ZoneAlarm can bite my shiny metal a....

Discussion in 'Chit Chat' started by Kevin, Dec 3, 2011.

  1. Kevin

    Kevin Oooh, something shiny!

    3,372
    912
    +1,240
    So today I am doing some work on an old WinXP machine browsing with IE8. Neither is something I enjoy doing very much. I was checking out some of my sites to make sure there was nothing urgent going on when, much to my chargin, ZoneAlarm throws up a huge yellow banner at the top of the screen saying that "This web site is suspicious." and to "Leave now unless you know this site is safe." Um, what?! :confused:

    Clicking on the "Read More" link throws up a big dialog box with more warnings of gloom & doom. It isn't until you get to the bottom you see why it gave the warning: It is a domain registered less than 3 months ago and is not using SSL.

    In the WinXP world ZoneAlarm is still immenesly popular; I can't help but wonder how much this is affecting potential visitors. The typical visitor that the site in question would be going after is not the tech' crowd and would include everybody from teens to grandmothers. :mad:

    View attachment 1019
     

    Attached Files:

  2. captainslater

    captainslater translates everything

    157
    33
    +9
    OMG - I used ZoneAlarm 10 years ago and it was bad.
     
  3. Kevin

    Kevin Oooh, something shiny!

    3,372
    912
    +1,240
    Yep, I used to use it for years on my WinXP boxes. Seems like after CheckPoint bought them out and redid it, it is a lot more bloated and is basically a shill to buy their full-blown packages.

    Unfortunately a lot of WinXP users still use it. :(
     
  4. zappaDPJ

    zappaDPJ Administrator

    6,886
    1,432
    +5,500
    Some years ago ZoneAlarm provided a moment of pure genius which I dined out on for years. One of my admins decided upload and install it to all my remote servers in order to make them more secure. ZoneAlarm installs with all ports closed by default thus making my servers so secure even the server provider was locked out. An engineer had to be dispatched to docklands at great expense to clean up mess. The admin was never allowed to forget his blunder :D
     
  5. Wizzard

    Wizzard ADX Dungeon Master

    1,321
    317
    +47
    I use comodo now, have done for over a year, zonealarm was good years ago.
     
  6. kevcj

    kevcj Adherent

    304
    90
    +15
    Get a hardware firewall and get rid of those software firewalls.

    I wonder if the site age had something to do with the warning? Maybe zone alarm is suspect of new sites?
     
  7. Kevin

    Kevin Oooh, something shiny!

    3,372
    912
    +1,240
    You didn't happen to read the second paragraph I posted? ;)
     
  8. Caliope

    Caliope 70's Fashion Icon

    3,198
    667
    +410
    I used to use ZoneAlarm years ago, it went screwy on me and blocked all internet access. Using a different laptopI was able to get the info needed to remove the software. I now use the security package provided by Virgin Media and Mrs Barry has Windows Firewall/Defender and AVG Free Edition.

    So far we have been infection free (although I am questioning various lumps and bumps) and see absolutley no reason to pay for security sofatware.
     
  9. Desu87

    Desu87 Adherent

    295
    127
    +124
    Most people can get by with just Windows Firewall and Microsoft Security Essentials (Much better than most AV, and not as resource intensive).
     
  10. meetdilip

    meetdilip Tazmanian Master

    6,675
    642
    +733
    No, Windows Firewall is too basic for the current threat levels. It is meant for computer illiterates who find it difficult to manage even a basic two way firewall.
     
  11. Brad

    Brad Meh

    5,956
    1,177
    +1,267
    I moved away from things like that application, and anti-virus software, and all that other snake oil.

    If you have an old machine laying around and you don't mind getting your hands dirty you guys should look into building a small computer running linux or *BSD. Basically, its a home made firewall (no monitor plugged in, although you could use one). You can manage it from any computer on your local network.

    Set-up looks like this:

    Cable/DSL modem -> Your homemade "firewall" -> router (could use a switch here, most won't) -> all PCs on the network.

    Hell, if you want to put a bunch of NICs and a wireless card in your homemade "firewall" you can drop the router from the equation too! I wouldn't go that route though, just because its cheaper and complicates the homemade "firewall" and you'll need a larger case.

    Anyway, with this custom machine you can block all the bad stuff, ads, whatever. You can do traffic shaping, which means if you can give certain data higher priority than other data. For example, on my network it looks something like this:

    - VOIP traffic (home telephone)
    - Web/E-mail/IRC
    - Steam/Xbox live/Wii traffic (gaming)
    - FTP
    - Bittorrent

    In that list the traffic at the top is always sent through before traffic lower down the list. This way you don't drop a phone call because someone decided to fire up a torrent on the network. You also don't lag in your FPS game because someone decided to be greedy and start downloading something from a shady FTP server. (note: I got lots of friends that love to come over and "rape" my cable line, it got so bad, I had to block a few of them via MAC address and no longer publicly broadcast my wireless network).

    There are more rules, but that's just a simple example. You can go really crazy with it, like, if you have a kid in the house you can limit what they can and can't do based on the traffic (so you could block xbox live and facebook if they've been naughty).

    With a machine like this you don't need to install all that junk on your Windows machines anymore that just sits there and eats up resources. Every machine on the network is protected, be it a phone, Windows PC, Mac, PC running linux, a gaming console, your TV....whatever.

    Its also helpful for blocking "drive by hacking" attempts. By blocking certain IP ranges you can prevent your machine from getting "own3d" before you can apply the proper patches.

    If you're interested in building one of these let me know. ;) BTW, you don't have to go all out and build a new machine, depending on your router, you might be able to flash some custom firmware and get most of these features.
     
  12. meetdilip

    meetdilip Tazmanian Master

    6,675
    642
    +733
    Very nice setup Brad. But won't you get infected even if you are on a network through a Linux PC ? If you plug in a USB drive with a malware, it could easily download more harmful ones even though your server runs on Linux and make your PC a bot or steal your credit card credentials. Blocking public broadcast of IP work only with Windows WiFi scanner, there are good tools which can detect even if you do not broadcast your SSID.

    An easier way is to use a Linux live CD and browse from it when you need to be secure.
     
  13. Brad

    Brad Meh

    5,956
    1,177
    +1,267
    I'm aware of begin able to "pick up" hidden networks with wifi, I hack into peoples routers for fun sometimes (I don't do any damage). WEP I can crack in seconds thanks to a tool, WPA I can get into with some tricks. My friends that I needed to control aren't smart enough to do that stuff. I'm out in the woods too, so no one to worry about really. If I wanted to get anal about it I could block everything but my own machines though. ;)

    You can get infected yes, but security is about the user not the malware/spyware/virus/whatever.

    The "firewall" is mainly for network stability, and blocking "bad" ip ranges. Lists of "zombie" computers are kept and circulated so you can drop them into your list of blocked IP addresses.

    Most windows PCs that aren't patched are hacked by these zombie computers, so by placing such a machine behind a firewall such as this one you can safely hook up to the internet and download/install the patches you need.

    All anti-virus programs do is catch something after the fact, I personally think the focus should be not letting it get in in the first place.

    Lets take your example of a thumb drive: Why do you allow it to automatically run programs on it in the first place? My linux machines won't allow this, in fact, I can delete the "virus" for you and make the thumb drive "safe" for a windows machine via any linux box.

    But lets assume you don't have linux and just use Windows, again, why are you allowing thumb drives to auto-run applications? This can be prevented, just don't run as administrator and turn that feature off. I can't remember how off the top of my head but you can search around for it and find it on google I'm sure.

    My point is to me it seems like most people are not proactive about protecting their PCs and data. They think "oh, I got Norton so I can't get a virus", then 3 years later the computer is slow and they throw it away and buy a new one. I see this happen all the time. If we can get more people proactive about security (Windows users I'm looking at you!) we could really put a dent in the number of zombie machines out there.

    So basically:

    - Don't run as admin/root unless you have to.
    - Always stay up to date with the latest patches
    - If you can, invest in some type of security on your network. Be it a router, a hacked router, or a custom PC like I've been ranting about.
    - Don't assume any media is safe (CD, Thumb drive, floppy, etc) and ALWAYS mount it "safely" meaning don't allow it to auto-run an application.
    - Block ads. I know a lot of you depend on them, but a lot of sites sneak in malware via ads.
    - Keep flash up to date and run "flash block" inside of your web browser if a plug-in exists for it. Flash is a common way of sneaking something in. Only run flash files from sites you trust.
    - Use strong passwords, change them often.
    - If you do get a virus, there are free scanning tools out there you can use that will tell you what you have. There are also live CDs you can use in case a root kit or something got installed. Use these tools, figure out what you have, and follow simple instructions to remove (probably clicking a few buttons ;)). Don't buy the snake oil when you can get something better for free.
    - Clear the history/cache in your web browser and on the rest of your computer often. Don't leave files laying around with credit card info in them.
    - If you have data that you really don't want on your HDD all of the time buy an external USB 2.0 HDD (they're cheap now) and use that to store said data. When its not in use un-mount it and store it somewhere safe. Now all your important files are in a safe place at all time. :)
    - If you have a really bad infestation of malware/spyware/viruses/etc on a Windows machine don't try to "save" it, it takes forever and if you miss one tiny thing the "virus" might just replicate itself and keep on chugging a long. Instead, format the HDD, I mean write all 0's to that sucker, then re-install the OS (maybe try Linux? ;)).
    - If you're really paranoid, you can use full disk encryption on any computer with some free tools. This works for all operating systems.

    I kinda got on a rant there didn't I? :) Anyway, this is what I do, 12 years running and I've only caught a computer bug a handful of times, and all of those was me doing something stupid and were easy to fix. :)
     
  14. meetdilip

    meetdilip Tazmanian Master

    6,675
    642
    +733
    Very nice write up Brad, you seem well informed. It helps a lot if you are working on Linux, but Linux machine (in my opinion) does not serve the purpose of being a hardware firewall if you are working on a Windows machine connected to it. Instead, you can use a firewall (free one too work well) and give better control on what is connecting net from your PC.
     
  15. Michael

    Michael Fan

    741
    367
    +194
    But it gets so tiresome having to type in 'sudo' once every couple weeks or so. :D
     
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.