I am running ZoneAlarm Pro 6.1 and am evaluating Kaspersky Anti-Virus 6.0. When I installed KAV, it requested permission to Act As a Server on a port or two. This made me a little nervous, since it's my understanding -- from reading numerous posts here, over the last two years - that opening those ports for use as a server would allow a hacker to gain control of my computer through them.
I figured I could create an Expert Rule in ZAP for KAV, followed by a second rule that would block all attempts from other sources to contact these ports; but Kaspersky Tech Support couldn't tell me the IP addresses of their servers that contact KAV on my computer. I asked about my concern in the Kaspersky User Forum, and three different people told me that it was not necessary to do this -- for example, one of them said that "only one process at the time can access certain ports (inbound ports)." In fact, I got the distinct impression
my concern had never come up before
-- let alone frequently, which is what I would have expected.
Kaspersky sells a firewall too, and although they are not very well known in the U.S., apparently they are quite well known in Europe and are highly regarded. If opening a port to act as a server creates a vulnerability that needs to be fixed via the firewall, I would have thought they would be familiar with my concern and how to deal with it.
So I have a few
- Is my understanding that if you open a port in ZoneAlarm for a particular program to act as a server, then it's critical to block all other programs from using that port, correct, or not?
- When a program is "listening" on a port you have opened for it, are sources other than the one the particular program is listening for normally able to access that port?
- If that is not normally true, can the program be written such that it is true? (Perhaps this is true for KAV, which is why it doesn't seem to be an issue anyone but me is concerned about.)
- After Kaspersky Tech Support said they couldn't tell me the IP addresses of their servers that contact KAV on my computer, they said "I think others have configured zone alarm to accept Kaspersky servers by using some kind of wildcard along with KAV." I figured out how to create an Expert Rule that uses a "wildcard" (i.e., 'any') for the ports and protocols, but it still seems to me that it would be necessary for the Expert Rule to specify something that identifies the source for which access
should be allowed -- is that correct, or is there some other way I could achieve this?
Operating System:Windows 2000 Pro
Product Name:ZoneAlarm Pro