Results 1 to 10 of 10

Thread: Zonelabs Forum, I have always been confused by Programs...

  1. #1
    kathym Guest

    Default Zonelabs Forum, I have always been confused by Programs...

    Zonelabs Forum,
    I have always been confused by Programs settings. I've read the blogs and advice- but am still confused.On one hand it seems smart of Zone Alarm to offer 'recommended settings'... and I would
    have hoped that I can trust these settings, but I cannot, as noted
    from the advice I read by Zone Alarm users and experts!

    I read via the experts that very few if any programs should have server rights, yet this is what Zone Alarm does.
    ..
    green checks across the board.
    I reset my Programs' rights --and they change.
    Here is my first question...RE: McAfee Virus scanner and all of its components... auto update, online scanner, integration tools, hacker watcher etc.
    I want McAfee to be able to do its job - and I've noticed that when I restrict it, there are lots of requests for server rights. Sadly, Zone Alarm is quiet concerning what is recommended for McAfee. If I am confident that McAfee is not hacked and I have no viruses... should I give it carte blanche?
    Secondly... am not clear on Server rights Internet vs. TrustedExample:
    What would be an instance of
    Internet Explorer acting
    as
    Trusted Server or Internet Server?Currently Windows Explorer has
    Trusted Server rights.. Is this a bad thing?
    I downgraded Internet Explorer to only have first 2 check marks:
    Access (Internet & Trusted)
    Microsoft Feeds Synchronization set itself with 5 Green Checkmarks across the board- should I be concerned?
    If this is not recommended then Zone Alarm is not protecting me with these settings. I think I understand I should turn off Auto set, and manually adjust.
    I waited a very long time to renew my old Zone Alarm Pro... hoping that when I did - the Programs settings issues would be more intuitive and less confusing... and not tell me that I don't have Virus Scan software computer when I do.
    Any advice is greatly appreciated,Thanks,Kathy

  2. #2
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonelabs Forum, I have always been confused by Programs...


    <blockquote><hr>kathym wrote:
    Zonelabs Forum,
    I have always been confused by Programs settings. I've read the blogs and advice- but am still confused.On one hand it seems smart of Zone Alarm to offer 'recommended settings'... and I would
    have hoped that I can trust these settings, but I cannot, as noted
    from the advice I read by Zone Alarm users and experts!

    I read via the experts that very few if any programs should have server rights, yet this is what Zone Alarm does.
    ..
    green checks across the board.
    I reset my Programs' rights --and they change.
    Here is my first question...RE: McAfee Virus scanner and all of its components... auto update, online scanner, integration tools, hacker watcher etc.
    I want McAfee to be able to do its job - and I've noticed that when I restrict it, there are lots of requests for server rights. Sadly, Zone Alarm is quiet concerning what is recommended for McAfee. If I am confident that McAfee is not hacked and I have no viruses... should I give it carte blanche?
    Secondly... am not clear on Server rights Internet vs. TrustedExample:
    What would be an instance of
    Internet Explorer acting
    as
    Trusted Server or Internet Server?Currently Windows Explorer has
    Trusted Server rights.. Is this a bad thing?
    I downgraded Internet Explorer to only have first 2 check marks:
    Access (Internet & Trusted)
    Microsoft Feeds Synchronization set itself with 5 Green Checkmarks across the board- should I be concerned?
    If this is not recommended then Zone Alarm is not protecting me with these settings. I think I understand I should turn off Auto set, and manually adjust.
    I waited a very long time to renew my old Zone Alarm Pro... hoping that when I did - the Programs settings issues would be more intuitive and less confusing... and not tell me that I don't have Virus Scan software computer when I do.
    Any advice is greatly appreciated,Thanks,Kathy

    <hr></blockquote>


    First, trust in the security applications. Allow these as the alerts are not pretend but true real life events and this is what it is doing or needs just to properly function.

    Second. yes this is okay for the Windows Explorer to have Trusted rights. The same applies to the Internet Explorer.

