Results 1 to 9 of 9

Thread: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

  1. #1
    frac Guest

    Default aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    When I first boot my computer in the morning I get a message that my computer might be vulnerable.
    The message goes away once ZoneAlarm is loaded.
    Is there a way to insure that ZoneAlarm is loaded before the computer connects to aDSL?
    Is this a big issue?

    Operating System:Windows XP Home Edition
    Product Name:ZoneAlarm Antivirus
    Software Version:6.0

  2. #2
    billc Guest

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    What is the source of the alert, do you know? The firewall engine in Zone Alarm is one of the very first applications to start as a 'service' in the boot sequence. What you 'see' start is the ZA control panel which starts later.You are not at risk when you first boot.

  3. #3
    frac Guest

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?



    I can't identify the source of the message.
    When I boot
    a red shield comes up in the lower right portion of my screen with a X in it stating that ZoneAlarm Firewall is turned off.
    Then the message in the middle of my screen says that ZoneAlarm is loading and after about 30 to 45 seconds the red shield and the warning goes away and it appears that I am protected.
    I appreciate your response and hopes this helps.

    Best Regards from North Padre Island, Texas



  4. #4
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    Guru Bill is correct but its unwise to think you are safe at any time. ZA (or any software firewall) only makes you SAFER, not SAFE.

    ZA does a very good job but it is still hamstrung by the vulnerabilities in Windoze. Remember ZA only protects against internet access, and checks program integrity when programs get loaded from disk. It does not test programs already IN memory but it will prevent those processes from accessing the net directly, or (ZA Pro only) via other programs to send information out.

    For example, I know of a keylogger that loads itself as one of the very first processes (before ZA) and immediatelty after starting, deletes all references to its existance from both the process list and the registry. It sends data via your web browser using Port 80 (which is already given internet access). It is also one of the very last processes to shut down which it does only AFTER everything else has been uloaded (incluing Anti-virus and anti-spyware etc). Just prior to finally uloading itself, it writes its own startup information back to the registry without being detected.

  5. #5
    billc Guest

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    OK, now I think I understand and from what you've said, it appears that for some reason, ZA is not loading as fast as it should. I'd suggest you uninstall ZA then make a fresh install to see if that will fix the problem. First download and save the version of ZA you want to install. Next go into the start menu locate the zonelabs entry and right click on the uninstaller and select properties. Now in the target box you must add a space and then /clean to the end so that it looks something like this "C:\Program Files\Zone Labs\ZoneAlarm\zauninst.exe" /clean click apply and then OK. Next open ZA and turn off the load on boot option, then reboot and then run the uninstaller.This should get rid of all of ZoneAlarm. Now go to your windows temp folder and delete everything. Find the folder named Internet logs and delete it then empty your recycle bin. Now run the installer you just downloaded and select a 'clean' install if you are asked. Does the warning still appear after a reboot?

    BTW, FereOP is right in that a firewall only makes you safer, not 100% safe. 'Safe computing' like 'safe s*x' is always prudent!

  6. #6
    edgecliff Guest

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    OK so how can one detect something like this? In the registry somehow?

    I have the same issue as frac, except I have cable. Hypothetically (I'm looking for worst case scenario here), if someone were to manually install on my computer some sort of spying software ( eg that reads contents of my disks and sends it out) how would that be detected? Also, can I look at my startup sequence to see where ZA kicks in?
    For example my windows Me laptop crashes regularly (mainly because of one troublesome shareware) and it goes into scandisk on startup, before windows comes up - but the network light is on. Of course this can take a long time (I could override but it seems like a good idea) and if ZA hasn't kicked in at this early stage, then that's a big vulnerability.

  7. #7
    frac Guest

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    Thanks, that seems to have fixed the problem.

  8. #8
    Join Date
    Mar 2004
    Location
    Brisbane, Australia
    Posts
    645

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    <blockquote><hr>edgecliff wrote:
    OK so how can one detect something like this? In the registry somehow?
    <hr></blockquote>
    Nope. Can't be detected except by doing a full disk scan with your AV. Bear in mind, that files and directories can hide themselves from AV's too as we saw with the Sony rootkit.
    <blockquote><hr>..if someone were to manually install on my computer some sort of spying software ( eg that reads contents of my disks and sends it out) how would that be detected?
    <hr></blockquote>
    By using multiple up to date AV's and anti-spyware products to give you the widest possible coverage etc. Remember, these detection programs only work on known threats and its very easy to modify a threat program and individualise it to make it undetectable but its almost impossible to make it detectable to everything simultaneously. Be aware that PestPatrol is particularly vulnerabe but PestPatrol's MemCheck is excellent at detecting the loading of threats into memory and will detect a trojan unloading its payroll.

    The best protection is your own common sense. Secure your computer against unauthorised access and be very careful when downloading and installing software.

    To prevent stuff getting out during the boot sequence, unplug your computer from the network until everything is loaded. At least then you can be sure nothing will get out during startup. Just be aware that a process called &quot;dll injection&quot; can bypass ZA and hijack legitimate programs to send data out. Using a program like TCPView from SysInernals will show you all the net connections that your computer currently has and help you monitor net traffic.

  9. #9
    edgecliff Guest

    Default Re: aDSL connects before ZoneAlarm on boot up -am I vulnerable for that 30 to 40 seconds?

    &gt;To prevent stuff getting out during the boot sequence, unplug your computer from the network until everything is loaded. At least then you can be sure nothing will get out during startup.

    Yes I've been trying to do that but don't always remember, so it is pretty useless. Would only work if it did it automatically, eg if I was set up so thatI had to software-connect to the intrnet each time I booted.

    So what are the chances that zonealarm is not operational while scandisk is operating automatically after a crash?

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •