Jun 22, 2001 09:25 AM
3821 Views
Just because you are not connected to the Internet 24/7 it doesn’t mean that your computer cannot be attacked. You may think that because you only log on for a couple of hours a day the chances of someone else getting inside your machine are nil. Forget it because from the second you log on to the Internet your computer is wide open to anyone who wants to try.
You’ve got rid of all the “Spyware” on your system with Ad-aware and now you want to keep your machine ‘clean’. The way to do that is to install a Firewall that blocks all unauthorised access to the Internet by your computer and vice versa. Visit https://zonealarm.com/ and download their latest Firewall called ZoneAlarm 2.6 that is free to private and none profit organisations. The 2.7MB package is compatible with Windows 95/98/Me/NT/2000 and once installed ZoneAlarm is set to run on boot-up and it will need to be configured to your own personal requirements, although most of the settings can be left as they are.
A yellow locked padlock on a brown background icon sits on your start-up task bar and a double click on this will bring up the ZoneAlarm window. This will open to show a pale yellow page with a wide orange top part. If only the top orange bit appears, click on the arrow that points down and to the right in the bottom right hand corner, to open up the full window. The help file will explain in more detail what does what.
As a brief overview, clicking on the Alerts button will display whatever alerts there have been since the computer was switched on.
Clicking on the Lock button gives you choices of how and when to lock your computer to outside interrogation and inside reporting.
The Security button allows you to choose what level of security you require for either a local network and/or the Internet. The important bit here is to make sure that MailSafe e-mail protection is ticked. This will ensure that any e-mail that is sent to you that has an attachment with a suffix of .vbs .exe .com plus many more, (often used by viruses etc.) can be intercepted and quarantined by changing that suffix to .zl plus another number or letter. This gives you the opportunity to investigate BEFORE any damage is done. By one of those strange quirks of fate it just so happened that my son sent me an e-mail with an .exe attached. ZoneAlarm intercepted the attachment and quarantined it but I was still able to read the e-mail and run the programme because I knew what it was.
Programs is where you will find a list of the programmes that you have decided can have Internet access through the Firewall. Initially this window will be empty but when you go on-line and run a programme, the alert that comes up will give you the option of allowing the programme to connect to the Internet or not. Whatever your decision that programme will appear in the Programmes window where you can set the parameters for its Internet connection. For starters I would only allow your browser, e-mail client, FTP client and ZoneAlarm access to the Internet and think hard and long if any other programme wants to get connected because there is no reason for any other programme to want to.
Configuration is basic.
So how does it all work? First thing that you notice is that when there is Internet activity the tiny icon in the start-up task bar changes to a small square divided into two with the two sections flashing green and red
If someone out there pings your computer or something unauthorised (like some undetected Spyware) on your computer wants to use the Internet, ZoneAlarm will block it and put up an alarm window and give you brief details of what is trying to happen. Click on More Info and another window pops up giving you the option of having the alert analysed. I don’t pretend to understand the full analysis but it will tell you where the intrusion is coming from and in some cases the name of the company trying to access your computer. After that it is up to you what you do about it.
Since installing ZoneAlarm 2.6 Firewall it has regularly reported and blocked unauthorised attempts to access my computer and more worryingly has also reported and blocked unauthorised attempts by something on my computer from sending information out. During the last 48 hours during just eight hours on-line my computer has been subjected to a hacker attack on 3 occasions, been scanned twice, had my DOS attempted to be interfered with twice and had one attempt to implant a Trojan plus two other attempts to get into my machine the reason for which is currently unknown. ZoneAlarm regularly prevents Windows Explorer from sending data out and it has got me wondering why should Windows Explorer want to send data out? In fact IE, OE, Word, Easy CD Creator, Media Player, Real Juke Box all have a go at sending data out under the guise of searching for the latest update.
The alert window popping up frequently can get annoying after a while, but this can be switched off although ZoneAlarm will still be blocking any unauthorised access to or from your computer and logging the details in the log file - ZALog.txt that can be found in Windows>>InternetLogfile.
This file can be read with Notepad and my latest Log showed this:
ZoneAlarm Logging Client v2.6.88
Windows 98-4.90.3000- -SP
type,date,time,source,destination,transport
PE,2001/06/24,18:40:58 +1:00 GMT,Microsoft AutoUpdate,195.92.195.94:53,N/A,
FWIN,2001/06/24,19:20:22 +1:00 GMT,210.169.179.88:1277,62.136.58.145:515,TCP (flags:S),Scan
FWIN,2001/06/24,19:25:04 +1:00 GMT,24.94.176.73:137,62.136.58.145:137,UDP,DoS
FWIN,2001/06/24,03:49:47 +1:00 GMT,24.221.146.25:4745,62.137.220.10:53,TCP (flags:S),Attack
FWIN,2001/06/24,04:42:42 +1:00 GMT,203.202.116.126:1973,62.137.220.10:53,TCP (flags:S),Attack
FWIN,2001/06/24,04:47:41 +1:00 GMT,211.75.37.66:3398,62.137.220.10:53,TCP (flags:S),Attack
FWIN,2001/06/23,18:58:42 +1:00 GMT,200.4.128.218:3629,62.136.39.83:515,TCP (flags:S),Scan
FWIN,2001/06/23,19:03:27 +1:00 GMT,62.36.129.75:137,62.136.39.83:137,UDP,DoS
FWIN,2001/06/23,19:33:12 +1:00 GMT,62.7.66.135:2923,62.136.39.83:27374,TCP (flags:S),Trojan
FWROUTE,2001/06/23,21:40:44 +1:00 GMT,62.137.212.16:1338,62.137.212.132:139,TCP (flags:S),
No it doesn’t mean much to me either but a programme called ZoneLog Analyser can make sense of it all, but that’s another opinion.
