AMD Sempron 3000+, trying to connect with 10/100 Ethernet, WinXP. I’ve been struggling since last night to get this damn thing connected to the intarweb, and it just didn’t work. This morning, I tried shutting down zonealarm and whoosh pow bang everything works.
I checked the settings in zonealarm, and IE has full privileges. Any suggestions, guys?
I don’t use ZoneAlarm (my preference is Sygate), but does it generate a list of trusted applications by asking you about them the first time they try to communicate? If so, it might be best to clear this list and let it ask you all over again.
IE might have privileges, but in order to access the internet, it needs various system and network services to be working properly too - perhaps ZoneAlarm is blocking one of these services. Is there a way to get a list of what ZoneAlarm is blocking (as opposed to what it is permitting)?
I’m going to hope that this works… I just went down the list and gave everything privileges willy-nilly.
Now if I could get lsass.exe to stop shutting down my computer, I’d be golden.
Zonealarm=Software Firewall
Software Firewall = Bucket of monkeypoop.
Buy a router or some other form of hardware firewall, then uninstall ZoneAlarm. It (and Norton IS and so on) is just not worth bothering with unless you are megaparanoid and/or running a company or other significant hacking target. And if you are a significant hacking target you would be SOL anyhow, since you would need to be a security expert to avoid hackage, which by the sound of it you are not 
Just back stuff up and rely on your trusty hardware.
If lsass.exe is shutting down your computer, it is quite likely infected with the sasser worm. I also would not recommend giving everything privileges; that’s almost the same as not bothering with a firewall.
That’s an incredibly broad brush you’re painting with there, and not particularly accurate brush strokes either; software firewalls have their place because they offer benefits that hardware firewalls simply don’t do, for example, what happens if some clown on a LAN executes a malicious program attachment that he received by email? Will the hardware firewall on the internet connection prevent the malware running riot on the LAN?
…Quite apart from the fact that most low-cost ‘hardware’ firewalls are actually just software firewalls running on some embedded device.
Fuck. I thought that it didn’t exist any more. Where are the resources for cleaning it up?
Go back and change all the settings so that each program has to ask for permission to access the internet. That way you’ll know what’s going out.
Heh, google worked for me. I went and got rid of Sasser on my own (which I somehow had, after only like 3 hours of being connected to the internet.)
Do they really make hardware firewalls? In the sense that somebody designed specific hardware that does a lot of the higher level filtering of the packets. I can’t believe that this is true.
I’m pretty sure Zone Alarm has a logger that keeps track of attacks (or suspicious events) from the internet - as an experiment once, I bypassed my router/firewall once and hooked a pc to the cable modem directly with just a software firewall- the software firewall detected about 20 port scans in 30 minutes. It’s suicide to connect to the internet without some kind of protection, especially if you are on a high speed connection from a well known ISP, because a lot of the IP ranges for always on, high speed connections are well known and preferred for attacks.
For the record, I don’t think the the log for the software firewall had any events for the period prior to bypassing the router. Count me in with the crowd that uses a software and hardware firewall - I have roommates on our LAN and I have no control over what they bring through the firewall.
What kinds of hardware firewalls are available to me, besides routers? Our school network prohibits routers, specifically. (We can, however have hubs.)
FWIW, for some reason my Internet is working now, even with Zonealarm on.
Ok, never mind. I lied. Zonealarm let my internet work for a short period of time, and then, no. And then sasser shut down my computer again. After I got rid of it earlier. So, I can either find another software firewall, or just resign myself to ridding myself of viruses and such constantly.
Dunno; it may be that some of these managed switches/routers incorporate firewall components that, while they’re still going to need some soft/firmware, might be more tightly integrated with the actual control electronics of the device.
I read somewhere that the average time it takes for an unprotected Windows system to become compromised on the internet is less than twenty minutes; a firewall is absolutely essential - I make sure that I have one ready to install (i.e. from CD) before I will even connect a new PC to the net.
Do what DougC suggests, but you probably also need to thoroughly scan your PC for other viruses and trojans - if you want to do this for free, you’ll have to use several offerings in succession; there are a couple of good free online virus scanners (Panda ActiveScan and Trend Housecall), plus a good free installable one (Grisoft AVG Free), but all three of these are capable of finding things that the other two will overlook (which I suppose probably means there are things that all three will overlook.
Another good resources is Hijackthis - which allows you to see exactly what processes and programs are being started as the machine boots.
Good luck on cleaning up your machine and be prepared for a struggle - some of these bastards will only go with a struggle (I’ve seen a few that consist of multiple processes, any of which will resurrect the others, should they be killed or deleted.
I tried ZoneAlarmPro 3 and ZoneAlarmPro4 and spent hours trying to make them work - both of them had to have every single feature turned off for my internet access to work. I could not find a single feature that still allowed any web browsing.
I understand that routers can work as firewalls (if the capability is built in). All they do is check the port at which each packet is aimed, and only pass the ones you approve. Packets aimed at illegal ports never make it onto the LAN. A software firewall on a computer could not possibly do that - for one thing, the LAN would have to pass the illegal packets that far before the software can see them. Is this not accurate?
Say, anybody know how to choose what ports to enable? I have looked around a little bit for this and not gotten lucky.
Excellent advice overall, I think. (I know that sounds condescending, since I’m the one asking for advice.)
I already use AVG and HijackThis (I haven’t broken my computer with it yet.) Does Panda offer a downloadable virusscan?
Question for anyone, though… How does AVG compare to Norton?
Nearly in the friend-of-a-friend category, but one of my teammates at work had cable internet installed about twelve months ago. The tech took about twenty minutes or so to set it up, and as he was leaving the house, the guy’s computer started shutting down with what turned out to be the sasser virus. Weirdness.