Oh yes. It will alert me when some of MS programs try to either send some data (usually unneeded) or "act as a server" (for something I don't need or use). I like to keep track of what is happening :-)
For malware and viruses yes, but I guess they will be caught be the AV, but for "serious programs" it will. I can deny MS programs access, I can deny Word access, I can stop "host services" from beeing servers
Lars-Erik =D8sterud schrieb:
Disable services you don=B4t need, and you=B4re done. Far more reliable. Plus don=B4t install programs that phone home if you don=B4t want them to phone home. Or disable the phone home function.
If they try to establish outbound connections, your AV has very obviously _not_ caught them. And your system is toast.
A "serious program" will not try to establish outbound connections without you knowing about this.
It can stop everything that allows Zone Alarm to stop it. I will not stop anything that does not allow ZA to stop it.
Regards Thomas
Some MS programs don't behave. Why should the printer spooler have Internet access (it ask for), why should it have "act as a server", and most MS programs send thing even with "phone home" off.
So even if it is not fullproof the program check funtion of ZA does make it possibel to stop lots of programs from sending/listening.
And for malware I have anti-virus anyway (though I don't really need that I think as I have never gotten anything, it's just to be a bit awake on what links and messages you click on and don't use Outlook)
They are caught. I get a "xxxxxxx is asking for server permissions" etc. Have you ever used ZA or similar. I catches them, asks if they should be able to communicate, and if not you can block them. ZA is hooked on a very low level of the communication system in Windows (if you stop the firewall service, nothing gets out from the machine).
Tell that to MS :-)
How does that get passed the "wsmon" service then? Does it have it own network drivers all together then (since ZA has patched into the system drivers). I know huge serious companies using ZoneLabs firewalls on their PCs (with central administration). Are they stupid?
Because it's a print server. Just switch this functionality off if you don't need it. BTW: this is filtered away by the Windows-Firewall, too.
Please give an example. BTW: most of the "phoning home" incidents are useful online software updates, which you shouldn't filter.
Most of what's done is useless or even counterproductive.
Virus Scanners cannot prevent from geting viruses by concept. They can filter out already known viruses, so they're useful. But they will not prevent you from getting infected, because they cannot know all malware.
Yes. Your "Personal Firewall" is fooling you with useless claims of securing you. The real threats are not detected, and preventing from getting online software updates is counterproductive.
This is just wrong. Zone Alarm cannot prevent kernel code from communicating at all, and it even cannot prevent my little PoC code at
It's even worse, Zone Alarm phones home itself. Zone Alarm does this what they claim to prevent from.
Yes.
Or better: they likely just don't know better.
Yours, VB.
How? I have tturned off all I can find. If I turn off more my USB printer stops working too :-) What service should I look for.
I can post the log from ZA over all attempts to send/act as server :-)
I know. That is why one should always be careful what to clik on :-))
Well, that can be stopped too :-)
Beside the Windows-Firewall, you can stop File-/Printersharing.
Feel free to do this.
I'd be interested how to do so. We already discussed this here, and everybody was surprised, that Zone Alarm does this.
Yours, VB.
But most of the inexperienced users equipped with personal firewalls behave like: "I don't have to be carefully while using the internet. I'm totally secured by this ." And then they will click on every dubious link and email attachment. I'm working in it-security for more than 10 years now and that's the reality unfortunately.
Their problems. IT techs need to have work too :-)
Even employees in IT companies does this (especially sales-people :-)
That's the strange thing. It IS not even enabled. And both the "Server" and "Workstation" services are disabled. Tried disabling the "Spooler" service too, but then I loose all mye printers :-(
So why does the spooler go on the net then (and not the internal
127.0.0.1 zone either, it asks for external network access)?
Because it's stupid? ;-)
BTW: You'll find more on how to disable Windows' services on Torsten's page:
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.