    Okay now for some explainations.

    Trusted Server and Trusted Access includes the loopback (127.0.0.1) and the non route (0.0.0.0) of the localhost (internal address of the PC). Neither the 127.0.0.1 and the 0.0.0.0 really go anywhere and are just used for connections inside of the PC and nowhere else. These are absolutely safe and secure.

    The DHCP server (router or gateway) is also Trusted Zone (either access or server) and it is not internet and strictly home network. This is safe and secure for either access or server.
    The DNS server(s) is also the Trusted Zone. The DNS server(s) is more than likely the servers from your provider or even the gateway (router) if it can act as an a DNS server. The DNS server is the name of the URL converted into the code needed for the applications to reach the web sites/updaters/servers/etc. This is safe and secure for either access and server.

    Access is just the allowed out connections and Server is allowing incoming connections (without any previous contact from the application first initializing the connection).

    Internet access is just that - access to the Internet site/server. But the Internet Server actually open ports to the internet sites/servers. This can be risky, but applications such as the Microsoft Feeds Synchronization will need to allow incoming connections, so yes this probably does need to have the internet server rights. Just always remember the Internet Server opens ports to the internet and can be a risk, whereas the Trusted server open ports to only the trusted sites only and the trusted server is never a risk.

    Turn off the ZA Antivirus monitor! It is a waste of space and PC resources - not needed and it is a sales pitch to sell the ZAISS or ZA AV. The windows security center monitors the AV and the AV itself does a good jopb of monitoring it's own updates.

    Which old ZA Pro you using? I still have ZA Pro 5.5 running (with out any renewal or subscription).

    Oldsod.
    Best regards.
    oldsod

  3. #3
    kathym Guest

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    Hi Olstod,
    Thanks for your reply. I have had Zone Alarm for a long time. I was last running Pro version 6.5, and finally upgraded two days ago to new version. I think what did it for me is that there were so many mysterious entries in the Programs list and it made me nervous. One of these had no name, zero bytes, no information under Properties (or path) - yet kept setting itself with Server Rights.
    So - my reason was
    to gain an updated Programs functionality, etc.You are right... I don't use Zone Alarm's virus monitoring... except I do have it set for outgoing emails.Recently I discovered a trojan on my PC... ExploitByteVerify,
    I don't know about others - but I take this personally! I believe it is truly gone, but am still skiddish (I feel so invaded). So, I am rethinking my habits and am becoming a bit paranoid... All mobile code OFF, which is very inconvenient.
    Granted, at the time I didn't have the latest Windows Updates.
    I do graphic design and need to 'view source' of webpages. Every time I updated IE7 - I lost the functionality to do so, and also Zone Alarm kept telling me that my mouse actions were being monitored. These 2 reasons kept me reverting back from Microsoft Updates. I recently did install all updates - and happily, I am not receiving these alerts anymore - and can still &quot;view source&quot; in notepad.What I do wonder about is if I am all patched up and running up-to-date AV (my Virus Scan software is and has been up-to-date) if I should go back to allowing Mobile Code. The thing is - I do visit alot of webpages... and download shareware. Of course, I scan it before installing it. I believe that the trojan I had was from visiting a malicious page.I think I understand a bit better Server Rights (Trusted/Internet)... Thanks.

    I know questions will come up. I am thankful there are Forums and knowledgable people out there
    Kathy

  4. #4
    kathym Guest

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    Oldsod,
    Just a few more quesions if I may. I've been doing some more reading and Googling here.
    Firewall Zones:Internet Zone Security
    - HighTrusted Zone Security
    - Medium? High? (this was defaulted to Medium) If I set to High will this create any problems?
    When I set up my new installation - I set my &quot;New Network&quot; as Internet. I think I heard this is more secure.
    Do you foresee any problems with functionality if I set &quot;Generic Host Process for Win32 Service&quot; as Trusted Server (and remove it as Internet Server?)Same goes for McAfee? Is set as Internet Server... (I think the program needs this ability)
    Does anyone here use McAfee? Also why do these programs need the &quot;Send Mail&quot; ability? Should I de-select this?
    Thanks again,Kathy




