Results 1 to 10 of 10

Thread: If I'm not sure about a Zone Alarm alert pop-up

  1. #1
    tradehound Guest

    Default If I'm not sure about a Zone Alarm alert pop-up

    I hope I'm in the correct group?
    Whenever a ZA alert pops up, and I think I should allow it, but not sure:If I scan the folder that file is in and ZA says "no viruses found..."Is this good enough?
    Usually I Google the file name and size and if I find that exact size then I think I'm ok.
    But now I'm not sure.
    What if there is some virus where they made it exactly the same size as the legitimate file?
    So what do others do to Allow or Deny these alerts?Any advice would be greatly appreciated.

    Operating System:Windows XP Home Edition
    Software Version:8.0
    Product Name:ZoneAlarm Internet Security Suite

  2. #2
    garywa Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    Your question is very valid.
    I don't know that there is an easy answer.
    The popup alerts go beyond just viruses.
    I don't get that many alerts, but typically they are of a few general categories - a program trying to access the internet, a program trying to access privileged resources and a program trying to set itself to run at Windows startup.
    If I update a program that accesses the internet to a newer version, I will typically get an alert the next time I run the program because the version number is different.
    But since I know I did an update, I will click allow always.
    Sometimes I will get the access to privileged resources alert when I am installing a new program.
    If I trust the program I am installing, I will click allow.
    Only when the alert contains a program that I don't recognize will I stop and do some further investigation.
    I have to stop and read the whole alert message to fully understand the issue it is warning me about.
    If the alert says a virus or mal-ware has been detected, which I have rarely seen, then I would certainly stop and investigate.
    Do you have any specific examples?
    It might be easier using an actual example.

  3. #3
    tradehound Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    Well I have two that keep coming up every time I reboot:1. ATI is trying to act like a keylogger2. jusched.exe is trying to access Trusted Zone (or something like that)
    Now I do have ATI video drivers but I don't really want it tracking my keystrokes and when I deny it, things seem ok.But it comes up a lot even when I permanently deny it.
    And ZA alert logs show it every 2 seconds all day long - seems like this is slowing down my system - So actually I deleted all ATI software and re-installed just the video driver(s).
    So I think this one will stop bugging me.
    jusched.exe:
    Now I did update Java so I think this one is probably ok.
    But I'm still not sure because:When I updated Java and rebooted I clicked always allow for everything and it comes up again.And I can't find the size (in Google)
    that I show.And I figure jusched.exe is VERY common and malware writers probably use that name to fool people.And malware writers might have some way of detecting that you just installed Java and slip their malware in at that time.But I don't know anything about whether they can do this or not, I'm just not sure.

  4. #4
    garywa Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    Some of the best file information I've found is on http://www.file.net
    Just ignore the marketing stuff to download various scanners.
    The file information is very detailed, but not always 100% conclusive.
    Here is what I found for both of your examples:
    ATI: http://www.file.net/process/atiptaxx.exe.html
    Java: http://www.file.net/process/jusched.exe.html
    To compare, I have Java on my PC, so I checked out the jusched.exe file.
    It is in the C:\Program Files\Java\jre6\bin folder where file.net says it should be, not in the C:\Windows folder, which would make it suspect.
    By checking the file properties, the file size is 136,600, which is one of the known sizes.
    Hope this helps.

  5. #5
    tradehound Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    Thank you, I will use that site.
    Just a note:
    My
    jusched.exe is in C:\Program Files\Java\jre6\bin, but the file size is 148,888 and 151,552:Neither of these sizes are shown on that page http://www.file.net/process/jusched.exe.htmlSo now I'm still not sure about that file.
    Also I tried to find that file on Java.com and Java.net, but I couldn't find it.
    Oh well, I'll just deny it and turn off the scheduler.

  6. #6
    garywa Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    According to the runscanner website, 148,888 is one of the known file sizes.
    Also, your file is located in an expected sub-folder, not the Windows folder.
    I guess no single website has ALL the information about these files.
    That would be too easy for us users.
    http://www.runscanner.net/fileinfo/jusched.exe.html
    You can also go into the file properties and check the Digital Signature.
    Just click on the name to select it and then click on the Details button to bring up the information.
    From there, you can click on View Certificate to make sure its authentic.
    From everything you've described, I think the file is OK.

  7. #7
    tradehound Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    I never thought of checking the digital signature.
    Thank you so much!!!
    I didn't even realize there was a signature on files like this, I always thought they were only
    for web sites, activeX, etc.
    Also thank you for that other site:
    http://www.runscanner.net/
    Yes, I will just "always allow" it next time.
    You have been a BIG HELP.
    Thank you VERY much!

  8. #8
    garywa Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    You're welcome.
    Glad it helped.
    Like I said, your question was legitimate and one we users shouldn't take lightly.
    Allow or Deny, that is the question!!!

    Message Edited by garywa on 02-26-2009 05:28 PM

  9. #9
    tradehound Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    Now that I'm using your great advice.
    I'm wondering about the digital signatures:
    If it has a digital signature that says it is "OK", is that enough to go ahead and Allow it?
    Is there ever a time when malware might have a "valid looking" digital signature?
    Can they ever fake it?What do you think?
    P.S.
    I posted this question in the "Windows and ZoneAlarm Messages and Alerts" forum:http://forum.zonelabs.org/zonelabs/b...hread.id=21090
    But I'm thinking that is the wrong forum, so I'm kind of "re-posting" it here(Sorry, I don't know how to delete or move that other post).

  10. #10
    garywa Guest

    Default Re: If I'm not sure about a Zone Alarm alert pop-up

    Your question does not have an easy answer.
    It probably is its own field of study and way beyond my scope of knowledge.
    Here is a Microsoft article that touches on some of it, with links to other related topics:
    http://windowshelp.microsoft.com/Win...840111033.mspx
    It comes down to trust.
    Where did I get this file and do I trust the source?
    If I know the source and have verified something about the file after checking with the file.net website, I will allow it.
    Let me put it this way, I have never NOT allowed one of these popup alerts because I check first before downloading and installing any program.
    I try to be careful without becoming paranoid about it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •