I know the exploit you are talking about. There are others, but without getting too specific, there is a way to allow you to access the setup screen from the outside(there are also ways to protect against this), get the admin password for the router and then gain access to the router config. At that point, you can open up anything you want. Mind you, its not bloody likely, but it is possible.
But we are straying a bit from the point. What I was originally talking about is that ZA still registers hits from external sources, even when the router is in place. The most comon I get (and it doesnt happen often), are from the ISP, but if they can get through, so can someone else. I run both, to be safe, but I even if I just had a linksys or a DLINK, I really wouldnt worry about it too much.
How so? I’ve been using outlook/outlook express for years, and I’ve never had a virus (that I’m aware of) on my machine. I’ve never received virus emails, either.
I strongly demand of everyone I know NOT to put me in their address book. Their laziness should not be a boon on my computer. And I never, ever use address books for the same reason.
Finally, the preview pane is off, and if I don’t recognize the email I delete it, no matter how intriguing the title is. Even if it somehow manages to have my name in it (god knows how that happens).
Also wanted to add that ATT has a mysterious program running on my computer, CFD.exe, which attempts to access the internet. I have denied it access to no affect, and I have also removed it from start up (ties into the Registry—Machine Run) to no ill affect. But it was starting up before ZoneAlarm so it had free reign until I did this.
I don’t know if this is spyware or not, and no searching revealed anything other than one guy shouting DO NOT RUN THIS PROGRAM BLAH BLAH, though with no indication of why one shouldn’t be running this program.
I suspect it isn’t spyware per se but one of those “tech” proggies that periodically send info about your machine so that support can help diagnose any problems. Which, i suppose, is spyware, but at least possibly legit.
Since I had no problems to begin with, I think I can manage OK without it. And, worse comes to worst, I figure I can simply reinstall my cable modem software (not ATT software) and get started again.
This does bring up an interesting question, though, for anyone who may be in the know. When the OS loads, does it go through the registry’s Machine Run in the order that they appear in regedit? I have been unable to explicitly determine in what order most programs start up. Theoretically I’d like ZA to be first since it can’t catch programs that started before it ran…
Another thing: don’t have IE or any browser you have set to “Allow”. Always have it ask. Some sneaky programs run IE in an invisible window (TooLeaky demonstrates this). If you allow IE to run instead of having ZA ask you, you will never know that it occured.
Big flaw about ZA is that it’s current version, as with all versions, take an unusually long time to load. So under no circumstances should one having ZA start opening an Internet connection at StartUp. It will beat ZA and its True Vector engine to the punch, leaving you vulnerable to sniffers for at least twenty seconds.
You can always set windows(if you are running nt/2k/xp) to launch a batch file as a service on bootup, then have the batch file run zonealarm. That way, it loads before you ever log in, and before any of your start proggys are loaded.