  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    <blockquote><hr>kathym wrote:
    Hi Olstod,
    Thanks for your reply. I have had Zone Alarm for a long time. I was last running Pro version 6.5, and finally upgraded two days ago to new version. I think what did it for me is that there were so many mysterious entries in the Programs list and it made me nervous. One of these had no name, zero bytes, no information under Properties (or path) - yet kept setting itself with Server Rights.
    So - my reason was
    to gain an updated Programs functionality, etc.You are right... I don't use Zone Alarm's virus monitoring... except I do have it set for outgoing emails.Recently I discovered a trojan on my PC... ExploitByteVerify,
    I don't know about others - but I take this personally! I believe it is truly gone, but am still skiddish (I feel so invaded). So, I am rethinking my habits and am becoming a bit paranoid... All mobile code OFF, which is very inconvenient.
    Granted, at the time I didn't have the latest Windows Updates.
    I do graphic design and need to 'view source' of webpages. Every time I updated IE7 - I lost the functionality to do so, and also Zone Alarm kept telling me that my mouse actions were being monitored. These 2 reasons kept me reverting back from Microsoft Updates. I recently did install all updates - and happily, I am not receiving these alerts anymore - and can still "view source" in notepad.What I do wonder about is if I am all patched up and running up-to-date AV (my Virus Scan software is and has been up-to-date) if I should go back to allowing Mobile Code. The thing is - I do visit alot of webpages... and download shareware. Of course, I scan it before installing it. I believe that the trojan I had was from visiting a malicious page.I think I understand a bit better Server Rights (Trusted/Internet)... Thanks.

    I know questions will come up. I am thankful there are Forums and knowledgable people out there
    Kathy
    <hr></blockquote>


    Lots or most of these "strange" or mysterious files in the ZA program list are just installer files found in the Temp folders found in the Doc's and Settings or in the Windows Directory or in the installer folder of the Root directory. At the time of installation, these did call out and probably needed inbound connection from various servers - this would include verifing the root certificates, getting updates/upgrades, patches, other data needed for the installer or getting data needed for completing the installation, etc. These installations would include things such as the Sun's Java installation and updating, windows updates, almost anything allowed on the PC needing updates and of course the many application that you are always busy installing and adding.
    A rule of thumb is install and finish the installation and then after the reboot, then open the ZA Program list and have a look at the new entries - see what is new or added. This tells a lot. Remove the installer or temp entries and always leave thenewer main application entries.

    To remove the dead entries, first run the disk clean up utility or a file/reg cleaner such as CCleaner and then manually remove the dead entries.

    If you wish to actually completely clean the ZA (assuming you kept the old entries in the ZA upgrade and opted out of the clean installation). then do this:
    [*]Boot your computer into the Safe Mode[*]Navigate to the c:\windows\internet logs folder[*]Delete the backup.rdb, iamdb.rdb, *.ldb and the tvDebug files in the folder[*]Clean the Recycle Bin[*]Reboot into the normal mode[*]ZA will be just like new with no previous settings or data

    But be advised, it will be the same as a fresh installation with no previous settings or entries! You will be starting completely fresh as if the ZA was first installed and there never was a ZA installed on the PC before.

    Usually I keep a "clean" backup of the ZA firewall using the ZA Backup found in the ZA | Overview | Preferences | Backup and Restore Security Settings and use the Backup button to save an .xml file for future uses. My "clean" backup includes any rules I made and the personal settings and some basic/needed entries in the ZA Program listing.
    This way I purge any unknown junk and basically start fresh with the basics. Also if doing the ZA databse reset as described above, the Restore will always immediately bring back my "need to have list and rules and settings". Occasionally some vital and needed entry has changed file size or check sum(or even location), so I then edit/change the backup'd Restore and then immediately create a newer/updated Backup.

    Disabling the ZA Antivirus monitor is good , but the "setting for outgoing emails is in the E-mail Protection" is often questionable. Since some antiviruses will not just monitor the incoming email/attachments but also the outgoing, so it may be adviseable to completely disable the ZA E-mail Protection for not just the Inbound MailSafe Protection but also for the OutBound MailSafe Protection.
    This will reduce the possible conflicts of having two powerful applications trying to the same job at the same time.

    Exploit Byteverify technically is not a virus or troyan (or a cws) and usually is best described as an exploit of the java virtual machine. Usually cleaning the java cache or uninstalling the java and running CCleaner will remove the problem. And then reset the home page, default search engine and then run a full antivirus scan. If the Exploit Byteverify is still found in the System Volime Information , then disable the System Restore and reboot, do a scan/remove with the antivirus and reboot and re-enable the System Restore.

    The Exploit Byteverify can be avoided (for Internet Explorer users) by disabling the use of Java globally in the ZA Privacy's Mobile code ( ZA Privacy | Mobile Code | check the "Embedded Objects (java, activeX) and Apply and OK). Also keeping the Java updated to the latest verision helps a lot to prevent exploits. Java itself can be completely disabled in the Internet Explorer, but this is usally counter productive to say the least.

    A new feature in the Zone Alarm is the OSFirewall found in the ZA | Program Control |Main | Custom button...

    <center></center>

    Just left click the entires under the State column and even having the listed items set to Ask is still a higher level of the previous protection. Usually the Ask setting is the most problem/worry/hassle free setting and yet still offers higher security.

    I seldom use the Internet Explorer and the View Source (actually just is called Source in the Opera) in the Sopurce Opera is actually a full and complete, very readable page. (typing in opera:cache in the address bar of opera does show all of the files with their urls in the cache or the browser's folder). But then, I do not do any web site work or web graphics, so I would probably instead use the IE for the task.

    <center></center>

    Although opera will take several months to find all the tricks and tweaks and still is not as compatible with some sites as the IE 7 is (although the IE8 may change very well this old axiom). But may web site developers/designers have had issues with the ZA Privacy. Since usually having allowing all types of the cookies and all scripts does solve the site problems for developers/designers. Plus the Privacy is basically geared towards the Internet Explorer and still works best for it - although this does not help you with the Privacy/IE problems.

    Internet Explorer 7 upgrade from the older Internet Explorer 6 was troublesome for many users and the actual upgrade was best done with all security applications fully off or disabled. This may be the original source of the IE updating issues you still experience.
    The ZA warning of the mouse actions of the Internet Explorer most certainly should be allowed, as the ieframe.dll (in the windows directory) does need to "hook in " and so do a few other IE files found in the Internet Explorer's Program Files directory. These alerts most certainly be all allowed. The ZA does detect any mouse or screen actions (or hooks) from all applications as this is the function of the "antikeylogger" detection/security of the ZA. But the IE or similarly any other safe program installed on the PC should have these allowed to let these function properly.


    Lets see if we can fix your Internet Explorer issues and make it run properly or perform better:
    [*]Give the Internet Explorer three green bars (super)[*]Then let it have the Trusted and Internet Access and the Trusted Server rights (or the green checks). The Trusted Server will allow the IE to be fully allowed on the localhost (those 127.0.0.1 and 0.0.0.0 addresses described in the first reply) and receive incoming UDP connections from the DNS servers (from port remote 53). These is always the best. You can set the Internet Server to Ask since your usage of the Internet Exporer is much more involved than the average user. Then Allow it to have the Send Mail rights.[*]Right click the Internet Explorer in the program listing and open the Options. Check the first two items listed and enable Privacy (if it appears), Apply and OK.[*]Then do the same for the rundll32.exe, explorer.exe, csrss.exe, services.exe, lsass.exe, winlogon.exe, userinit.exe, msiexe.exe, and of courxse for the svchost.exe.

    As for the Privacy question, the answer to me would be use the Privay and the filtering when browsing, downloading and such and then disable it when doing your particular job. Sort of an either off and on switching. As for general advice on safe surfing and some ideas of malware infections and preventions and safe hex, see http://forum.zonelabs.org/zonelabs/b...ssage.id=17114 ( a little something I put together some time ago).

    Oldsod.

    Message Edited by Oldsod on 03-15-2008 06:58 AM
    Best regards.
    oldsod

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    <blockquote><hr>kathym wrote:
    Oldsod,
    Just a few more quesions if I may. I've been doing some more reading and Googling here.
    Firewall Zones:Internet Zone Security
    - HighTrusted Zone Security
    - Medium? High? (this was defaulted to Medium) If I set to High will this create any problems?
    When I set up my new installation - I set my "New Network" as Internet. I think I heard this is more secure.
    Do you foresee any problems with functionality if I set "Generic Host Process for Win32 Service" as Trusted Server (and remove it as Internet Server?)Same goes for McAfee? Is set as Internet Server... (I think the program needs this ability)
    Does anyone here use McAfee? Also why do these programs need the "Send Mail" ability? Should I de-select this?
    Thanks again,Kathy




    <hr></blockquote>


    "Firewall Zones:
    Internet Zone Security - High
    Trusted Zone Security - Medium? High? (this was defaulted to Medium) If I set to High will this create any problems?"

    Absolutely correct to have the Internet Zone Security set to High unless you are doing some very special file/sharing or vpn over the internet.

    The Trusted Zone Security set to Medium is correct.
    The High should only be used if you are using a laptop on a public or unsecure network (hotspot, airport, hotel, visiting untrusted home networks, etc). Or if you have another untrusted PC/user on your home network. But under normal circumstances, this should be set at Medium.

    "When I set up my new installation - I set my "New Network" as Internet. I think I heard this is more secure."
    Actually this is a mistake or misconception many home users have and there is not truth to this at all.
    Your new network consists of usually the DHCP server (router/gateway) and this should be Trusted by all means or measures. Setting this to Internet does not make it any safer, since the DHCP has to still function as the DHCP with either the Trusted or Internet. Further more by using the Internet setting, this will actually reducethe ease of the needed incoming/outgoing connections and can even stop or slow/impede your usual network/internet connections.

    "Do you foresee any problems with functionality if I set "Generic Host Process for Win32 Service" as Trusted Server (and remove it as Internet Server?)"

    Normally the Generic Host Process for Win32 Service (svchost.exe) needs only the Trusted and Internet Access and the Trusted Server. Not the Internet Server. The only reason why the Generic Host Process for Win32 Service needs to have the Trusted Server is to allow the incoming connections from the DHCP (router or gateway) and the DNS (domain name host server- either your providers name host servers or the router/gateway). The Generic Host Process for Win32 Service does not usually need the Internet Server since the DHCP and the DNS are set as Trusted not Internet. If doing some file sharing or vpn over the internet, then the Generic Host Process for Win32 Service may need to have the and only then will it need the Internet Server.

    "Same goes for McAfee? Is set as Internet Server... (I think the program needs this ability) Does anyone here use McAfee?"

    The antivirus's updaters and the antivirus's email scanner files could or possiblely need Internet Server, but you could try these with just the Trusted Server allowed and disallowing the Internet Servers and see what happens. More often than not these do not need the Internet Server and the Trusted Server will suffice.

    " Also why do these programs need the "Send Mail" ability? Should I de-select this?"

    The McAfee can conceiveablely send an email report to the home servers for reporting a malware infection. Browsers and the email clients (and sometimes the IM clients) will need the Send Mail rights. As for the rest of the files, something such as a hardware file (graphics or video, sound, etc) or some windows utilities (defrag, etc) almost never need Send Mail rights.
    Furthermore on the McAfee issue, an example may be something like one antivirus needs the smss.exe to send mail, whereas another may be the ctfmon.exe to send mail and still of these two examples each will need other unusual files to actually send an email report. In each instance of the different antiviiruses, the ZA is "on the job" and working hard to allow only the processes needed for each of the unique antiviruses to send their email report.

    On the other hand, the number of applications and their differences is such an extraordinary number, it is impossible to keep track of and the Ask setting is superior to the Deny All and then find out something failed and cannot send mail.


    But these are "directly related applications" and please take into consideration the ZA checks all files involved in the Send Mail events. The application involved and the files indirectly involved in send mail are all under consideration.
    In this throughness of the ZA, certain files/applications such as the explorer.exe, winlogon.exe, userinit.exe, lsass.exe and many other could be involved in the actually email procedure. So the ZA is checking everything and every step of the way and never missed any of the files involved. Hence these are all usually set to Ask not the Deny by Defualt to first allow the user to actually recieve and send mail and secondly to keeep the Mail Protection to the maximum.
    The Ask will still prompt the user to Allow or Deny - if the ZA asked mail could be sent from a file the Temp folder, this would be very suspicious. Or perhap from a file called like something such as "iammalware.exe" from the windows directory. But a normal windows process in the normal course of using the mail from an alert from a normal windows file should be perfectly acceptable and deemed reasonable.

    Also to be taken into consideration is not just the processes or the events, but the large number of different network connections or networking arrangements. Many users are home users and have simple needs/netwroking, but there are numerous different arrangements which call for unusual files to send mail or even to function properly. A vpn user or some secured private network user may see the lsass.exe or the spoolsv.exe suddenly needs to have the Send Mail rights allowed or the the network mail begins to fails.

    There really is not telling what or how is needed for the Send Mail column, since the events and circumstances changes greatly from one user to the next.

    But the Ask is always very safe, since nothing is allowed unless the ZA Alert is allowed. A Default Deny in the ZA would cause too many mail issues. By having the Allow for the Default setting for the Send Mail would naturally be a security risk, so instead the Default setting is the Ask.

    Basically just do the mail and what has been allowed or asked to be allowed in the ZA is perfectly acceptable and any other should be considered questionable (unless the usual habits or network has been really changed).

    Oldsod.

    Message Edited by Oldsod on 03-15-2008 06:27 AM
    Best regards.
    oldsod

  7. #7
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    Kathy. Just keep asking and I will oblige.

    Oldsod.
    Best regards.
    oldsod

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    "On one hand it seems smart of Zone Alarm to offer 'recommended settings'... and I would have hoped that I can trust these settings, but I cannot, as noted from the advice I read by Zone Alarm users and experts! I read via the experts that very few if any programs should have server rights, yet this is what Zone Alarm does. .. green checks across the board. I reset my Programs' rights --and they change."

    After the last few posts the server rights for the Trusted and Internet should be a little more clear as to what and why is happening.

    Just open the ZA | Program Control | Main | Advanced button and under the Server Attempts, click the "Always ask before connecting" under both the Trusted Zone and the Internet Zone.
    This way what has been allowed with retain still the allow permission and any new server attempts will always be asked by the ZA and always require your approval.

    By now you have probably realised almost nothing really needs the Internet Server (except maybe the email client, maybe the antivirus updater and more than likely the IM client) and just the limited number of window files, browsers, updaters actually needs a Trusted Server right.

    Oldsod.

    Message Edited by Oldsod on 03-15-2008 08:26 AM
    Best regards.
    oldsod

  9. #9
    kathym Guest

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    Hi Oldsod,
    Thank you Thank you for your knowledge and abilities to explain this stuff.
    I am going to print out this thread and go over it. I probably will come back with some questions. Finally - I know I am going to better understand what for me, has been mysterious and guesswork.
    Because of my recent exploit-byte verify experience, I have become digilient and paranoid... such that my IE habits are now labored with unblocking javascript or granting/ungranting permissions for every little thing. Once I have a better handle on all of this, I can set things to be less cumbersome.
    I guess first, I will need to follow through on exploit-byte verify... I'm 99.8% confident it is gone. But yesterday I had a very strange experience that was either unlikely luck or something else is going on.
    I had just gone to the Java Update site and installed the latest Plugin for Java. Then feeling confident, I searched for a site to check my java vulnerability - with ZA to allow Mobile Code. From a Google Search - I landed on Secunia's subpage page (a cross-site scripting vulnerability test). Upon just landing on the page, without actually getting to or clicking on their test example... A PowerPoint Installation/Download began running from the page, which I couldn't close, cancel or stop. McAffee blocked it and called it a &quot;PUP&quot; as well as ExploitIESpoof
    Virus and also &quot;Window Popper&quot;. I wrote to Secunia, and they thought what likely happened was an instance of &quot;Driveby Malware&quot; via Google Listings.Usually, I take notice of the actual URL on a Google Search... so, I don't understand if the assumption is that Malware people flooded a page with Keywords to fool searchers into thinking they were going to Secunia's site (as the URL would not be Secunia's).
    Lastly, I have experienced this very same PowerPoint Installation/Download scenario before from visiting other websites. I'm guessing twice over the past 2 years. I've never read any description that described a Virus doing this. So, this just makes me wonder if this is coincidence or not.
    Again... Thank youKathy

  10. #10
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: Zonelabs Forum, I have always been confused by Programs...

    Kathy

    As a rule I never have javascripts of any kind enabled for my browsing and instead have only selected sites allowed the content. I then block all the rest.
    I used to use the ZA Privacy as the main filter and stopped using it and moved on to more complicated arrangements (that have more depth).

    When I did use the ZA Privacy, I just used all of my regular sites first and allowed all in the Privacy. Once all the needed sites (logins, forums, updaters, web mail, usual download sites, etc) were entered, then I changed the Privacy to the block all type of arrangement and surfed and enjoyed sites with confidence. This made it easier to use and much simplier.

    The cross site script vulnerability is usually based on javascripts. However javascripts are not only for web page enhancements, but also used for animations, web bugs, swf and swf banners/ads, sounds in pages, plugins for the browser and can be even sometimes under the MIME type objects or files. On rare occasions the IFrames exploits can be behind the cross site scripting exploits (besides which the IFrames can be exploited by many scripts or by browser vulnerabilites).

    Downloading can be a risk by itself. I usually download from the main/ proper or official web site and try to avoid any middleman type of sites. I always first download the file (.exe, .csss, ini, inf, dll, zip, tar, ppt, doc, mpg, jpg, etc) to a designed Download Folder and promptly scan the file with all available scanners. After seeing the file is clean, then I open or use the file.

    Google searches not only have malware links in the results, but the ads placed on the google search result pages can be for malware/malware sites as well.
    Myself, I use a dedicated IP blocker to block ads/banners/spyware and troyan sites/trackers/counters and of course the undesireable sites. I have over 2.8 billions IPs blocked off (and periodically keep adding more IPs). And yes this does work well for me. Plus I use my experience and knowledge to avoid the traps and bad sites.

    But aside from the av, fw, ip blocker and the web filtering and a more secure browser (than the IE), I use nothing else. I have no need for a dedicated antispyware scanner or it's guards. I still heavily reply on the opera with everything blocked globally and going to almost any malware/high risk site is still a safe and secure visit.
    Although I should point you to something like this:

    http://forum.zonelabs.org/zonelabs/b...ssage.id=17847

    http://forum.zonelabs.org/zonelabs/b...ssage.id=17849

    http://forum.zonelabs.org/zonelabs/b...ssage.id=17850

    http://forum.zonelabs.org/zonelabs/b...ssage.id=17851

    http://forum.zonelabs.org/zonelabs/b...ssage.id=17852

    You are very welcome and please just ask anything that has not been covered properly or needs some more details.
    The internet and networking has been assemblied so elegantly and is very rich with details, that it is really a man made world wonder.

    It is always good to ask for help.


    Cheers, Oldsod.

    Message Edited by Oldsod on 03-15-2008 12:40 PM
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •