Windows 8 and 8.1 Forums


Got ZoneAlarm Antivirus/Firewall working on Windows 8

  1. #11


    Posts : 1,851
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86


    Yeah, yeah - long time Gibson fan and reader here too. The guy has taught me a lot through his online presence, mostly networking related stuff.

    3rd party firewalls are commonly used to easily disallow any newly ran program or installer from accessing the network. It doesn't take too much imagination to realize why. Basically, it's useful for those programs that decided they wanted to be downloaded (yes - all on their own hahah and no I don't mean a trojan - I mean useful stuff) and installed...and to make them continue working indefinitely.

    The Windows Firewall has the same functionality but people don't generally use it for that. That's because it doesn't automatically deny outbound access to anything.

    haha my hosts file is 454 kB. I just had to check.

    I will definitely check the software. Where the heck do I know that name Vishal Gupta from? I know I have heh.

      My System SpecsSystem Spec

  2. #12


    Posts : 1,851
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86


    Cool deal glennc. Ya, your relative in IT probably had/has to deal with many problems involving the Norton so that's why he's agreeable with my opinion.

    It even has the undesirable ability to cause machines to be impossible to boot to Windows well at times. I've fixed it for people many times over.

    On one particular forum years ago that also had a Norton/Symantec rep on it - I knew of this issue and was telling the user to remove it with the tool and the machine would be fine. I was completely sure based on detailed info given by the user.

    Well, the site mods, the user with problems nor the rep would believe N/S was the cause. It didn't work out well for me or the user trying to repair the machine either. So it goes....

      My System SpecsSystem Spec

  3. #13


    Quote Originally Posted by fafhrd View Post
    I think Windows will have come of age on the day when third party Utilities are not needed at all. I have not felt the need for a 3rd party personal firewall since being behind a home router and NAT firewall (Smoothwall running on an old PII with 64MB RAM) in 2003, and then with home wireless routers, I just don't think I am exposed at all with a private IP address (see Steve Gibsons Shields Up for instance). I have had some XP machines with the Windows firewall turned off for years, and I don't often get malware - like once every couple of years or so. And I don't feel the need for antivirus since AVG2011 finished my relationship with them.


    The thing that messes people up most is Internet Explorer. Don't use it. 'Cos the hackers do.


    I now only use beta browsers - Google Chrome Canary Build - Opera Next - Firefox Beta - sometimes recent builds of Seamonkey. Browser exploits are hard to do on things that have only been out a day or two. And if they don't work properly due to their beta nature, I can always use a stable version.
    If the adblockers don't stop the cr*p, I use a Hosts file to stop bad adverts from appearing if the sites I find myself visiting appear full of flashy trash or popups - even in linux.


    I love downloading utilities, some of them from sites in Chinese, like Jeff Chan's inscrutable RW Everything and from India e.g. Vishal Gupta's excellent Puran Defrag so I don't always stay within safe limits (Check these out GMan, if you don't know them already!) - - Driver downloads are a minefield. Laptopvideo2go and Tim's Driver Guide are good to go at the moment, but good sites have gone bad in the past, and I can understand the problems with hosting driver catalogs and archives.


    I never divulge my identity online unless it's professionally useful to do so, and if there's an email there, it's not machine readable. If an address gets spammed, the spams stay unopened, and I only use webmail, so the emails are never downloaded to Microsoft's second worst offender, Outlook.
    Hey fafhrd,
    Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
    Glenn
      My System SpecsSystem Spec

  4. #14


    Quote Originally Posted by GMan View Post
    Cool deal glennc. Ya, your relative in IT probably had/has to deal with many problems involving the Norton so that's why he's agreeable with my opinion.

    It even has the undesirable ability to cause machines to be impossible to boot to Windows well at times. I've fixed it for people many times over.

    On one particular forum years ago that also had a Norton/Symantec rep on it - I knew of this issue and was telling the user to remove it with the tool and the machine would be fine. I was completely sure based on detailed info given by the user.

    Well, the site mods, the user with problems nor the rep would believe N/S was the cause. It didn't work out well for me or the user trying to repair the machine either. So it goes....


    Some days you get the bear and some days the bear gets you! Maybe my time will come....
    Take care buddy!
    Glenn
      My System SpecsSystem Spec

  5. #15


    Posts : 1,851
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86


    NAT concept is simple. When a packet comes in from the outside that no machines on your network requested, it is automatically blocked by the router. The simple reason for this is because the router has no clue which machine to give it to.

    Then you will think, well how can I run a server like HTTP or FTP or even allow connections to any bittorrent client like uTorrent? If outside machines can't find the servers, what to do?

    That is why port forwarding concept is included in all routers. You literally tell the router something like this:

    When a tcp packet comes in on port 5502, send it to the machine with the ip address of 192.168.0.60
    When a udp packet comes in on port 22,304, send it to the machine with the ip address of 192.168.0.74

    (That is why it is very desirable to set up static ip addresses that never change for machines on your network, instead of relying on the router's DHCP server to hand out ip addresses which will always be different with each connect.)

    Those are just examples. You can setup anything how you want.

    With client/servers like uTorrent, there is also a concept called uPnP. What this literally does is tell your router from the program: Hey, I want to serve on port 20,000 (or any other port it is set for.) So the router takes care of the config automatically and sends all packets inbound on port 20,000 to the machine running uTorrent.

    If you have more than one machine running uTorrent and uPnP is active, the router will still know where to send all incoming packets to the right places.

    But still, if someone tries to attack your network by sending a packet at it, the router will behave as a firewall and just drop it so it can not cause any harm.

    Then you might also think: Well if I allow udp packets on port 20,000 to a machine I have with uTorrent, can't a hacker just send a udp packet to my network on port 20,000? The answer is yes, they can. In this case, the design and security of your application (uTorrent in this case) is extremely important. What happens with that "bad" packet coming in will be decided by uTorrent. If the design is well, harm is still not done.
      My System SpecsSystem Spec

  6. #16


    Portsmouth Hants
    Posts : 772
    Windows 8.1 Pro with Media Center


    Quote Originally Posted by glennc View Post

    Hey fafhrd,
    Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
    Glenn
    NAT is quite easy. It's automatically set up by default in most routers. The router has the incoming internet address assigned by the ISP, for me it's (I open a new tab, type: whats my ip, and Google sends me to What's My IP Address? Networking Tools & More which tells me: ) 82.44.205.163. Publicly broadcast - that's how the website could tell me what my IP was. On my side of the router, which has an IP address of 192.168.0.1 (my internet gateway and DNS) I find that my address is 192.168.0.9 if I look it up with ipconfig.

    Almost all private home networks operate within the range of 192.168.0.1 to 192.168.0.255. Nobody on the internet can reach me at address 192.168.0.9, because there are millions of us with that address, on private networks globally. Only my router knows how to. So when a website sends a page I have asked for, the site sends it to 82.44.205.163, since that is the address it believes the request has come from. When my router receives the page, it routes it to me, 'cos it knows I requested it.
    Some downloaded programs might "phone home" from my computer, and that's where ZA has the advantage over, say, MS Windows Firewall, which never asks your permission for anything, although it can be configured to block outgoing requests like ZA does. Most programs that do call home, I am happy to let them, so that they can receive updates etc.

    In occasion I have clicked an advert which has given me an unwelcome parasite. Usually these are manifested as BHOs (Browser Helper Objects), which might, for instance, install themselves as toolbars in Internet Explorer, and spawn unwelcome adverts, and worse. That's when I would load up Malwarebytes to remove all traces of the parasite, but as I mentioned before, I already have several defences against that happening.

    After WPA2, the other password is that of the router setup, which you should change from the default if you can, the router default ssid name, since these all give clues to the hacker.

    However, a scan from Netalyzr shows that the router reports on the internal private network:

    Code:
    cpc2-haye8-0-0-cust1442.haye.cable.virginmedia.com / 82.44.205.163
    NAT detection (?): NAT Detected
    Your global IP address is 82.44.205.163 while your local one is 192.168.0.9. You are behind a NAT. Your local address is in unroutable address space.
    Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
    
    TCP ports are not renumbered by the network.
    Local Network Interfaces (?): OK Your computer reports the following network interfaces, with the following IP addresses for each one:
    • lo: (a local loopback interface)
      • ::1 [localhost] (an IPv6 loopback address)
      • 127.0.0.1 [localhost] (an IPv4 loopback address)
    • wlan0:
      • fe80::8a9f:faff:fe0f:9771 (a link-local IPv6 address)
      • 192.168.0.9 [MYNAME-netbook.local] (a private IPv4 address)
    DNS-based host information (?): OK You are not a Tor exit node for HTTP traffic. You are listed on the Spamhaus Policy Based Blacklist, meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail. The SORBS DUHL believes you are using a statically assigned IP address. NAT support for Universal Plug and Play (UPnP) (?): Yes We received UPnP responses from one device:
    So you know my ISP and approximate location, and my computer name (containing MYNAME) is being broadcast as well as my unrouteable private address, and the model of my router too - which will have default passwords and possibly SSID and other default values.

    I am using a linuxMint 8 netbook at the moment, so uPNP is not really much use, except to my Windows systems




    Code:
    Network Access Link Properties
    
    
    Network latency measurements (?): Latency: 95ms Loss: 0.0%+
    
    
    
    TCP connection setup latency (?): 200ms+
    
    
    
    Network background health measurement (?): no transient outages+
    
    
    
    Network bandwidth (?): Upload 1.0 Mbit/sec, Download 7.2 Mbit/sec+
    
    
    
    
    Network buffer measurements (?): Uplink 520 ms, Downlink 130 ms
    We estimate your uplink as having 520 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. Real-time applications, such as games or audio chat, may also work poorly when conducting large uploads at the same time.
    
    
    We estimate your downlink as having 130 msec of buffering. This level may serve well for
     maximizing speed while minimizing the impact of large transfers on other traffic.
    So you can tell how fast my up and downlinks are - and therefore if hacked in how long it might take to do certain tasks like uploading a file to me or downloading data from my disk. Like cookies for instance:
    Code:
    
    JavaScript-based tests (?): OK
    The applet did not execute within a frame.
    Your web browser reports the following cookies for our web page:
    
    • netAlizEd = BaR (set by our server)
    • netalyzrStatus = running (set by our server)
    Your web browser was unable to fetch an image using IPv6. System clock accuracy (?): OK Your computer's clock agrees with our server's clock. Browser properties (?): OK Your web browser sends the following parameters to all web sites you visit:
    • User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2
    • Accept: application/xml,application/xhtml+xml,text/html; q=0.9,text/plain; q=0.8,image/png,*/*; q=0.5
    • Accept Language: en-GB,en-US;q=0.8,en;q=0.6
    • Accept Encoding: gzip,deflate,sdch
    • Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
    Java identifies your operating system as Linux.
    Uploaded data (?): OK The applet uploaded the following additional content:
    So the clock sends a timestamp, and the browser identifies itself by spoofing several possible browsers, and that it is a Linux version.

    If I had a wired network, that would be about it, but I have wireless, like you.
    If you live in a city, and not out in the sticks, with no neighbours for miles, Windows tells you that there are other networks available, some secured, others not. But your wireless router and PC wireless adapter give out a lot more information than that. All you need is something portable that runs a program like: InSSIDer by METAGEEK It shows the mac addresses, SSIDs Channels, signal strength etc etc. Walk or drive around with it and a GPS, and you could map the whole neighbourhood, checking names, addresses, ISPs, and people have already done that. WiGLE - Wireless Geographic Logging Engine - Browsable Web Map

    It's all based on the Windows commandline:

    netsh wlan show networks mode=bssid

    So perhaps I should be tightening up my act! You can of course find out how much your browser and router is giving away too.

    I should say that Google is the weak link in the network, sorry weakest. If Android devices connect to your network, they are so insecure, that when the sort of information such as the above can be sniffed as it passes to and from a guy at an airport after a long flight, checking his corporate email server, as well as the passwords he needs to get into his mailbox or corporate account, then there's no security at all.

    That is what Windows 8 corporate marketing is all about - a secure OS brand for portable devices - and businesses will go for it if the OEMs of portable devices are offered it at a good enough price (at first) like try it free for a year?
    Last edited by fafhrd; 24 Mar 2012 at 03:47.
      My System SpecsSystem Spec

  7. #17


    Quote Originally Posted by GMan View Post
    NAT concept is simple. When a packet comes in from the outside that no machines on your network requested, it is automatically blocked by the router. The simple reason for this is because the router has no clue which machine to give it to.

    Then you will think, well how can I run a server like HTTP or FTP or even allow connections to any bittorrent client like uTorrent? If outside machines can't find the servers, what to do?

    That is why port forwarding concept is included in all routers. You literally tell the router something like this:

    When a tcp packet comes in on port 5502, send it to the machine with the ip address of 192.168.0.60
    When a udp packet comes in on port 22,304, send it to the machine with the ip address of 192.168.0.74

    (That is why it is very desirable to set up static ip addresses that never change for machines on your network, instead of relying on the router's DHCP server to hand out ip addresses which will always be different with each connect.)

    Those are just examples. You can setup anything how you want.

    With client/servers like uTorrent, there is also a concept called uPnP. What this literally does is tell your router from the program: Hey, I want to serve on port 20,000 (or any other port it is set for.) So the router takes care of the config automatically and sends all packets inbound on port 20,000 to the machine running uTorrent.

    If you have more than one machine running uTorrent and uPnP is active, the router will still know where to send all incoming packets to the right places.

    But still, if someone tries to attack your network by sending a packet at it, the router will behave as a firewall and just drop it so it can not cause any harm.

    Then you might also think: Well if I allow udp packets on port 20,000 to a machine I have with uTorrent, can't a hacker just send a udp packet to my network on port 20,000? The answer is yes, they can. In this case, the design and security of your application (uTorrent in this case) is extremely important. What happens with that "bad" packet coming in will be decided by uTorrent. If the design is well, harm is still not done.
    Howdy Gman,
    You are very kind! I will have to devote a fair portion of the day trying to wrap my head around you seemingly clear and well done explanation. Thank you extensively!
    Glenn
      My System SpecsSystem Spec

  8. #18


    Quote Originally Posted by fafhrd View Post
    Quote Originally Posted by glennc View Post

    Hey fafhrd,
    Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
    Glenn
    NAT is quite easy. It's automatically set up by default in most routers. The router has the incoming internet address assigned by the ISP, for me it's (I open a new tab, type: whats my ip, and Google sends me to What's My IP Address? Networking Tools & More which tells me: ) 82.44.205.163. Publicly broadcast - that's how the website could tell me what my IP was. On my side of the router, which has an IP address of 192.168.0.1 (my internet gateway and DNS) I find that my address is 192.168.0.9 if I look it up with ipconfig.

    Almost all private home networks operate within the range of 192.168.0.1 to 192.168.0.255. Nobody on the internet can reach me at address 192.168.0.9, because there are millions of us with that address, on private networks globally. Only my router knows how to. So when a website sends a page I have asked for, the site sends it to 82.44.205.163, since that is the address it believes the request has come from. When my router receives the page, it routes it to me, 'cos it knows I requested it.
    Some downloaded programs might "phone home" from my computer, and that's where ZA has the advantage over, say, MS Windows Firewall, which never asks your permission for anything, although it can be configured to block outgoing requests like ZA does. Most programs that do call home, I am happy to let them, so that they can receive updates etc.

    In occasion I have clicked an advert which has given me an unwelcome parasite. Usually these are manifested as BHOs (Browser Helper Objects), which might, for instance, install themselves as toolbars in Internet Explorer, and spawn unwelcome adverts, and worse. That's when I would load up Malwarebytes to remove all traces of the parasite, but as I mentioned before, I already have several defences against that happening.

    After WPA2, the other password is that of the router setup, which you should change from the default if you can, the router default ssid name, since these all give clues to the hacker.

    However, a scan from Netalyzr shows that the router reports on the internal private network:

    Code:
    cpc2-haye8-0-0-cust1442.haye.cable.virginmedia.com / 82.44.205.163
    NAT detection (?): NAT Detected
    Your global IP address is 82.44.205.163 while your local one is 192.168.0.9. You are behind a NAT. Your local address is in unroutable address space.
    Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
    
    TCP ports are not renumbered by the network.
    Local Network Interfaces (?): OK Your computer reports the following network interfaces, with the following IP addresses for each one:
    • lo: (a local loopback interface)
      • ::1 [localhost] (an IPv6 loopback address)
      • 127.0.0.1 [localhost] (an IPv4 loopback address)
    • wlan0:
      • fe80::8a9f:faff:fe0f:9771 (a link-local IPv6 address)
      • 192.168.0.9 [MYNAME-netbook.local] (a private IPv4 address)
    DNS-based host information (?): OK You are not a Tor exit node for HTTP traffic. You are listed on the Spamhaus Policy Based Blacklist, meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail. The SORBS DUHL believes you are using a statically assigned IP address. NAT support for Universal Plug and Play (UPnP) (?): Yes We received UPnP responses from one device:
    So you know my ISP and approximate location, and my computer name (containing MYNAME) is being broadcast as well as my unrouteable private address, and the model of my router too - which will have default passwords and possibly SSID and other default values.

    I am using a linuxMint 8 netbook at the moment, so uPNP is not really much use, except to my Windows systems




    Code:
    Network Access Link Properties
    
    
    Network latency measurements (?): Latency: 95ms Loss: 0.0%+
    
    
    
    TCP connection setup latency (?): 200ms+
    
    
    
    Network background health measurement (?): no transient outages+
    
    
    
    Network bandwidth (?): Upload 1.0 Mbit/sec, Download 7.2 Mbit/sec+
    
    
    
    
    Network buffer measurements (?): Uplink 520 ms, Downlink 130 ms
    We estimate your uplink as having 520 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. Real-time applications, such as games or audio chat, may also work poorly when conducting large uploads at the same time.
    
    
    We estimate your downlink as having 130 msec of buffering. This level may serve well for
     maximizing speed while minimizing the impact of large transfers on other traffic.
    So you can tell how fast my up and downlinks are - and therefore if hacked in how long it might take to do certain tasks like uploading a file to me or downloading data from my disk. Like cookies for instance:
    Code:
    
    JavaScript-based tests (?): OK
    The applet did not execute within a frame.
    Your web browser reports the following cookies for our web page:
    
    • netAlizEd = BaR (set by our server)
    • netalyzrStatus = running (set by our server)
    Your web browser was unable to fetch an image using IPv6. System clock accuracy (?): OK Your computer's clock agrees with our server's clock. Browser properties (?): OK Your web browser sends the following parameters to all web sites you visit:
    • User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2
    • Accept: application/xml,application/xhtml+xml,text/html; q=0.9,text/plain; q=0.8,image/png,*/*; q=0.5
    • Accept Language: en-GB,en-US;q=0.8,en;q=0.6
    • Accept Encoding: gzip,deflate,sdch
    • Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
    Java identifies your operating system as Linux.
    Uploaded data (?): OK The applet uploaded the following additional content:
    So the clock sends a timestamp, and the browser identifies itself by spoofing several possible browsers, and that it is a Linux version.

    If I had a wired network, that would be about it, but I have wireless, like you.
    If you live in a city, and not out in the sticks, with no neighbours for miles, Windows tells you that there are other networks available, some secured, others not. But your wireless router and PC wireless adapter give out a lot more information than that. All you need is something portable that runs a program like: InSSIDer by METAGEEK It shows the mac addresses, SSIDs Channels, signal strength etc etc. Walk or drive around with it and a GPS, and you could map the whole neighbourhood, checking names, addresses, ISPs, and people have already done that. WiGLE - Wireless Geographic Logging Engine - Browsable Web Map

    It's all based on the Windows commandline:

    netsh wlan show networks mode=bssid

    So perhaps I should be tightening up my act! You can of course find out how much your browser and router is giving away too.

    I should say that Google is the weak link in the network, sorry weakest. If Android devices connect to your network, they are so insecure, that when the sort of information such as the above can be sniffed as it passes to and from a guy at an airport after a long flight, checking his corporate email server, as well as the passwords he needs to get into his mailbox or corporate account, then there's no security at all.

