which seems like I need to authorise but they are Windows programs which can be used by any other program to access the internet so it seems some programs can use these legitimately but others could still use them for internet access with evil intent.

  • Windows NT session manager
  • Userinit logon application
  • Run a DLL as an app
  • Services and controller app
  • LSA Shell (export version)
  • Generic Host Process for win32 services
  • Client server runtime process

If any program can use “Run a DLL as an app” to access the internet then there’s no point in blocking the programs from accessing the internet directly.

So what am I misunderstanding? What do I need to know to correctly configure the firewall?

It’s been a looong time since I’ve had to fiddle with the firewall settings, especially for the cranterous Zonealarm family. But here’s a usefull tip, set it to prompt you each time. Go through your motions, and see if you can work with: the apps that come with your flavor of windows, your particular internet connection, and your programs. Then decide what to block, and what to allow. IIRC, I blocked “Run a DLL as an app”, without affecting my DSL, or my ability to play DiabloII over Battlenet, or web browsing. YMM(definitely)V, if it borks your cable modem, of Zune, or something, then you’ll have to allow it, or dump the offending program. P.S. by the time you’re done, you will then know how to configure a firewall.