Results 1 to 7 of 7

Thread: DNS, multiple listings in Alerts Logs

  1. #1
    computerconfuse Guest

    Default DNS, multiple listings in Alerts Logs

    Hi all. Thanks for being here. I'm running ZA free version 7.0.470, which is the latest version. Running XP Media Center service pack 3. First a simple and maybe too basic question that I couldn't find by searching the forums or the "net.

    When doing an ipconfig /all there are two lines not often seen when others post their results.

    DNS Suffix Search List. . . . . . : mytown.rr.com

    adapter Local Area Connection 2:

    Connection-specific DNS Suffix . : mytown.rr.com

    Most don't have these when they post their ipconfig and the fields are blank instead. Is it RR.com or do I have a configuration problem?

    Second, in Program Control, sometimes the file name lists the entire path, like c:\WINDOWS\explorer.exe, but at other times it might list it as simply explorer.exe without a path. Is ZA talking about the same program but just not listing the entire path every time depending on the connection or something?

    Do either of these "problems" need further investigation or configuration tightening?

    Thanks.

    Operating System:Windows XP Pro
    Software Version:7.0
    Product Name:ZoneAlarm (Free)

  2. #2
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: DNS, multiple listings in Alerts Logs

    I believe that RR is using a group of DNS servers, and instead of constantly changing the list on each connection, they maintain a single list, and each connection looks to it to get the IP address. As for the path, ZA authenticates either by path or by the MD5 signature. If its by MD5 then it doesn't need the path.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  3. #3
    computerconfuse Guest

    Default Re: DNS, multiple listings in Alerts Logs

    Thanks, Hoov, so RR works something like a domain and always keeps a DNS list handy? So it's not strange. Still, why and does it compromise anything like privacy? Just wondering.

    I'm still wondering though why ZA would sometimes us the path and sometimes the MD5 and then suggest to check the path first for valid/invalid programs. If ZA always used the path, bad programs in the wrong place would be much easier to spot. Using the MD5 makes since for confirmation that it is genuine, if I understand that correctly, but for the sake of simplicity wouldn't it make sense to confirm the path for the users and then alert if the MD5 wasn't right even if the path is right?

    Anyway, if all is good, I'll relax.

    Thanks for the reply.

  4. #4
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: DNS, multiple listings in Alerts Logs

    It shouldn't have anything to do with privacy, as it is still just doing DNS lookups.

    As for the difference in the authentication, It is possible that something got changed in the settings database. ZA is suppose to use one or the other, and only change when told to, and use the new method from then on.
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: DNS, multiple listings in Alerts Logs

    Guru Hoov.
    Just wondering.
    File path and MD5 coud be arranged as to whether when the explorer.exe is a parent or a child process?
    Best regards.
    Oldsod.
    Best regards.
    oldsod

  6. #6
    Join Date
    Dec 2002
    Location
    Mikado Michigan
    Posts
    2,596

    Default Re: DNS, multiple listings in Alerts Logs

    Not sure if that could happen, as Explorer.exe will only show up in the program list and not in the process list, at least I have not seen it there yet. So even if it was a child process, it would be treated as a program by ZA.

    But you did get me to thinking about how it can change. If you set it to "Changes frequently" then it verifies by full path, or you can set it to check by full path, so if you also set it to verify components, then it might check both. Not sure.

    But computerconfuse, back to what I think you were asking, an MD5 check is default. Checking the path has to be manually set, and then you can only do it one program at a time. The reason for this is that if the MD5 is correct, then the path can change, but the program will maintain its integrity. If you set it to check path, then that is all it will check, it won't check the MD5. You can actually change the program, as long as the name is the same, then ZA will never know it. This is useful if you have a program that changes frequently. Some old virus scanners used to do this, and there are other programs that did it as well. I am not that sure there are many programs now that change frequently. Ccleaner does a full install when you do upgrades, but so far it just tells you it's a changed program, you tell it yes, and go on. But for most programs, checking the MD5 is the best choice.

    Does this help at all?
    My homes are SpywareHammer.com and DonHoover.net and BleepingComputer.com


    Consumer Security - 2011 & 2012

    Tilting at windmills hurts you more than the windmills.
    -From the Notebooks of Lazarus Long
    Senior of the Howard Families

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: DNS, multiple listings in Alerts Logs

    Well actually I wondered if the parent application is checked using file location or check sum. Same for the child application.

    But back to changing total sum of file topics, the asquared free does frequent files changes, thus I set to file path.
    The Firefox browser does seem to get a new version every month or so. It too needs to get the ZA to see the newest version.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •