What to allow through firewall

Discussion in 'Backup and Security' started by AAAintheBeltway, Jun 15, 2003.

  1. Since I switched to xp ZoneAlarm is constantly asking if various programs should be allowed to access the internet. For example, winn32 generic host, spooler subsystem application , support. How am I supposed to know what is ok and what is not? Is there some source that can tell me what these various programs do and whether or not they need access? How about one of you experts listing everything that should be ok'd to access the internet. And is there any reason anything should get server privileges?
     
  2. complex

    complex

    to find out what services commonly run run on what ports, check out http://www.iana.org/assignments/port-numbers

    in order to tect your computer, you may want to try www.grc.com and running shields up (note: mr. steve gibson, the owner of that site, likes to use lots of exclaimation points, and i generally take everything he says with a grain of salt. still, he is a skilled coder)

    i have never used zonealarm, so i can't vouch for it, but i would imagine there would be some sort of online help, explaining what each port does.

    as for the ports you mentioned, win32 generic host is used for, i think, dns lookups, so you'll want to leave that one alone. spooler subsystem is for your printer. if you don't print to another computer across a network you might not need it.

    still, the best test is: go ahead and block that port, and then try to use your computer normally for a day or a week. if you notice nothing missing, then you're not missing anything. :)

    i hope this helps.

    complex
     
  3. Ken_DTU

    Ken_DTU

    yeah I always wonder about letting services.exe access the net, and "run dll as an app" etc.. occasionally it's IE asking for permission, but other times not..

    wish I knew .. let me know what you find .. i use zonealarmpro and the free sygate firewall together, so far so good ..
     
  4. One suggestion: Before you startup your new firewall, run a complete virus scan and also scan for "spyware" / parasiteware".

    Update your scanning software before doing the scan of your computer. Then install the new firewall and allow it to access whatever it asks for. This way you have some assurance that your computer is clean of viruses, trojan horses, and other bad guys.

    DS
     
  5. Kermit

    Kermit

    AAAintheBeltway:

    Dougcs’ suggestion is good. Make sure your PC is clean first. Then you may want to start fresh by removing all the existing programs that are listed under the Program Control tab of ZA. After that, under XP’s START button run the msconfig program and go to the Startup tab and check only the programs you want to startup up and take note which ones might need internet access. Make sure ZoneAlarm is among the items checked for startup. Then reboot your machine.

    After XP comes back up, any program(s) seeking internet access will be caught by ZA and you’ll be prompted. XP will have certain applications like:

    1. Generic Host Process for Win32 Services
    2. Application Layer Gateway Service
    3. Messenger
    4. Windows Update AutoUpdate Client (if you’ve enabled it)

    that will want access. Any other programs such as your browser, real-time quotes application, broker’s order-entry software, or whatever that need access will be prompted by ZA when you fire them up. Grant access to each as you deem appropriate. Hope that helps.

    Kermit
     
  6. First thing ya gotta do is shut down unneccessary services that XP/2K wants to run in the first place, like the indexing or system restore services. The machine will run faster.
     
  7. Thanks guys, very helpful. I took the advice to deny access and see what happens. Pretty much nothing out of the ordinary, at least so far as I can tell. Zonealarm is much more active than it was with the win98 or 2000 machines, getting a lot of denied connections to dns servers, etc and some incomings too. I also raised the trusted zone to highest security, again with no noticeable adverse effects.

    One problem I'm having is the Outlook express in xp defaults to a security setting that will not allow you to open email attachments. While I fully understand that is the prime avenue for virus infection, it's a nuisance to have to change the setting whne I get an attachment I need to see, like the one for russian brides or antispam software(ok, who buys antispam s/w from a spammer--did I miss something?) How risky is it to downgrade that level of protection, assuming I'm not going to open any unknown attachments anyway?
     
  8. In Outlook Express Options Security tab I unchecked "Do not allow attachments to be saved or opened" and over two years got a couple of viruses with attachments. This happens when virus gets into address book of your friend and you receive it thinking that it is a trusted mail. Norton coped with this pretty well in one instance I had to download some remedy from internet. One way or another you can not avoid it but you can handle the situation.