Very strange problem with Zone Alarm Firewall, need help!

[TT]

Since some hours my PC is acting in a strange way... I tried to load a page and explorer was unable to load. In the meanwhile DAP stopped and I was kicked out from MSN and AIM...

I tried to reboot, nothing, reboot nothing.. connect-disconnect-connect.. nothing...

Did a virus scan of course.. nothing...

Pretty strangely, ICQ was working proprely and I was able to talk with people with it.. all the rest, dead...

So out of curiosity I tried to turn off Zone Alarm... and well, as you can see, everything is fine again... DAP, MSN, AIM, Explorer, everything...

But shit, I didn't touched a single option in ZA since when I first installed it a year ago or even more...

What should I do? To surf w/o a firewall is not really great... but if I try to open it, I can't surf the net...

I tried to find something inside it... but well, the big "STOP" button used to cut the link to the net is not activated.. the DSL modem is part of the trusted zone that has no restrictions... all the programs that should access the net are allowed to do so..

But still, if I open it, I can't use the net, only ICQ

Anybody?

[graywolf624]

Hmmmm.... What version are you running? Check under program control. See if the programs you mentioned have a check or a x or a ?. It should be a check if you automatically let them connect and ? if you want to ask the question. Also check your expert rules.. under expert in firewall.

Good luck.. Worse to worse it may be time to upgrade to a better firewall program.

Any more questions feel free to ask. I sub specialized in information security in college and specialized in networking. (I'd prefer to get a job in info sec.. but it looks like im settling for development).

[TT]

All the programs have the green ok symol of course.

I'm running version 3.7.. maybe time for an upgrade in effect...

Now I'm surfing with a "medium" in the "internet zone security".. not really complete protection.. not stealth.. but better than nothing I guess

What better firewall you suggest?

[TT]

*UPDATE*

I was at the phone with a friend and I happen to talk to him about my problem. He has the same ISP and uses ZA like me.. and well.. to surf he had to turn it off..

Now, WTF happened? How could they change something that affect my firewall+surfing set up?

[graywolf624]

What better firewall you suggest?

Black ice if you can afford it.

Now, WTF happened? How could they change something that affect my firewall+surfing set up?

It could be any number of things.. A component it blocks, the firewall forsees the network as a threat and resets its settings.. ect. Maybe up till now the network showed up under trusted networks and not the internet zone.

You can see what you allow in medium versus high by clicking the custom button.

My suggestion.. theres a reset button on the security page and component/program control..
Reset all these and see what it does relearning.

[SFDMALEX]

You want a peace of advice TT? Ditch that zone alarm and get Norton Personal Firewall. Zone alarm is a pain in the ass.

[TT]

Well, I fear it would be to much for me to deal with the custom option since there is quite a long list and of course I don't understand a fuck in it

Of course to surf on "medium" protection is not idea and as ZA says, it's just for temporary use in the Internet Zone.

As for the reset button hell... it seems to work again even in "high" security level.

And for blackice, well of course I can afford 50 USD but ZA was so simple and worked so well untill today...

[TT]

Yes, soon enough I will buy a router to split my line between PC and PS2, but I was wondering if the set up and the port opening thing for p2p software, to send files via AIM, MSN and such won't be to complicated for a PC dumbass like me...

[graywolf624]

Go to a shop and buy an ADSL router with firewall options. It costs about the same as a firewall option, + you can add extra pc's.

Thamar- You shouldnt rely on just a routers internal firewall. They generally don't have logging. They also are easily compromised, most people I know could hack most adsl routers in the time it takes me to write this reply.

[TT]

LOL sadly there is always somebody able to crack everything and I don't really need to protect my useless PC behind 10 different firewall software, a router and a couple of cops

[graywolf624]

lol...
Another problem is that a adsl router generally isn't going to stop egress.. That is the connections your own computer sends out.. Unless you put in alot of policies which you obviously don't have a grasp on.

[graywolf624]

And by loging I don't mean configuring.. I mean attack logging.

Remember my specialty within computer science is networks/information security.

[TT]

So the final word for PC noobs is: unistall any firewall, sell on ebay any router and just hope nobody is interested in hacking into your PC

[graywolf624]

watchguard

I disagree there too. You don't secure by technology you. You security is a process. You must layer it.

[graywolf624]

Some have attack logging, some don't... Security is an illusion, if they want in, they'll get in

I disagree again. While nothing is 100 percent secure, you must make it secure at a level equal to the value of the things they can see/take. In this case they can use your computer to attack others, take any personal information, ect. As for script kiddies, I can show you a script that will crack dlink and linksys adsl firewalls.

You also need attack logging.. to know where your problems are and what you do need to shut down. I'd argue intrusion detection is almost more important then the firewall itself.

Zone alarm and its ilk is more secure then the adsl routers generally because it blocks outgoing programs. Combine them with a adsl router and your one step better. Combind it with a hardware firewall and your getting somewhere.