ZoneAlarm Firewall for Windows 95

Factual Questions
1

I’m thinking of getting an ADSL line for home use, and one of the machines using it will likely be an old Windows 95 clunker. (Yes, I know ADSL and Win95 sounds like a stupid combination. But the primary reason for getting the ADSL hookup is not for speed, but to save money. I’m in Tokyo, and phone rates for dialing our ISP really add up each month; it’d be substantially cheaper to get an ADSL line.) Since going to an ADSL hookup would presumably make me more susceptible to hackers, spyware, what have you, I figure a firewall ought to be installed even on the Win95 machine.

I’ve checked out ZoneAlarm (the free download, not ZoneAlarm Pro), and it sounds like it would do the job, but there’s one snag: it no longer supports Windows 95. It’s supposed to work with Windows 98, Me, NT, etc., but not 95. The reason they discontinued Win95 support, they say, is that Microsoft themselves stopped supporting Win95.

Just for the heck of it, I decided to download ZoneAlarm anyway and install it on the Win95 machine. It seems to be working just fine, judging from the alerts that have popped up and how it’s responded after several reboots. It sometimes slows down the machine a little, but considering how slow it was in the first place, it’s not a big deal.

But what I’m wondering is: although ZoneAlarm seems to be working fine on the Win95 machine, is this really the case? What I mean is, assuming that it will run without crashing or interfering with other Windows operations, will it effectively offer the same firewall protection that it would offer for Win98, Me, etc.? Or, is there something peculiar to the architecture of Win95 that would make it vulnerable to intrusion in ways that Win98 etc. are not?

I’m new to this ADSL & firewall stuff, so go easy on me. :slight_smile: Thanks

2

If you are going to use a personal firewall, I personally like the blackice product.

However, there are a number of things that can be done even without a firewall that make your machine relatively unhackable.

In your networking setup area, you can unlink tcp/ip from any OS provided network services and you are in pretty good shape. If your machine needs to network with other local machines, you can install a non routeable protocol and only have that linked to Microsoft networking client.

With tcp/ip installed but not linked to the OS level network client, there isn’t really a path to any of your data through the internet. I would like this even better if the protocol stack closed/quit listening on netbios ports as well, but even at that, most casual hackers will move along to a more attractive machine, that is of course assuming you don’t have some affiliation that makes you a target for ideological reasons.

3

You can find an explanation of what scotth says in http://grc.com/su-fixit.htm and following pages

4

I’ve got ZoneAlarm version 2.6.231 (from a year ago) running on Win95 with no problems, and it’s still blocking quite a few probes from outside.

You could contact ZoneLabs and see if the old 2.6 version is still around, but it’s probably not necessary. It seems from your experience that “No longer supports Win95” doesn’t mean the product won’t run; it just means the company isn’t making any special effort to make new versions work in 95. There are probably security holes in 95 that can’t be covered, but I doubt they made changes that broke anything.

5

Don’t worry, I’m sure it’s working fine. To reassure yourself you can do a port scan here: http://www.dslreports.com/scan

Just be sure to diable the alert popups first unless you want to see 500 of them. I always have the popups disabled since there is really no point to them.

6

What a coincidence, I just called Zone this morning for a refund for ZA Pro 3.0. It does not work with Netscape.

7

Thanks, all, for your suggestions. Very, very helpful! ZoneAlarm on the Win95 machine did indeed pass the port scan suggested by rsa. Woo-hoo!