Results 1 to 5 of 5

Thread: ZA Pro 6.1: Anti-Virus Program Wants to "Act As a Server" -- Critical to Protect Port from Hackers?

  1. #1
    damienb Guest

    Default ZA Pro 6.1: Anti-Virus Program Wants to "Act As a Server" -- Critical to Protect Port from Hackers?

    I am running ZoneAlarm Pro 6.1 and am evaluating Kaspersky Anti-Virus 6.0. When I installed KAV, it requested permission to Act As a Server on a port or two. This made me a little nervous, since it's my understanding -- from reading numerous posts here, over the last two years - that opening those ports for use as a server would allow a hacker to gain control of my computer through them.
    I figured I could create an Expert Rule in ZAP for KAV, followed by a second rule that would block all attempts from other sources to contact these ports; but Kaspersky Tech Support couldn't tell me the IP addresses of their servers that contact KAV on my computer. I asked about my concern in the Kaspersky User Forum, and three different people told me that it was not necessary to do this -- for example, one of them said that "only one process at the time can access certain ports (inbound ports)." In fact, I got the distinct impression
    my concern had never come up before
    -- let alone frequently, which is what I would have expected.
    Kaspersky sells a firewall too, and although they are not very well known in the U.S., apparently they are quite well known in Europe and are highly regarded. If opening a port to act as a server creates a vulnerability that needs to be fixed via the firewall, I would have thought they would be familiar with my concern and how to deal with it.
    So I have a few
    questions:
    - Is my understanding that if you open a port in ZoneAlarm for a particular program to act as a server, then it's critical to block all other programs from using that port, correct, or not?
    - When a program is "listening" on a port you have opened for it, are sources other than the one the particular program is listening for normally able to access that port?
    - If that is not normally true, can the program be written such that it is true? (Perhaps this is true for KAV, which is why it doesn't seem to be an issue anyone but me is concerned about.)
    - After Kaspersky Tech Support said they couldn't tell me the IP addresses of their servers that contact KAV on my computer, they said "I think others have configured zone alarm to accept Kaspersky servers by using some kind of wildcard along with KAV." I figured out how to create an Expert Rule that uses a "wildcard" (i.e., 'any') for the ports and protocols, but it still seems to me that it would be necessary for the Expert Rule to specify something that identifies the source for which access
    should be allowed -- is that correct, or is there some other way I could achieve this?

    Operating System:Windows 2000 Pro
    Product Name:ZoneAlarm Pro
    Software Version:6.1

  2. #2
    unhappy_viewer Guest

    Default Re: ZA Pro 6.1: Anti-Virus Program Wants to "Act As a Server"

    Kaspersky AV(KAV) has a history of always asking for server rights since version 4 or 5. If you go to the Kaspersky forums, the people there claim that ZA is the only firewall that says that sees KAV acting as a server. However if one uses Windows' netstat, the person would also see Windows saying that KAV is acting as a server.

    As far as configuring ZA with KAV, you wouldn't need to use expert rules. If you deny KAV server rights but just give it access rights to the internet zone, your KAV will still function normally since it never needed server rights to begin with.

    As for answering your questions:

    1) As long as a program is using a port, it prevents other programs from using it. So normally if you have programs that allow you to configure port number, ensure that you configure them not to use the same port especially if you are going to run them simultaneously.

    2) They have the potential to do so. If you have ZA, it analyses whether the data it meant for the program that is listening. If it determines that the data is not meant for the program, it drops the data. While its a good thing, ZA is known to also have been a bit too agressive when it comes to P2P program and dropping legitimate connections.

    3) Not sure what you mean.

    4) See 2nd paragraph for configuration tips.

  3. #3
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: ZA Pro 6.1: Anti-Virus Program Wants to "Act As a Server"

    Hi Unhappy_Viewer and damienb.

    A thread about this at kaspersky forum

    http://forum.kaspersky.com/index.php?showtopic=15116

    Oldsod

    BTW Server rights are given just for the Trusted and not the Internet Zone. Like I said before the router is the first firewall and the ZA takes care of the rest!

    Message Edited by Oldsod on 05-30-200612:10 AM

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Anti-Spyware
    Software Version:6.1
    Best regards.
    oldsod

  4. #4
    damienb Guest

    Default Re: ZA Pro 6.1: Anti-Virus Program Wants to "Act As a Server"

    Thanks for your reply.
    How do you know for sure that KAV never needed server rights to begin with?

  5. #5
    unhappy_viewer Guest

    Default Re: ZA Pro 6.1: Anti-Virus Program Wants to "Act As a Server"

    A program that acts as a server means to accept connections that the program itself does not request for. For pretty much all AVs, there is no reason why it needs to accept such connections.

    You will also know if a program needs server rights by firstlt denying the program that right. If the program fucntions normally, that means it does not need such rights to begin with.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •