What's new

Got ZoneAlarm Antivirus/Firewall working on Windows 8

GMan

Banned
I just wanted to make a quick report that I can successfully get any version (sku) of ZoneAlarm working well on Windows 8. I have it installed now and it is functioning perfectly.

In case anyone is interested, I can detail the process of how to do so. It is not for the install and simply make it work crowd. It's a bit of a process, you have to do this, that and the other thing, but once it is working, it is set and forget and all is well.

So yup, if anyone is seriously interested, I'll add instructions here by request.
 

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

GMan

Banned
Capture-5.jpg

By the way, this version shown is currently in beta from CheckPoint and is free to use for anyone interested. It has Kaspersky Anitvirus built in, like all CheckPoint software with antivirus ability.
 
Last edited:

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

glennc

New Member
Member
View attachment 4861

By the way, this version shown is currently in beta from CheckPoint and is free to use for anyone interested. It has Kaspersky Anitvirus built in, like all CheckPoint software with antivirus ability.

Hey Gman,
Not knowing that much about it, I have Norton Internet Security running. I've never considered that a firewall, although it says it is and has disabled Windows Firewall. I do like the Norton antivirus but am unsure of it's firewall, normally run Comodo on my W7.
I guess I am asking your opinion, should I leave it as it is or add the Zonealarm firewall without the Kaspersky Antivirus (if possible) and disable Norton's firewall (if possible). Stuck in old habits!
Thanks for the news and I know I am quite interested, no offense to any Defender and Firewall users.
Glenn
 

My Computer

System One

  • OS
    Windows 7

GMan

Banned
Here's the thing, Glennc. I've read the thread where Brink was able to help you setup Win 8 again so you don't have corruption and things seem to be well there with your machine from it.

So I wouldn't advise installing this is that kind of situation, because it is a beta, and it is not even closely intended for Windows 8. And you've also had a major issue previously with ZA and removal....so I'd say best to leave it off for now in your specific situation.

To supplement what I am saying, and now this is only an opinion, but even when the best doctors or lawyers are hired, their advice is still just an opinion. I do recommend using the Norton/Symantec tool to remove what you have in safe mode. It can be found online easily by searching.

When rebooted back to normal desktop, use services.msc to set the Windows Defender service to Auto and do the the same thing for Windows Firewall.

Now that's a recipe for a happy machine for you.
 

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

GMan

Banned
To further illustrate my above points, for laughs and giggles (there's another term for that, but I try to keep it rated "G" here lol) - I just re-enabled UAC to its default setting and it messed up ZA working properly.

I don't think it is specifically because it is set to default. I think the actual change from one setting to another (no matter what the change was) is what did it in.

I was able to fix it again, but like I said - beta and not for Windows 7.

None of this is a problem for me, because I leave UAC to the lowest setting anyhow under normal (non-testing) circumstances. So if anyone is going to want to try this ZA, you should be of the same type that always disables UAC to begin with.

Limitations? baaaah
 

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

glennc

New Member
Member
Here's the thing, Glennc. I've read the thread where Brink was able to help you setup Win 8 again so you don't have corruption and things seem to be well there with your machine from it.

So I wouldn't advise installing this is that kind of situation, because it is a beta, and it is not even closely intended for Windows 8. And you've also had a major issue previously with ZA and removal....so I'd say best to leave it off for now in your specific situation.

To supplement what I am saying, and now this is only an opinion, but even when the best doctors or lawyers are hired, their advice is still just an opinion. I do recommend using the Norton/Symantec tool to remove what you have in safe mode. It can be found online easily by searching.

When rebooted back to normal desktop, use services.msc to set the Windows Defender service to Auto and do the the same thing for Windows Firewall.

Now that's a recipe for a happy machine for you.

Like your style Gman!!
And I follow your advice about me trying it out as being very risky, especially with my in-expertise. I would like to go a whole week without messing it up. Actually put CCleaner back on it and it is running like a champ! SFC errors, no more, for now.
I will take time and try to fully understand about running a Norton AV check in safe mode, if I can get there and you say I can get WDefender and WFirewall running without conflict?
Thanks
Glenn
 

My Computer

System One

  • OS
    Windows 7

GMan

Banned
heh heh Basically, what I was advising was to use the removal tool in safe mode for Norton/Symantec. This will completely take it away from the machine for good.

I've seen too much trouble from that software maker, and in my personal experience with it dating back to probably around the year 2000 or so before I knew better, it is not something you want on your machine for various performance/stability reasons.

I do not have high regards for their solutions for other reasons as well.

So if you do remove it, then set the Windows Firewall and Defender services to their default settings, which is Automatic.

On the other hand, if you really like this Norton/Symantec thing, just leave it alone and see how it continues to go for you. If you have any sorts of weird issues, look at that being the culprit first.
 

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

fafhrd

Active Member
Pro User
I think Windows will have come of age on the day when third party Utilities are not needed at all. I have not felt the need for a 3rd party personal firewall since being behind a home router and NAT firewall (Smoothwall running on an old PII with 64MB RAM) in 2003, and then with home wireless routers, I just don't think I am exposed at all with a private IP address (see Steve Gibsons Shields Up for instance). I have had some XP machines with the Windows firewall turned off for years, and I don't often get malware - like once every couple of years or so. And I don't feel the need for antivirus since AVG2011 finished my relationship with them.


The thing that messes people up most is Internet Explorer. Don't use it. 'Cos the hackers do.


I now only use beta browsers - Google Chrome Canary Build - Opera Next - Firefox Beta - sometimes recent builds of Seamonkey. Browser exploits are hard to do on things that have only been out a day or two. And if they don't work properly due to their beta nature, I can always use a stable version.
If the adblockers don't stop the cr*p, I use a Hosts file to stop bad adverts from appearing if the sites I find myself visiting appear full of flashy trash or popups - even in linux.


I love downloading utilities, some of them from sites in Chinese, like Jeff Chan's inscrutable RW Everything and from India e.g. Vishal Gupta's excellent Puran Defrag so I don't always stay within safe limits (Check these out GMan, if you don't know them already!) - - Driver downloads are a minefield. Laptopvideo2go and Tim's Driver Guide are good to go at the moment, but good sites have gone bad in the past, and I can understand the problems with hosting driver catalogs and archives.


I never divulge my identity online unless it's professionally useful to do so, and if there's an email there, it's not machine readable. If an address gets spammed, the spams stay unopened, and I only use webmail, so the emails are never downloaded to Microsoft's second worst offender, Outlook.
 

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP COMPAQ Presario CQ57
    CPU
    AMD E- 300 APU with Radion HD Graphics 1.30GHz
    Motherboard
    inbuilt
    Memory
    4GB
    Graphics Card(s)
    ATI
    Sound Card
    High Definition Audio on-board
    Monitor(s) Displays
    notebook
    Screen Resolution
    1366x768
    Hard Drives
    Seagate ST9500325AS
    Google drive 15GB
    Skydrive 25GB
    BT Cloud
    PSU
    external 20v
    Case
    Laptop
    Cooling
    pretty good
    Keyboard
    inbuilt
    Mouse
    touchpad
    Internet Speed
    BT Infinity Unlimited - 80 up 20 down =70/16 really
    Browser
    Chrome Canary usually
    Antivirus
    Windows Defender and Malwarebytes
    Other Info
    no Start menu modifications
    Upgraded with no issues to 8.0 and to 8.1

glennc

New Member
Member
heh heh Basically, what I was advising was to use the removal tool in safe mode for Norton/Symantec. This will completely take it away from the machine for good.

I've seen too much trouble from that software maker, and in my personal experience with it dating back to probably around the year 2000 or so before I knew better, it is not something you want on your machine for various performance/stability reasons.

I do not have high regards for their solutions for other reasons as well.

So if you do remove it, then set the Windows Firewall and Defender services to their default settings, which is Automatic.

On the other hand, if you really like this Norton/Symantec thing, just leave it alone and see how it continues to go for you. If you have any sorts of weird issues, look at that being the culprit first.

Hey Gman,
I've used Norton since the dos days. They were great and then they IMHO went away. So I too disavowed myself from them. Using 3rd party stuff. But a while back I read that their AV was rated very high. They had a special so I bought it. Ran it on XP and on the W7 machine. Never had an issue and I like the extras. It is again IMHO nice to be asked if a program you downloaded was rated high or low. If I wanted to let it run or not. Checking on the websites I go to. This cryptic stuff (for me) like going into Windows defender to set it up site by site is not to my liking. Plus as luck would have it I had 40 days on the paid version left and they had a special on NIS. So for $20 dollars I got it with 3 licenses. Called them and told them about my 40 days and they extended my year of NIS for an additional 60 days. That is why I built a multicore machine, to finally take advantage of the features promised by windows and computing for years. It's like Windows 7 finally works like I want it to, easy neat extra features and the power not to not to slow the computer down to a crawl. I have been waiting for this experience since I put Windows 3.1 on a computer. I am behind a router, now I can't say that is set up perfectly, but that and the Comodo firewall and Norton and Malwarebytes have been keeping me completely virus free and hacked free, finger's crossed. I used to be into the neat working, copying machine code for my Vic 20. Then typing it back in when I powered up the next time. I remember when Microsoft bought Norton defrag and added it to their os. So I am kinda happy, like it is (again fingers crossed). Paranoia makes me run MSE standalone to double check Norton. SuperAntispyware to double check Malwarebytes. Weird huh! With the windows 8 machine that I built from spare parts because it got so slow as Ubuntu grew, I like it and the speed. So having 2 extra licenses it was an obvious choice. From occasionally reading reviews, the best AV changes constantly. I also have a relative in IT who is into security and he isn't really happy about my choice either, but thinks that as long as it works.... Heck, I am scrounging up a old hardrive, got macrium on and a boot disk. Found that tutorial on how to get to safe boot. I will be good to go when I get a system image saved. I will feel safer when a 3rd party like Comodo makes a compatible version for 8. Even then, when it does come out and it is figured out and running good, I don't want to spend the money for it. I will put Ubuntu back on. OS's are too costly for me. I totally skipped Vista, but got talked into trying W7 by my relative. He was right, after I learned how to make system images :D :D!
Always thanks for your time, experienced help and style!!!
Glenn
 

My Computer

System One

  • OS
    Windows 7

glennc

New Member
Member
I think Windows will have come of age on the day when third party Utilities are not needed at all. I have not felt the need for a 3rd party personal firewall since being behind a home router and NAT firewall (Smoothwall running on an old PII with 64MB RAM) in 2003, and then with home wireless routers, I just don't think I am exposed at all with a private IP address (see Steve Gibsons Shields Up for instance). I have had some XP machines with the Windows firewall turned off for years, and I don't often get malware - like once every couple of years or so. And I don't feel the need for antivirus since AVG2011 finished my relationship with them.


The thing that messes people up most is Internet Explorer. Don't use it. 'Cos the hackers do.


I now only use beta browsers - Google Chrome Canary Build - Opera Next - Firefox Beta - sometimes recent builds of Seamonkey. Browser exploits are hard to do on things that have only been out a day or two. And if they don't work properly due to their beta nature, I can always use a stable version.
If the adblockers don't stop the cr*p, I use a Hosts file to stop bad adverts from appearing if the sites I find myself visiting appear full of flashy trash or popups - even in linux.


I love downloading utilities, some of them from sites in Chinese, like Jeff Chan's inscrutable RW Everything and from India e.g. Vishal Gupta's excellent Puran Defrag so I don't always stay within safe limits (Check these out GMan, if you don't know them already!) - - Driver downloads are a minefield. Laptopvideo2go and Tim's Driver Guide are good to go at the moment, but good sites have gone bad in the past, and I can understand the problems with hosting driver catalogs and archives.


I never divulge my identity online unless it's professionally useful to do so, and if there's an email there, it's not machine readable. If an address gets spammed, the spams stay unopened, and I only use webmail, so the emails are never downloaded to Microsoft's second worst offender, Outlook.

Hey fafhrd,
Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
Glenn
 

My Computer

System One

  • OS
    Windows 7

GMan

Banned
Yeah, yeah - long time Gibson fan and reader here too. The guy has taught me a lot through his online presence, mostly networking related stuff.

3rd party firewalls are commonly used to easily disallow any newly ran program or installer from accessing the network. It doesn't take too much imagination to realize why. Basically, it's useful for those programs that decided they wanted to be downloaded (yes - all on their own hahah and no I don't mean a trojan - I mean useful stuff) and installed...and to make them continue working indefinitely.

The Windows Firewall has the same functionality but people don't generally use it for that. That's because it doesn't automatically deny outbound access to anything.

haha my hosts file is 454 kB. I just had to check.

I will definitely check the software. Where the heck do I know that name Vishal Gupta from? I know I have heh.
 

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

GMan

Banned
Cool deal glennc. Ya, your relative in IT probably had/has to deal with many problems involving the Norton so that's why he's agreeable with my opinion.

It even has the undesirable ability to cause machines to be impossible to boot to Windows well at times. I've fixed it for people many times over.

On one particular forum years ago that also had a Norton/Symantec rep on it - I knew of this issue and was telling the user to remove it with the tool and the machine would be fine. I was completely sure based on detailed info given by the user.

Well, the site mods, the user with problems nor the rep would believe N/S was the cause. It didn't work out well for me or the user trying to repair the machine either. So it goes....

:)
 

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

glennc

New Member
Member
I think Windows will have come of age on the day when third party Utilities are not needed at all. I have not felt the need for a 3rd party personal firewall since being behind a home router and NAT firewall (Smoothwall running on an old PII with 64MB RAM) in 2003, and then with home wireless routers, I just don't think I am exposed at all with a private IP address (see Steve Gibsons Shields Up for instance). I have had some XP machines with the Windows firewall turned off for years, and I don't often get malware - like once every couple of years or so. And I don't feel the need for antivirus since AVG2011 finished my relationship with them.


The thing that messes people up most is Internet Explorer. Don't use it. 'Cos the hackers do.


I now only use beta browsers - Google Chrome Canary Build - Opera Next - Firefox Beta - sometimes recent builds of Seamonkey. Browser exploits are hard to do on things that have only been out a day or two. And if they don't work properly due to their beta nature, I can always use a stable version.
If the adblockers don't stop the cr*p, I use a Hosts file to stop bad adverts from appearing if the sites I find myself visiting appear full of flashy trash or popups - even in linux.


I love downloading utilities, some of them from sites in Chinese, like Jeff Chan's inscrutable RW Everything and from India e.g. Vishal Gupta's excellent Puran Defrag so I don't always stay within safe limits (Check these out GMan, if you don't know them already!) - - Driver downloads are a minefield. Laptopvideo2go and Tim's Driver Guide are good to go at the moment, but good sites have gone bad in the past, and I can understand the problems with hosting driver catalogs and archives.


I never divulge my identity online unless it's professionally useful to do so, and if there's an email there, it's not machine readable. If an address gets spammed, the spams stay unopened, and I only use webmail, so the emails are never downloaded to Microsoft's second worst offender, Outlook.

Hey fafhrd,
Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
Glenn
 

My Computer

System One

  • OS
    Windows 7

glennc

New Member
Member
Cool deal glennc. Ya, your relative in IT probably had/has to deal with many problems involving the Norton so that's why he's agreeable with my opinion.

It even has the undesirable ability to cause machines to be impossible to boot to Windows well at times. I've fixed it for people many times over.

On one particular forum years ago that also had a Norton/Symantec rep on it - I knew of this issue and was telling the user to remove it with the tool and the machine would be fine. I was completely sure based on detailed info given by the user.

Well, the site mods, the user with problems nor the rep would believe N/S was the cause. It didn't work out well for me or the user trying to repair the machine either. So it goes....

:)


Some days you get the bear and some days the bear gets you! Maybe my time will come....
Take care buddy!
Glenn
 

My Computer

System One

  • OS
    Windows 7

GMan

Banned
NAT concept is simple. When a packet comes in from the outside that no machines on your network requested, it is automatically blocked by the router. The simple reason for this is because the router has no clue which machine to give it to.

Then you will think, well how can I run a server like HTTP or FTP or even allow connections to any bittorrent client like uTorrent? If outside machines can't find the servers, what to do?

That is why port forwarding concept is included in all routers. You literally tell the router something like this:

When a tcp packet comes in on port 5502, send it to the machine with the ip address of 192.168.0.60
When a udp packet comes in on port 22,304, send it to the machine with the ip address of 192.168.0.74

(That is why it is very desirable to set up static ip addresses that never change for machines on your network, instead of relying on the router's DHCP server to hand out ip addresses which will always be different with each connect.)

Those are just examples. You can setup anything how you want.

With client/servers like uTorrent, there is also a concept called uPnP. What this literally does is tell your router from the program: Hey, I want to serve on port 20,000 (or any other port it is set for.) So the router takes care of the config automatically and sends all packets inbound on port 20,000 to the machine running uTorrent.

If you have more than one machine running uTorrent and uPnP is active, the router will still know where to send all incoming packets to the right places.

But still, if someone tries to attack your network by sending a packet at it, the router will behave as a firewall and just drop it so it can not cause any harm.

Then you might also think: Well if I allow udp packets on port 20,000 to a machine I have with uTorrent, can't a hacker just send a udp packet to my network on port 20,000? The answer is yes, they can. In this case, the design and security of your application (uTorrent in this case) is extremely important. What happens with that "bad" packet coming in will be decided by uTorrent. If the design is well, harm is still not done.
 

My Computer

System One

  • OS
    8250 x86 + 7 SP1 x86 + Ubuntu 12.04 LTS x86
    CPU
    P4 3.4 GHz HT
    Motherboard
    MSI-7211
    Memory
    OCZ 2 GB DDR @ 400 MHz
    Graphics Card(s)
    HIS AGP HD 3850 Turbo Ice-Q
    Sound Card
    MOTU Traveler firewire interface
    Monitor(s) Displays
    Acer x223w
    Screen Resolution
    1680x1050
    Hard Drives
    WD Caviar Black 1 TB Sata II, WD 400 GB Sata I, WD 120 GB Sata I
    PSU
    300W generic
    Case
    Cybertron
    Keyboard
    Logitech Classic Keyboard 200, Dell RT7D20
    Mouse
    Logitech M510
    Internet Speed
    2 MByte/sec Down, 250 KByte/sec Up

fafhrd

Active Member
Pro User
Hey fafhrd,
Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
Glenn

NAT is quite easy. It's automatically set up by default in most routers. The router has the incoming internet address assigned by the ISP, for me it's (I open a new tab, type: whats my ip, and Google sends me to What's My IP Address? Networking Tools & More which tells me: ) 82.44.205.163. Publicly broadcast - that's how the website could tell me what my IP was. On my side of the router, which has an IP address of 192.168.0.1 (my internet gateway and DNS) I find that my address is 192.168.0.9 if I look it up with ipconfig.

Almost all private home networks operate within the range of 192.168.0.1 to 192.168.0.255. Nobody on the internet can reach me at address 192.168.0.9, because there are millions of us with that address, on private networks globally. Only my router knows how to. So when a website sends a page I have asked for, the site sends it to 82.44.205.163, since that is the address it believes the request has come from. When my router receives the page, it routes it to me, 'cos it knows I requested it.
Some downloaded programs might "phone home" from my computer, and that's where ZA has the advantage over, say, MS Windows Firewall, which never asks your permission for anything, although it can be configured to block outgoing requests like ZA does. Most programs that do call home, I am happy to let them, so that they can receive updates etc.

In occasion I have clicked an advert which has given me an unwelcome parasite. Usually these are manifested as BHOs (Browser Helper Objects), which might, for instance, install themselves as toolbars in Internet Explorer, and spawn unwelcome adverts, and worse. That's when I would load up Malwarebytes to remove all traces of the parasite, but as I mentioned before, I already have several defences against that happening.

After WPA2, the other password is that of the router setup, which you should change from the default if you can, the router default ssid name, since these all give clues to the hacker.

However, a scan from Netalyzr shows that the router reports on the internal private network:

Code:
[COLOR=#606060][FONT=helvetica][COLOR=#0A0545][B]cpc2-haye8-0-0-cust1442.haye.cable.virginmedia.com / 82.44.205.163[/B][/COLOR]
NAT detection ([URL="http://www.eightforums.com/info_nat_detect.html"]?[/URL]): NAT Detected[URL="http://www.eightforums.com/"]–[/URL]
Your global IP address is 82.44.205.163 while your local one is 192.168.0.9. You are behind a NAT. Your local address is in unroutable address space.
Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
[CENTER][IMG]http://chart.apis.google.com/chart?cht=s&chs=250x40&chf=bg,s,00000000&chm=o,000000,0,0,4,1&chxt=y&chxl=0:|45512|45521&chd=t:0,11,22,33,44,55,66,77,88,99|0,11,22,33,44,55,66,77,88,100[/IMG][/CENTER]
TCP ports are not renumbered by the network.


[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Local Network Interfaces ([URL="http://www.eightforums.com/info_local_interface.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer reports the following network interfaces, with the following IP addresses for each one:
[LIST]
[*]lo: (a local loopback interface)
[LIST]
[*]::1 [localhost] (an IPv6 loopback address)
[*]127.0.0.1 [localhost] (an IPv4 loopback address)
[/LIST]

[*]wlan0:
[LIST]
[*]fe80::8a9f:faff:fe0f:9771 (a link-local IPv6 address)
[*]192.168.0.9 [[COLOR=#ff0000][B]MYNAME[/B]-netbook.local[/COLOR]] (a private IPv4 address)
[/LIST]
[/LIST]


[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

DNS-based host information ([URL="http://www.eightforums.com/info_dns_hostinfo.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
You are not a [URL="http://www.torproject.org"]Tor[/URL] exit node for HTTP traffic.
You are listed on the [URL="http://www.spamhaus.org"]Spamhaus[/URL] [URL="http://www.spamhaus.org/pbl/"]Policy Based Blacklist[/URL], meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail.
The [URL="http://www.au.sorbs.net/faq/dul.shtml"]SORBS DUHL[/URL] believes you are using a statically assigned IP address.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

NAT support for Universal Plug and Play (UPnP) ([URL="http://www.eightforums.com/info_upnp.html"]?[/URL]): Yes[URL="http://www.eightforums.com/"]–[/URL]
We received UPnP responses from one device:
[LIST]
[*]192.168.0.1: this device provided a valid device description via its UPnP URL. This description, viewable [URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]here[/URL], contains the following information about this gateway:
[LIST]
[*][COLOR=#ff0000]Name: Netgear VMDG280[/COLOR]
[*]Manufacturer: Netgear
[*]Manufacturer URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL]
[*]Model name: VMDG280
[*]Model number: VMDG280
[*]Model URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL]
[*]Model Description: VMDG280
[/LIST]
[/LIST]


[/FONT][/COLOR]
So you know my ISP and approximate location, and my computer name (containing MYNAME) is being broadcast as well as my unrouteable private address, and the model of my router too - which will have default passwords and possibly SSID and other default values.

I am using a linuxMint 8 netbook at the moment, so uPNP is not really much use, except to my Windows systems




Code:
[COLOR=#0A0545][FONT=helvetica][B]Network Access Link Properties[/B][/FONT][/COLOR][COLOR=#0A0545][FONT=helvetica][B][RIGHT][URL="http://www.eightforums.com/"]+[/URL] [IMG]http://www.eightforums.com/yelred_off.gif[/IMG] [URL="http://www.eightforums.com/"]–[/URL][/RIGHT]
[/B][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network latency measurements ([URL="http://www.eightforums.com/info_latency.html"]?[/URL]): Latency: 95ms Loss: 0.0%[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

TCP connection setup latency ([URL="http://www.eightforums.com/info_tcp_latency.html"]?[/URL]): 200ms[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network background health measurement ([URL="http://www.eightforums.com/info_burst_loss.html"]?[/URL]): no transient outages[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network bandwidth ([URL="http://www.eightforums.com/info_bandwidth.html"]?[/URL]): Upload 1.0 Mbit/sec, Download 7.2 Mbit/sec[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]


Network buffer measurements ([URL="http://www.eightforums.com/info_buffer.html"]?[/URL]): Uplink 520 ms, Downlink 130 ms[URL="http://www.eightforums.com/"]–[/URL]
We estimate your uplink as having 520 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. Real-time applications, such as games or audio chat, may also work poorly when conducting large uploads at the same time.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]We estimate your downlink as having 130 msec of buffering. This level may serve well for
 maximizing speed while minimizing the impact of large transfers on other traffic.[/FONT][/COLOR]

So you can tell how fast my up and downlinks are - and therefore if hacked in how long it might take to do certain tasks like uploading a file to me or downloading data from my disk. Like cookies for instance:
Code:
[COLOR=#606060][FONT=helvetica]
JavaScript-based tests ([URL="http://www.eightforums.com/info_javascript.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]The applet did not execute within a frame.
Your web browser reports the following cookies for our web page:
[LIST]
[*]netAlizEd = BaR (set by our server)
[*]netalyzrStatus = running (set by our server)
[/LIST]

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]Your web browser was unable to fetch an image using IPv6.
[/FONT][/COLOR][COLOR=#606060][FONT=helvetica]
System clock accuracy ([URL="http://www.eightforums.com/info_system_clock.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer's clock agrees with our server's clock.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Browser properties ([URL="http://www.eightforums.com/info_browser_properties.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your web browser sends the following parameters to all web sites you visit:
[LIST]
[*]User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2
[*]Accept: application/xml,application/xhtml+xml,text/html; q=0.9,text/plain; q=0.8,image/png,*/*; q=0.5
[*]Accept Language: en-GB,en-US;q=0.8,en;q=0.6
[*]Accept Encoding: gzip,deflate,sdch
[*]Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
[/LIST]
Java identifies your operating system as Linux.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Uploaded data ([URL="http://www.eightforums.com/info_upload.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
The applet uploaded the following additional content:
[LIST]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=apache_404"]apache_404[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=custom_404"]custom_404[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=nxpage"]nxpage[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=plain_404"]plain_404[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=raw_http_content"]raw_http_content[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]upnp_0_descr[/URL]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_details"]upnp_0_details[/URL]
[/LIST]


[/FONT][/COLOR]
So the clock sends a timestamp, and the browser identifies itself by spoofing several possible browsers, and that it is a Linux version.

If I had a wired network, that would be about it, but I have wireless, like you.
If you live in a city, and not out in the sticks, with no neighbours for miles, Windows tells you that there are other networks available, some secured, others not. But your wireless router and PC wireless adapter give out a lot more information than that. All you need is something portable that runs a program like: InSSIDer by METAGEEK It shows the mac addresses, SSIDs Channels, signal strength etc etc. Walk or drive around with it and a GPS, and you could map the whole neighbourhood, checking names, addresses, ISPs, and people have already done that. WiGLE - Wireless Geographic Logging Engine - Browsable Web Map

It's all based on the Windows commandline:

netsh wlan show networks mode=bssid

So perhaps I should be tightening up my act! You can of course find out how much your browser and router is giving away too.

I should say that Google is the weak link in the network, sorry weakest. If Android devices connect to your network, they are so insecure, that when the sort of information such as the above can be sniffed as it passes to and from a guy at an airport after a long flight, checking his corporate email server, as well as the passwords he needs to get into his mailbox or corporate account, then there's no security at all.

That is what Windows 8 corporate marketing is all about - a secure OS brand for portable devices - and businesses will go for it if the OEMs of portable devices are offered it at a good enough price (at first) like try it free for a year?
 
Last edited:

My Computer

System One

  • OS
    Windows 8.1 Pro with Media Center
    Computer type
    PC/Desktop
    System Manufacturer/Model
    HP COMPAQ Presario CQ57
    CPU
    AMD E- 300 APU with Radion HD Graphics 1.30GHz
    Motherboard
    inbuilt
    Memory
    4GB
    Graphics Card(s)
    ATI
    Sound Card
    High Definition Audio on-board
    Monitor(s) Displays
    notebook
    Screen Resolution
    1366x768
    Hard Drives
    Seagate ST9500325AS
    Google drive 15GB
    Skydrive 25GB
    BT Cloud
    PSU
    external 20v
    Case
    Laptop
    Cooling
    pretty good
    Keyboard
    inbuilt
    Mouse
    touchpad
    Internet Speed
    BT Infinity Unlimited - 80 up 20 down =70/16 really
    Browser
    Chrome Canary usually
    Antivirus
    Windows Defender and Malwarebytes
    Other Info
    no Start menu modifications
    Upgraded with no issues to 8.0 and to 8.1

glennc

New Member
Member
NAT concept is simple. When a packet comes in from the outside that no machines on your network requested, it is automatically blocked by the router. The simple reason for this is because the router has no clue which machine to give it to.

Then you will think, well how can I run a server like HTTP or FTP or even allow connections to any bittorrent client like uTorrent? If outside machines can't find the servers, what to do?

That is why port forwarding concept is included in all routers. You literally tell the router something like this:

When a tcp packet comes in on port 5502, send it to the machine with the ip address of 192.168.0.60
When a udp packet comes in on port 22,304, send it to the machine with the ip address of 192.168.0.74

(That is why it is very desirable to set up static ip addresses that never change for machines on your network, instead of relying on the router's DHCP server to hand out ip addresses which will always be different with each connect.)

Those are just examples. You can setup anything how you want.

With client/servers like uTorrent, there is also a concept called uPnP. What this literally does is tell your router from the program: Hey, I want to serve on port 20,000 (or any other port it is set for.) So the router takes care of the config automatically and sends all packets inbound on port 20,000 to the machine running uTorrent.

If you have more than one machine running uTorrent and uPnP is active, the router will still know where to send all incoming packets to the right places.

But still, if someone tries to attack your network by sending a packet at it, the router will behave as a firewall and just drop it so it can not cause any harm.

Then you might also think: Well if I allow udp packets on port 20,000 to a machine I have with uTorrent, can't a hacker just send a udp packet to my network on port 20,000? The answer is yes, they can. In this case, the design and security of your application (uTorrent in this case) is extremely important. What happens with that "bad" packet coming in will be decided by uTorrent. If the design is well, harm is still not done.

Howdy Gman,
You are very kind! I will have to devote a fair portion of the day trying to wrap my head around you seemingly clear and well done explanation. Thank you extensively!
Glenn
 

My Computer

System One

  • OS
    Windows 7

glennc

New Member
Member
Hey fafhrd,
Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
Glenn

NAT is quite easy. It's automatically set up by default in most routers. The router has the incoming internet address assigned by the ISP, for me it's (I open a new tab, type: whats my ip, and Google sends me to What's My IP Address? Networking Tools & More which tells me: ) 82.44.205.163. Publicly broadcast - that's how the website could tell me what my IP was. On my side of the router, which has an IP address of 192.168.0.1 (my internet gateway and DNS) I find that my address is 192.168.0.9 if I look it up with ipconfig.

Almost all private home networks operate within the range of 192.168.0.1 to 192.168.0.255. Nobody on the internet can reach me at address 192.168.0.9, because there are millions of us with that address, on private networks globally. Only my router knows how to. So when a website sends a page I have asked for, the site sends it to 82.44.205.163, since that is the address it believes the request has come from. When my router receives the page, it routes it to me, 'cos it knows I requested it.
Some downloaded programs might "phone home" from my computer, and that's where ZA has the advantage over, say, MS Windows Firewall, which never asks your permission for anything, although it can be configured to block outgoing requests like ZA does. Most programs that do call home, I am happy to let them, so that they can receive updates etc.

In occasion I have clicked an advert which has given me an unwelcome parasite. Usually these are manifested as BHOs (Browser Helper Objects), which might, for instance, install themselves as toolbars in Internet Explorer, and spawn unwelcome adverts, and worse. That's when I would load up Malwarebytes to remove all traces of the parasite, but as I mentioned before, I already have several defences against that happening.

After WPA2, the other password is that of the router setup, which you should change from the default if you can, the router default ssid name, since these all give clues to the hacker.

However, a scan from Netalyzr shows that the router reports on the internal private network:

Code:
[COLOR=#606060][FONT=helvetica][COLOR=#0A0545][B]cpc2-haye8-0-0-cust1442.haye.cable.virginmedia.com / 82.44.205.163[/B][/COLOR]
NAT detection ([URL="http://www.eightforums.com/info_nat_detect.html"]?[/URL]): NAT Detected[URL="http://www.eightforums.com/"]–[/URL]
Your global IP address is 82.44.205.163 while your local one is 192.168.0.9. You are behind a NAT. Your local address is in unroutable address space.
Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
[CENTER][IMG]http://chart.apis.google.com/chart?cht=s&chs=250x40&chf=bg,s,00000000&chm=o,000000,0,0,4,1&chxt=y&chxl=0:%7C45512%7C45521&chd=t:0,11,22,33,44,55,66,77,88,99%7C0,11,22,33,44,55,66,77,88,100[/IMG][/CENTER]
TCP ports are not renumbered by the network.


[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Local Network Interfaces ([URL="http://www.eightforums.com/info_local_interface.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer reports the following network interfaces, with the following IP addresses for each one:
[LIST]
[*]lo: (a local loopback interface)
[LIST]
[*]::1 [localhost] (an IPv6 loopback address) 
[*]127.0.0.1 [localhost] (an IPv4 loopback address) 
[/LIST]
  
[*]wlan0:
[LIST]
[*]fe80::8a9f:faff:fe0f:9771 (a link-local IPv6 address) 
[*]192.168.0.9 [[COLOR=#ff0000][B]MYNAME[/B]-netbook.local[/COLOR]] (a private IPv4 address) 
[/LIST]
  
[/LIST]


[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

DNS-based host information ([URL="http://www.eightforums.com/info_dns_hostinfo.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
You are not a [URL="http://www.torproject.org"]Tor[/URL] exit node for HTTP traffic.
You are listed on the [URL="http://www.spamhaus.org"]Spamhaus[/URL] [URL="http://www.spamhaus.org/pbl/"]Policy Based Blacklist[/URL], meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail.
The [URL="http://www.au.sorbs.net/faq/dul.shtml"]SORBS DUHL[/URL] believes you are using a statically assigned IP address.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

NAT support for Universal Plug and Play (UPnP) ([URL="http://www.eightforums.com/info_upnp.html"]?[/URL]): Yes[URL="http://www.eightforums.com/"]–[/URL]
We received UPnP responses from one device:
[LIST]
[*]192.168.0.1: this device provided a valid device description via its UPnP URL. This description, viewable [URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]here[/URL], contains the following information about this gateway:
[LIST]
[*][COLOR=#ff0000]Name: Netgear VMDG280[/COLOR] 
[*]Manufacturer: Netgear 
[*]Manufacturer URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL] 
[*]Model name: VMDG280 
[*]Model number: VMDG280 
[*]Model URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL] 
[*]Model Description: VMDG280 
[/LIST]
  
[/LIST]


[/FONT][/COLOR]
So you know my ISP and approximate location, and my computer name (containing MYNAME) is being broadcast as well as my unrouteable private address, and the model of my router too - which will have default passwords and possibly SSID and other default values.

I am using a linuxMint 8 netbook at the moment, so uPNP is not really much use, except to my Windows systems




Code:
[COLOR=#0A0545][FONT=helvetica][B]Network Access Link Properties[/B][/FONT][/COLOR][COLOR=#0A0545][FONT=helvetica][B][RIGHT][URL="http://www.eightforums.com/"]+[/URL] [IMG]http://www.eightforums.com/yelred_off.gif[/IMG] [URL="http://www.eightforums.com/"]–[/URL][/RIGHT]
[/B][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network latency measurements ([URL="http://www.eightforums.com/info_latency.html"]?[/URL]): Latency: 95ms Loss: 0.0%[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

TCP connection setup latency ([URL="http://www.eightforums.com/info_tcp_latency.html"]?[/URL]): 200ms[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network background health measurement ([URL="http://www.eightforums.com/info_burst_loss.html"]?[/URL]): no transient outages[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network bandwidth ([URL="http://www.eightforums.com/info_bandwidth.html"]?[/URL]): Upload 1.0 Mbit/sec, Download 7.2 Mbit/sec[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]


Network buffer measurements ([URL="http://www.eightforums.com/info_buffer.html"]?[/URL]): Uplink 520 ms, Downlink 130 ms[URL="http://www.eightforums.com/"]–[/URL]
We estimate your uplink as having 520 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. Real-time applications, such as games or audio chat, may also work poorly when conducting large uploads at the same time.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]We estimate your downlink as having 130 msec of buffering. This level may serve well for
 maximizing speed while minimizing the impact of large transfers on other traffic.[/FONT][/COLOR]

So you can tell how fast my up and downlinks are - and therefore if hacked in how long it might take to do certain tasks like uploading a file to me or downloading data from my disk. Like cookies for instance:
Code:
[COLOR=#606060][FONT=helvetica]
JavaScript-based tests ([URL="http://www.eightforums.com/info_javascript.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]The applet did not execute within a frame.
Your web browser reports the following cookies for our web page:
[LIST]
[*]netAlizEd = BaR (set by our server) 
[*]netalyzrStatus = running (set by our server) 
[/LIST]

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]Your web browser was unable to fetch an image using IPv6.
[/FONT][/COLOR][COLOR=#606060][FONT=helvetica]
System clock accuracy ([URL="http://www.eightforums.com/info_system_clock.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer's clock agrees with our server's clock.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Browser properties ([URL="http://www.eightforums.com/info_browser_properties.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your web browser sends the following parameters to all web sites you visit:
[LIST]
[*]User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2 
[*]Accept: application/xml,application/xhtml+xml,text/html; q=0.9,text/plain; q=0.8,image/png,*/*; q=0.5 
[*]Accept Language: en-GB,en-US;q=0.8,en;q=0.6 
[*]Accept Encoding: gzip,deflate,sdch 
[*]Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 
[/LIST]
Java identifies your operating system as Linux.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Uploaded data ([URL="http://www.eightforums.com/info_upload.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
The applet uploaded the following additional content:
[LIST]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=apache_404"]apache_404[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=custom_404"]custom_404[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=nxpage"]nxpage[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=plain_404"]plain_404[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=raw_http_content"]raw_http_content[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]upnp_0_descr[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_details"]upnp_0_details[/URL] 
[/LIST]


[/FONT][/COLOR]
So the clock sends a timestamp, and the browser identifies itself by spoofing several possible browsers, and that it is a Linux version.

If I had a wired network, that would be about it, but I have wireless, like you.
If you live in a city, and not out in the sticks, with no neighbours for miles, Windows tells you that there are other networks available, some secured, others not. But your wireless router and PC wireless adapter give out a lot more information than that. All you need is something portable that runs a program like: InSSIDer by METAGEEK It shows the mac addresses, SSIDs Channels, signal strength etc etc. Walk or drive around with it and a GPS, and you could map the whole neighbourhood, checking names, addresses, ISPs, and people have already done that. WiGLE - Wireless Geographic Logging Engine - Browsable Web Map

It's all based on the Windows commandline:

netsh wlan show networks mode=bssid

So perhaps I should be tightening up my act! You can of course find out how much your browser and router is giving away too.

I should say that Google is the weak link in the network, sorry weakest. If Android devices connect to your network, they are so insecure, that when the sort of information such as the above can be sniffed as it passes to and from a guy at an airport after a long flight, checking his corporate email server, as well as the passwords he needs to get into his mailbox or corporate account, then there's no security at all.

That is what Windows 8 corporate marketing is all about - a secure OS brand for portable devices - and businesses will go for it if the OEMs of portable devices are offered it at a good enough price (at first) like try it free for a year?

Howdy Sir,
What a great wealth of knowledge. This is going to take some time. Appreciate your effort, feed a man a fish, etc: Thanks and much appreciated!
Glenn
 

My Computer

System One

  • OS
    Windows 7

glennc

New Member
Member
Hey fafhrd,
Sound like you know what your doing and how to do it. I too don't use IE for the same reason or Outlook. Google becoming IMHO the next evil empire precludes me from using Chrome. Firefox and Tbird have been doing me just fine. I wish I had the knowledge or an expert to help me make sure my router is set up correctly. I never understood the NAT firewall concept, I don't broadcast the wireless name, use 802N with WPA2 with a very long password and mac filtering. Other than that I am beyond my depth. That is why I wish I had a trusty firewall as an extra layer of protection. Thanks for your help and experience!
Glenn

NAT is quite easy. It's automatically set up by default in most routers. The router has the incoming internet address assigned by the ISP, for me it's (I open a new tab, type: whats my ip, and Google sends me to What's My IP Address? Networking Tools & More which tells me: ) 82.44.205.163. Publicly broadcast - that's how the website could tell me what my IP was. On my side of the router, which has an IP address of 192.168.0.1 (my internet gateway and DNS) I find that my address is 192.168.0.9 if I look it up with ipconfig.

Almost all private home networks operate within the range of 192.168.0.1 to 192.168.0.255. Nobody on the internet can reach me at address 192.168.0.9, because there are millions of us with that address, on private networks globally. Only my router knows how to. So when a website sends a page I have asked for, the site sends it to 82.44.205.163, since that is the address it believes the request has come from. When my router receives the page, it routes it to me, 'cos it knows I requested it.
Some downloaded programs might "phone home" from my computer, and that's where ZA has the advantage over, say, MS Windows Firewall, which never asks your permission for anything, although it can be configured to block outgoing requests like ZA does. Most programs that do call home, I am happy to let them, so that they can receive updates etc.

In occasion I have clicked an advert which has given me an unwelcome parasite. Usually these are manifested as BHOs (Browser Helper Objects), which might, for instance, install themselves as toolbars in Internet Explorer, and spawn unwelcome adverts, and worse. That's when I would load up Malwarebytes to remove all traces of the parasite, but as I mentioned before, I already have several defences against that happening.

After WPA2, the other password is that of the router setup, which you should change from the default if you can, the router default ssid name, since these all give clues to the hacker.

However, a scan from Netalyzr shows that the router reports on the internal private network:

Code:
[COLOR=#606060][FONT=helvetica][COLOR=#0A0545][B]cpc2-haye8-0-0-cust1442.haye.cable.virginmedia.com / 82.44.205.163[/B][/COLOR]
NAT detection ([URL="http://www.eightforums.com/info_nat_detect.html"]?[/URL]): NAT Detected[URL="http://www.eightforums.com/"]–[/URL]
Your global IP address is 82.44.205.163 while your local one is 192.168.0.9. You are behind a NAT. Your local address is in unroutable address space.
Your machine numbers TCP source ports sequentially. The following graph shows connection attempts on the X-axis and their corresponding source ports used by your computer on the Y-axis.
[CENTER][IMG]http://chart.apis.google.com/chart?cht=s&chs=250x40&chf=bg,s,00000000&chm=o,000000,0,0,4,1&chxt=y&chxl=0:%7C45512%7C45521&chd=t:0,11,22,33,44,55,66,77,88,99%7C0,11,22,33,44,55,66,77,88,100[/IMG][/CENTER]
TCP ports are not renumbered by the network.


[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Local Network Interfaces ([URL="http://www.eightforums.com/info_local_interface.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer reports the following network interfaces, with the following IP addresses for each one:
[LIST]
[*]lo: (a local loopback interface)
[LIST]
[*]::1 [localhost] (an IPv6 loopback address) 
[*]127.0.0.1 [localhost] (an IPv4 loopback address) 
[/LIST]
  
[*]wlan0:
[LIST]
[*]fe80::8a9f:faff:fe0f:9771 (a link-local IPv6 address) 
[*]192.168.0.9 [[COLOR=#ff0000][B]MYNAME[/B]-netbook.local[/COLOR]] (a private IPv4 address) 
[/LIST]
  
[/LIST]


[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

DNS-based host information ([URL="http://www.eightforums.com/info_dns_hostinfo.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
You are not a [URL="http://www.torproject.org"]Tor[/URL] exit node for HTTP traffic.
You are listed on the [URL="http://www.spamhaus.org"]Spamhaus[/URL] [URL="http://www.spamhaus.org/pbl/"]Policy Based Blacklist[/URL], meaning that your provider has designated your address block as one that should only be sending authenticated email, email through the ISP's mail server, or using webmail.
The [URL="http://www.au.sorbs.net/faq/dul.shtml"]SORBS DUHL[/URL] believes you are using a statically assigned IP address.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

NAT support for Universal Plug and Play (UPnP) ([URL="http://www.eightforums.com/info_upnp.html"]?[/URL]): Yes[URL="http://www.eightforums.com/"]–[/URL]
We received UPnP responses from one device:
[LIST]
[*]192.168.0.1: this device provided a valid device description via its UPnP URL. This description, viewable [URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]here[/URL], contains the following information about this gateway:
[LIST]
[*][COLOR=#ff0000]Name: Netgear VMDG280[/COLOR] 
[*]Manufacturer: Netgear 
[*]Manufacturer URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL] 
[*]Model name: VMDG280 
[*]Model number: VMDG280 
[*]Model URL: [URL="http://www.netgear.com/"]Computer Networking Products & Equipment From NETGEAR®[/URL] 
[*]Model Description: VMDG280 
[/LIST]
  
[/LIST]


[/FONT][/COLOR]
So you know my ISP and approximate location, and my computer name (containing MYNAME) is being broadcast as well as my unrouteable private address, and the model of my router too - which will have default passwords and possibly SSID and other default values.

I am using a linuxMint 8 netbook at the moment, so uPNP is not really much use, except to my Windows systems




Code:
[COLOR=#0A0545][FONT=helvetica][B]Network Access Link Properties[/B][/FONT][/COLOR][COLOR=#0A0545][FONT=helvetica][B][RIGHT][URL="http://www.eightforums.com/"]+[/URL] [IMG]http://www.eightforums.com/yelred_off.gif[/IMG] [URL="http://www.eightforums.com/"]–[/URL][/RIGHT]
[/B][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network latency measurements ([URL="http://www.eightforums.com/info_latency.html"]?[/URL]): Latency: 95ms Loss: 0.0%[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

TCP connection setup latency ([URL="http://www.eightforums.com/info_tcp_latency.html"]?[/URL]): 200ms[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network background health measurement ([URL="http://www.eightforums.com/info_burst_loss.html"]?[/URL]): no transient outages[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Network bandwidth ([URL="http://www.eightforums.com/info_bandwidth.html"]?[/URL]): Upload 1.0 Mbit/sec, Download 7.2 Mbit/sec[URL="http://www.eightforums.com/"]+[/URL]
[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]


Network buffer measurements ([URL="http://www.eightforums.com/info_buffer.html"]?[/URL]): Uplink 520 ms, Downlink 130 ms[URL="http://www.eightforums.com/"]–[/URL]
We estimate your uplink as having 520 msec of buffering. This level can in some situations prove somewhat high, and you may experience degraded performance when performing interactive tasks such as web-surfing while simultaneously conducting large uploads. Real-time applications, such as games or audio chat, may also work poorly when conducting large uploads at the same time.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]We estimate your downlink as having 130 msec of buffering. This level may serve well for
 maximizing speed while minimizing the impact of large transfers on other traffic.[/FONT][/COLOR]

So you can tell how fast my up and downlinks are - and therefore if hacked in how long it might take to do certain tasks like uploading a file to me or downloading data from my disk. Like cookies for instance:
Code:
[COLOR=#606060][FONT=helvetica]
JavaScript-based tests ([URL="http://www.eightforums.com/info_javascript.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL][/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]The applet did not execute within a frame.
Your web browser reports the following cookies for our web page:
[LIST]
[*]netAlizEd = BaR (set by our server) 
[*]netalyzrStatus = running (set by our server) 
[/LIST]

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]Your web browser was unable to fetch an image using IPv6.
[/FONT][/COLOR][COLOR=#606060][FONT=helvetica]
System clock accuracy ([URL="http://www.eightforums.com/info_system_clock.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your computer's clock agrees with our server's clock.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Browser properties ([URL="http://www.eightforums.com/info_browser_properties.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
Your web browser sends the following parameters to all web sites you visit:
[LIST]
[*]User Agent: Mozilla/5.0 (X11; U; Linux i686; en-US) AppleWebKit/533.2 (KHTML, like Gecko) Chrome/5.0.342.7 Safari/533.2 
[*]Accept: application/xml,application/xhtml+xml,text/html; q=0.9,text/plain; q=0.8,image/png,*/*; q=0.5 
[*]Accept Language: en-GB,en-US;q=0.8,en;q=0.6 
[*]Accept Encoding: gzip,deflate,sdch 
[*]Accept Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 
[/LIST]
Java identifies your operating system as Linux.

[/FONT][/COLOR]
[COLOR=#606060][FONT=helvetica]

Uploaded data ([URL="http://www.eightforums.com/info_upload.html"]?[/URL]): OK[URL="http://www.eightforums.com/"]–[/URL]
The applet uploaded the following additional content:
[LIST]
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=apache_404"]apache_404[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=custom_404"]custom_404[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=nxpage"]nxpage[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=plain_404"]plain_404[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=raw_http_content"]raw_http_content[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_descr"]upnp_0_descr[/URL] 
[*][URL="http://www.eightforums.com/uploaded/id=43ca208a-26107-545057f9-4929-4e15-8821/key=upnp_0_details"]upnp_0_details[/URL] 
[/LIST]


[/FONT][/COLOR]
So the clock sends a timestamp, and the browser identifies itself by spoofing several possible browsers, and that it is a Linux version.

If I had a wired network, that would be about it, but I have wireless, like you.
If you live in a city, and not out in the sticks, with no neighbours for miles, Windows tells you that there are other networks available, some secured, others not. But your wireless router and PC wireless adapter give out a lot more information than that. All you need is something portable that runs a program like: InSSIDer by METAGEEK It shows the mac addresses, SSIDs Channels, signal strength etc etc. Walk or drive around with it and a GPS, and you could map the whole neighbourhood, checking names, addresses, ISPs, and people have already done that. WiGLE - Wireless Geographic Logging Engine - Browsable Web Map

It's all based on the Windows commandline:

netsh wlan show networks mode=bssid

So perhaps I should be tightening up my act! You can of course find out how much your browser and router is giving away too.

I should say that Google is the weak link in the network, sorry weakest. If Android devices connect to your network, they are so insecure, that when the sort of information such as the above can be sniffed as it passes to and from a guy at an airport after a long flight, checking his corporate email server, as well as the passwords he needs to get into his mailbox or corporate account, then there's no security at all.

That is what Windows 8 corporate marketing is all about - a secure OS brand for portable devices - and businesses will go for it if the OEMs of portable devices are offered it at a good enough price (at first) like try it free for a year?

Howdy Sir,
What a great wealth of knowledge. This is going to take some time. Appreciate your effort, feed a man a fish, etc: Thanks and much appreciated!
Glenn
 

My Computer

System One

  • OS
    Windows 7

Stan

New Member
GMan!

"So yup, if anyone is seriously interested, I'll add instructions here by request."

Yes I am interested!

Mostly in getting a standalone, firewall only, version of ZA working in Win 8, but if not available others will do. So please add instructions!

Stan
 

My Computer

System One

  • OS
    7

Users Who Are Viewing This Thread (Users: 0, Guests: 1)

Top