    That is what Windows 8 corporate marketing is all about - a secure OS brand for portable devices - and businesses will go for it if the OEMs of portable devices are offered it at a good enough price (at first) like try it free for a year?
    Howdy Sir,
    What a great wealth of knowledge. This is going to take some time. Appreciate your effort, feed a man a fish, etc: Thanks and much appreciated!
    Glenn
      My System SpecsSystem Spec

  9. #19


    Quote Originally Posted by fafhrd View Post
    Quote Originally Posted by glennc View Post

    Hey fafhrd,
    Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
    Glenn
    NAT is quite easy. It's automatically set up by default in most routers. The router has the incoming internet address assigned by the ISP, for me it's (I open a new tab, type: whats my ip, and Google sends me to What's My IP Address? Networking Tools & More which tells me: ) 82.44.205.163. Publicly broadcast - that's how the website could tell me what my IP was. On my side of the router, which has an IP address of 192.168.0.1 (my internet gateway and DNS) I find that my address is 192.168.0.9 if I look it up with ipconfig.

    Almost all private home networks operate within the range of 192.168.0.1 to 192.168.0.255. Nobody on the internet can reach me at address 192.168.0.9, because there are millions of us with that address, on private networks globally. Only my router knows how to. So when a website sends a page I have asked for, the site sends it to 82.44.205.163, since that is the address it believes the request has come from. When my router receives the page, it routes it to me, 'cos it knows I requested it.
    Some downloaded programs might "phone home" from my computer, and that's where ZA has the advantage over, say, MS Windows Firewall, which never asks your permission for anything, although it can be configured to block outgoing requests like ZA does. Most programs that do call home, I am happy to let them, so that they can receive updates etc.

    In occasion I have clicked an advert which has given me an unwelcome parasite. Usually these are manifested as BHOs (Browser Helper Objects), which might, for instance, install themselves as toolbars in Internet Explorer, and spawn unwelcome adverts, and worse. That's when I would load up Malwarebytes to remove all traces of the parasite, but as I mentioned before, I already have several defences against that happening.

    After WPA2, the other password is that of the router setup, which you should change from the default if you can, the router default ssid name, since these all give clues to the hacker.

    However, a scan from Netalyzr shows that the router reports on the internal private network:

    Code:
    cpc2-haye8-0-0-cust1442.haye.cable.virginmedia.com / 82.44.205.163
    NAT detection (?): NAT Detected
    Your global IP address is 82.44.205.163 while your local one is 192.168.0.9. You are behind a NAT. Your local address is in unroutable address space.
    Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
    
    TCP ports are not renumbered by the network.
    Local Network Interfaces (?): OK Your computer reports the following network interfaces, with the following IP addresses for each one:
    • lo: (a local loopback interface)
      • ::1 [localhost] (an IPv6 loopback address)
      • 127.0.0.1 [localhost] (an IPv4 loopback address)
    • wlan0:
      • fe80::8a9f:faff:fe0f:9771 (a link-local IPv6 address)
      • 192.168.0.9 [MYNAME-netbook.local] (a private IPv4 address)
    DNS-based host information (?): OK You are not a Tor exit node for HTTP traffic. You are listed on the Spamhaus Policy Based Blacklist, meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail. The SORBS DUHL believes you are using a statically assigned IP address. NAT support for Universal Plug and Play (UPnP) (?): Yes We received UPnP responses from one device:
    So you know my ISP and approximate location, and my computer name (containing MYNAME) is being broadcast as well as my unrouteable private address, and the model of my router too - which will have default passwords and possibly SSID and other default values.

    I am using a linuxMint 8 netbook at the moment, so uPNP is not really much use, except to my Windows systems




    Code:
    Network Access Link Properties
    
    
    Network latency measurements (?): Latency: 95ms Loss: 0.0%+
    
    
    
    TCP connection setup latency (?): 200ms+
    
    
    
    Network background health measurement (?): no transient outages+
    
    
    
    Network bandwidth (?): Upload 1.0 Mbit/sec, Download 7.2 Mbit/sec+
    
    
    
    
    Network buffer measurements (?): Uplink 520 ms, Downlink 130 ms
    We estimate your uplink as having 520 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. Real-time applications, such as games or audio chat, may also work poorly when conducting large uploads at the same time.
    
    
    We estimate your downlink as having 130 msec of buffering. This level may serve well for
     maximizing speed while minimizing the impact of large transfers on other traffic.
    So you can tell how fast my up and downlinks are - and therefore if hacked in how long it might take to do certain tasks like uploading a file to me or downloading data from my disk. Like cookies for instance:
    Code:
    
    JavaScript-based tests (?): OK
    The applet did not execute within a frame.
    Your web browser reports the following cookies for our web page:
    
    • netAlizEd = BaR (set by our server)
    • netalyzrStatus = running (set by our server)
    Your web browser was unable to fetch an image using IPv6. System clock accuracy (?): OK Your computer's clock agrees with our server's clock. Browser properties (?): OK Your web browser sends the following parameters to all web sites you visit:
    • User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2
    • Accept: application/xml,application/xhtml+xml,text/html; q=0.9,text/plain; q=0.8,image/png,*/*; q=0.5
    • Accept Language: en-GB,en-US;q=0.8,en;q=0.6
    • Accept Encoding: gzip,deflate,sdch
    • Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
    Java identifies your operating system as Linux.
    Uploaded data (?): OK The applet uploaded the following additional content:
    So the clock sends a timestamp, and the browser identifies itself by spoofing several possible browsers, and that it is a Linux version.

    If I had a wired network, that would be about it, but I have wireless, like you.
    If you live in a city, and not out in the sticks, with no neighbours for miles, Windows tells you that there are other networks available, some secured, others not. But your wireless router and PC wireless adapter give out a lot more information than that. All you need is something portable that runs a program like: InSSIDer by METAGEEK It shows the mac addresses, SSIDs Channels, signal strength etc etc. Walk or drive around with it and a GPS, and you could map the whole neighbourhood, checking names, addresses, ISPs, and people have already done that. WiGLE - Wireless Geographic Logging Engine - Browsable Web Map

    It's all based on the Windows commandline:

    netsh wlan show networks mode=bssid

    So perhaps I should be tightening up my act! You can of course find out how much your browser and router is giving away too.

    I should say that Google is the weak link in the network, sorry weakest. If Android devices connect to your network, they are so insecure, that when the sort of information such as the above can be sniffed as it passes to and from a guy at an airport after a long flight, checking his corporate email server, as well as the passwords he needs to get into his mailbox or corporate account, then there's no security at all.

    That is what Windows 8 corporate marketing is all about - a secure OS brand for portable devices - and businesses will go for it if the OEMs of portable devices are offered it at a good enough price (at first) like try it free for a year?
    Howdy Sir,
    What a great wealth of knowledge. This is going to take some time. Appreciate your effort, feed a man a fish, etc: Thanks and much appreciated!
    Glenn
      My System SpecsSystem Spec

  10. #20


    GMan!

    "So yup, if anyone is seriously interested, I'll add instructions here by request."

    Yes I am interested!

    Mostly in getting a standalone, firewall only, version of ZA working in Win 8, but if not available others will do. So please add instructions!

    Stan
      My System SpecsSystem Spec

Page 2 of 6 FirstFirst 1234 ... LastLast
Got ZoneAlarm Antivirus/Firewall working on Windows 8
Related Threads
I have an issue with homegroups where both devices run Norton (NIS). Environment is as follows:- Laptop running win 8.1 and NIS Desktop running win 7 and NIS Have both wired and wireless network but have disabled the wireless adapters in both devices. After much experimentation and...
Seriously title says it all, looks like i got a VIRUS, IDK but i just restored my computer please help me PLS :( paid or free idc
Do you plan to install third-party antivirus (including antimalware) and firewall and or rely on the built-in Windows 8 tools?
Solved Antivirus and Firewall in Virtualization
Do you need a antivirus and firewall program on a virtual machine?
Good day folks. Any working (and free) Anti-Virus for W8? With the default Windows Defender in place, it's just painfully slow to install any software in W8 CP. The initial check will at least take several seconds before the actual installation starts. (msi installations are OK presumably...
Working Antivirus for Win8 in Software and Apps
Eight Forums Android App Eight Forums IOS App Follow us on Facebook