Avast or Zone Alarm using proxy server?

Discussion in 'Computer Security' started by Zak, Feb 13, 2005.

  1. Zak

    Zak Guest

    I use XP+SP1. I am in the UK and I am connected to NTL broadband.

    I am almost certain that I used to have no proxy sevrer set in IE6 >
    Tools > Internet Options > Connections > Lan Settings.

    However I now see that the Use Proxy Server box is ticked and the IP
    address entered is the loopback address 127.0.0.1 on port 81.

    Some web sites do not like this and they have problems.

    I also have Zome Alarm 4.5 and also the antivirus Avast (version 4.5
    home edition). Perhaps one of these two applications change the LAN
    Settings?

    I also use Firefox and Opera as browsers. Their own settings seem
    unchanged and do not refer to a proxy server but when I try to go to
    the problem web pages (eg http://www.firstdirect.com/) then they
    return a message protesting about proxy servers.

    How can I get around this?
     
    Zak, Feb 13, 2005
    #1
    1. Advertisements

  2. Zak

    Gerald Vogt Guest

    My personal opinion: update to SP2, use the SP2 firewall and deinstall
    ZoneAlarm. (No further comment necessary.)
    To check: open a command prompt. Type "netstat -a -o -p tcp" to list
    your tcp connections and open ports. Look for the line with the local
    address listening to port 81. The last column is the process id of the
    process listening on that port. Remember the PID (eg. 1234).

    Type

    tasklist /fi "pid eq 1234" /v

    (with the double quotes) to see the name of the process image. Replace
    the /v with /svc to get service information if it is a running service.

    If you don't recognize the name of the executable, search the drive for
    it or look into the directories of ZoneAlarm to see if you can find it
    there.
    A web site does not know about this. The only possible problems is some
    information that it filtered out, e.g. cookies.
    What's the exact message?
    The easiest way probably would be to deinstall ZoneAlarm (if it is ZA)
    and update to SP2, and use its firewall which is more stable and runs
    much faster. Otherwise, (if it is ZA) you have to properly configure ZA
    not to filter out whatever it is filtering out which probably means to
    deactivate its privacy protection or whitelist the sites that have
    problems with it. ZA support or help pages should be extensive about
    how to do this.

    Gerald
     
    Gerald Vogt, Feb 13, 2005
    #2
    1. Advertisements

  3. Zak

    Martin Guest

    Gee, most people are recommending the exact opposite...... Do you work for
    Microsoft???

    To the OP: I also run ZoneAlarm and Avast and have no such problem, perhaps
    it was something else that set the proxy settings? I'm not sure why Gerald
    feels WinXP-SP2 firewall is more stable and better than ZA (or other third
    party firewalls), seems almost all other software 'experts' say not to use
    the Windows firewall - I certainly noticed more 'intrusions' using only the
    Windows firewall, problems that were stopped by switching to ZA and turning
    the Windows firewall off!!
     
    Martin, Feb 13, 2005
    #3
  4. Gerald Vogt skrev:
    Uhu. ZA protects outgoing traffic from programs as well (you get a
    notice about all new programs trying to talk to the net and can block
    them). Windows FW only blocks incoming and server (listen) programs.
     
    Lars-Erik Østerud, Feb 13, 2005
    #4
  5. Zak

    Gerald Vogt Guest

    What else do you need? Do you rely on the outgoing filtering? It is
    extremely easy to circumvent the outgoing "filter" and there are many
    examples how to do it. If you catch some Spyware on your computer it may
    send data out and your PFW won't notice. (e.g. your browser is probably
    enabled to send data out and any software running locally can use IE to
    send data out...) I would not call this "protection": most of the
    software you use that wants to send data out you will enable anyway,
    because it needs the internet (e-mail, browser, etc.) while that
    software that you really want to block out (spyware etc.) can easily
    circumvent it. There is no real benefit in that.

    And if you rely on it, i.e. you say "I've installed that PFW thus nobody
    can spy me out. I can install any program on my computer I want. I am
    safe anyway." There are many examples posted in various newsgroups with
    people that installed virus scanner, PFW, spyware scanner and more to be
    safe and still "catched" something because they thought with all that
    security software nothing would happen. They just don't get it that the
    biggest security problem they have is themselves.

    So there is group A that downloads the craziest stuff from the weirdest
    places. Those people live dangerous and no PFW or other security
    software can help them in the end. Just think about all those pop-ups of
    the PFW that ask you whether you want to allow this or that. Do you
    always know the correct answer?

    And group B does not download things. They just want browse their local
    newspaper, send some e-mails, use some word processor. They are careful
    and they don't open spam and in particular don't open documents
    promising anything with strange attachments. Someone told them and they
    know that and they are careful. For them, a PFW may be nice as it tells
    them when Word tries to connect to the microsoft server. But then, you
    wanted Word and you want the clip art, so you allow it anyway. You don't
    need a difficult pop-up question for that. No need here for an outgoing
    filter, either.

    So the outgoing filter does not work 100%. Either you rely on it and
    play it dangerous and loose eventually (all those other things blocked
    like the automatic update from some legal software giving you the false
    impressions it that it works perfectly) or you don't rely on it and be
    careful. But then, you don't rely on it anyway so why do you need it?
    The SP2 FW is perfect as incoming filter and cannot be as easily turned
    off as a PFW from some software running on your system. (Whatever you
    can do on your system any software that you run can do as well, it just
    "simulates" a couple of mouse clicks and before you can see it your PFW
    is turned off from its tray icon). You don't even need the SP2 firewall
    if you do not install strange software and shut down all those "nice"
    services that Windows usually starts but that you never need or
    configure them that they do not listen to the internet interface...

    Gerald
     
    Gerald Vogt, Feb 13, 2005
    #5
  6. Gerald Vogt skrev:
    Have you tried the outgoing filters. Lots of programs try to connect
    the net for no apparent reason (ms programs, cd/dvd burning software,
    services, even word and excel). I like to have control (and stop) such
    attemts. Why should my DVD-burning software talk to someone out there?

    I use 3 different spy/adware cleaning enginges too, but that does NOT
    stop all the programs talking to the net without asking first :-/
     
    Lars-Erik Østerud, Feb 13, 2005
    #6
  7. Not on my computer..

    Why are you trying to discourage newbies from using a firewall?
     
    Beauregard T. Shagnasty, Feb 13, 2005
    #7
  8. Zak

    Gerald Vogt Guest

    Again: it is easy to circumvent. Your PFW does not stop _all_ programs
    talking to the net without asking first. It does stop those which kindly
    agree to be cooperative and do simply use the windows IP stack for
    communication. If the program does use other ways of communication (e.g.
    your web browser) your PFW won't block nor notify because I assume that
    your PFW is configured to allow outgoing web browser traffic. Programs
    can also simply deactivate the PFW for a while and send out data anyway.

    Again: There is no way to filter _all_ outgoing traffic on the computer
    you are running. The only thing to do that would be some external device.

    Gerald
     
    Gerald Vogt, Feb 14, 2005
    #8
  9. Zak

    Gerald Vogt Guest

    You are running Windows? You have Internet Explorer. We were talking
    about Windows? And even then, it does even have to be IE but just a web
    browser would do, too.
    I did not say that. Where did I say not to use a firewall? I told them
    that the SP2 firewall is very good, does not mess with the system as
    other PFW do, does not pretend to do things it cannot do without telling
    you properly what it actually can do. It does not lead people to believe
    that they are perfectly safe only by installing some software.

    Gerald
     
    Gerald Vogt, Feb 14, 2005
    #9
  10. Yes, yes, and yes.
    I agree with that. It does even have to be IE.
    ...until you can get a far better one installed.
    But.. but.. having no outbound firewall is not a good idea! A
    third-party firewall is better than *nothing*.
     
    Beauregard T. Shagnasty, Feb 14, 2005
    #10
  11. Zak

    Gerald Vogt Guest

    What is far better? A PFW that messes pretty badly with your system,
    slows it down pretty much, introduces new security risks into your
    system (there have been worms that target PFWs!), that can be turned off
    or circumvented pretty easily? The SP2 runs stable and does not produce
    much overhead. It cannot be turned of unless you are administrator. And
    it does not pretend to do things that it cannot do.
    Why a third-party firewall when you have a better one coming with your
    XP SP2? As I said before, the outgoing firewall is only going to detect
    traffic when the software does not make any effort to do it silently. So
    if it wants to make an outgoing connection it is able to, somehow.

    All these nice pop-ups of outgoing connections in a PFW usually make
    people believe that it a) does filter _all_ connections which it never
    can and which keeps people in a wrong feeling of security and that b)
    they do not have to configure their software properly and just turn off
    the automatic update checks for example as it is possible in most software.

    Malware and other software from dubious sources does whatever it wants.
    If you assume that some software you install is "bad" and they want to
    give away information from your computer and you desperately need a
    outgoing filter then I just can say: why did you install the software in
    the first place? It is your fault to install it and then you rely on
    unreliable software to fix this?

    Gerald
     
    Gerald Vogt, Feb 14, 2005
    #11
  12. Zak

    James Egan Guest

    No. What he says is pretty much correct. It's the third party firewall
    shills who say the opposite.
    Now there's a surprise. Misfiring firewalls, particularly zonealarm I
    might add, account for a large percentage of problem posts on the
    networking newsgroups.

    I can't say the windows firewall is perfect because it too gets it's
    knickers in a twist sometimes. However, it is adequate for the job it
    does and doesn't cause problems to the extent of the others with all
    the bells and whistles.


    Jim.
     
    James Egan, Feb 14, 2005
    #12
  13. Zak

    James Egan Guest

    Not so much an issue now with always on connections but I've seen
    quite a few posts on networking groups in the past where posters have
    been wondering what's been causing a dialup or pop-up window (asking
    to connect) and the culprit was the firewall itself trying to resolve
    the names of local ip addresses by dns. lol.


    Jim.
     
    James Egan, Feb 14, 2005
    #13
  14. Gerald Vogt skrev:
    But that's better than nothing. All the ones I stop are stopped, right
    (like all the Windows programs, MediaPlayer, DVD-burning software etc)
     
    Lars-Erik Østerud, Feb 14, 2005
    #14
  15. Zak

    Gerald Vogt Guest

    a) this is a poor workaround. Why don't you just reconfigure the software?
    b) how do you know it works? Isn't it one of these "MediaPlayers" that
    does have mechanisms to transmit its information via a normal browser if
    it cannot do otherwise? What is your assumption that they "are stopped"
    based upon?
    c) What is it exactly what you are blocking? How do you know if it is
    good or not? How do you make sure it is not an update check that would
    inform you about an important security update available?
    d) When you block all the Windows programs including WindowsUpdate,
    well, I suppose you won't have the newest security updates for Windows...

    Gerald
     
    Gerald Vogt, Feb 14, 2005
    #15
  16. Gerald Vogt skrev:
    Can't be done with all software. Of course I try to disable all
    communication I don't want when it is possible to configure that
    Have some idea (I have a router and can see if there is traffic :)
    And how do I now it's not spying on what I play.
    I usually do my updates manualle (hate software that checks
    for updates without asking me, or without a configuration)
    WindowsUpdate is allowed. I allow programs that I trust. But I want a
    warning when programs access the net without having allowed that first
     
    Lars-Erik Østerud, Feb 14, 2005
    #16
  17. Zak

    bassbag Guest

    Many firewalls have component control which would notify of a programme
    trying to use or piggyback another programme to connect out,and also
    loopback (localhost) that can be enabled or disabled (apart from sygate i
    believe)I dont believe xps firewalls can offer the extra protection.
    me
     
    bassbag, Feb 14, 2005
    #17
  18. Zak

    Gerald Vogt Guest

    But here is exactly the problem: Why do you install and run software
    that you don't trust and suspect to spy on you??? If you install
    software that you don't trust and it wants to spy on you it will do so
    without your consent circumventing your PFW. It will let you block its
    connections to the update server but at the same time will tunnel the
    interesting information without you even noticing.

    a) don't install software you don't trust.
    b) don't rely on software that promises things it cannot keep to cover
    up where you violate a)

    Gerald
     
    Gerald Vogt, Feb 14, 2005
    #18
  19. Zak

    Gerald Vogt Guest

    How do you know it works? Have you tried it? It has been circumvented.
    And again, it is easy for a software you are running to deactivate the
    firewall the same way you would do manually.
    What is protection for you? Protection is there where it protects me
    against the bad. What I usually get it protection against the "good"
    programs I installed and wanted anyway while the bad guy can circumvent
    the mechanisms. So doesn't actually the PFW fail for exactly its main
    purpose to protect against the bad guy??

    Gerald
     
    Gerald Vogt, Feb 14, 2005
    #19
  20. Zak

    Martin Guest

    BUT, ZA still does more than Windows FW. Sorry, I have to agree with
    Lars-Erik here.. I have previously used Windows SP2 Firewall only and
    still encountered problems with things getting in, odd programs accessing
    the 'net, etc. Switching to ZA Pro solved all that and more. I know you
    can never be 100% sure of stopping everything, but ZA sems to stop more than
    WFW ever did...

    I also like the fact that when setup correctly ZA lets you 'control' what
    programs have internet access whereas Windows FW just lets them loose!!

    Sorry, but what I've found from experience on our 3 computers, and with a
    daughter that spends more time on the internet than she does talking to her
    family!!!
     
    Martin, Feb 14, 2005
    #20
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.