Results 1 to 8 of 8
  1. #1
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Tweaking free version of Zone Alarm

    I have the free version of Zone Alarm (7 0 483).

    I recently checked the security of my computer using PC Flank's Stealth Test and Shields Up. The former suggested that my computer is safe from remote attacks and Trojans but that my browser [Firefox] reports on sites previously visited and suggests that I adjust settings in my firewall to prevent this. The latter said the my computer's ports are sufficiently hidden ("stealth") but that the computer replies to ping (ICMP Echo) requests, and suggests that I adjust settings in my firewall to prevent this.

    Are these adjustments possible in the free version of ZA, or would I need to buy the commercial version?

    Thanks.

    Joel

  2. #2
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Tweaking free version of Zone Alarm

    Let me start by asking if your computer "system" includes a router? If it does, I would offer the following. Several years ago when I checked the "stealth" condition of my system with GRC's Shield's Up, it reported a problem with my port 113. I have re-directed that port on my hardware (Linksys) router in accordance with Gibson's instructions at the time and I continue to get complete "stealth" ratings from his Shield's Up, even now. If you go back to his site, look for "Adaptive IDENT Stealthing Experimentation" which talks about this problem and Zone Alarm. It seems to me you don't need to do anything with ZA but you could have a problem similar to my original.

    I have no familiarity with PC Flank Stealth test and since you didn't provide a link, I'll go looking for it now.

  3. #3
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Tweaking free version of Zone Alarm

    And, if this is the proper link: PC Flank: Make sure you're protected on all sides.

    I got the following result for my computer.
    Attached Images Attached Images

  4. #4
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts

    Re: Tweaking free version of Zone Alarm

    You should be able to create or edit the rule for how to handle ping (ICMP Echo) requests. This is a normal function of a firewall.

    The report on Firefox is unclear to me. Are they referring to cookies? Browsing history??

  5. #5
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Tweaking free version of Zone Alarm

    Al has already mentioned a router as possible cause; it is also mentioned in several threads at ZoneAlarm User Forum:
    GRC Test tells me ping was answered
    ZoneAlarm not blocking ICMP echo?

    If you search the forum and a suitable board (such as "ZoneAlarm Configuration", "Security Issues" etc.) for "ICMP echo" you will find more info. It seems that in certain cases it can be the modem that is answering and not the PC/firewall (ZA): ICMP echo requests (Ping). I understand that some ISPs use ping to see if a user is still connected, but I don't know how common that is.

    "Are these adjustments possible in the free version of ZA ..."

    It seems it could be a modem/router setting as well as ZA, but for the ZA settings:

    From page 255 in User Guide for ZoneAlarm security software, version 7.0 (See TECHNICAL SUPPORT ZoneAlarm):
    <hr>To configure ZoneAlarm security software to allow ping messages:
    1. Select Firewall|Main.
    2. In the Internet Zone area, click Custom.
    3. Select check box labeled Allow incoming ping (ICMP echo).
    4. Click OK.
    5. Set the security level for the Internet Zone to Medium.
    See “Choosing security levels,” on page 43.<hr>
    I am using another version of the ZA Free, so I can't check. But I thought it was possible to make an exception (Allow ...) still on High, but it seems you have to lower the security level in Internet Zone to medium.

    This is NOT a good thing. So, since it's reported that it allows ICMP echo, you may want to check that the Internet Zone is at High (if you have no other reasons running on Medium), and if the setting above (Allow incoming ...) is checked.

    But I don't know anything in this case about certain modems or routers.

  6. #6
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Tweaking free version of Zone Alarm

    Thanks to all who replied. My version of ZA doesn't seem to allow for these settings...but maybe it's just the modem (router) pinging back.

    Joel

  7. #7
    Plutonium Lounger
    Join Date
    Oct 2001
    Location
    Lexington, Kentucky, USA
    Posts
    12,107
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: Tweaking free version of Zone Alarm

    You haven't specifically answered my question in my earlier post - do you use a router? If so, go in to its settings and find wherever "port forwarding" is located and do something like this attachment. As I said, it was recommended at the GRC.COM web site and hasn't caused any problem for me. I have a Linksys router, so yours may be different. If you try this, then repeat your tests to see what results you get.
    Attached Images Attached Images

  8. #8
    Star Lounger
    Join Date
    Aug 2005
    Posts
    78
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: Tweaking free version of Zone Alarm

    Thanks. I have an ADSL modem/router. Will look at the manual (probably this weekend) and report back.

    Joel

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •