Re: Blue Screen of Death
From: David (davidwnh@adelphia.net)Date: 10/13/02
- Next message: David: "Re: Zone Alarm - A Very Simple Question"
- Previous message: : "not ableto connect to internet server"
- In reply to: peter: "Blue Screen of Death"
- Next in thread: : "Re: Blue Screen of Death"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: "David" <davidwnh@adelphia.net> Date: Sun, 13 Oct 2002 15:05:53 GMT
When installing system updates and updating software that uses network
services you should put ZoneAlarm in learning mode. The whole idea behind
ZoneAlarm's trojan protection is that if a program or file it is protecting
is changed it will block access to and from that file. If it involves
critical system files like those associated with IE (which ties into the
shell, windows explorer) that program will crash if your system is even able
to boot. If you are in learning mode you will get an allow access to..
prompt. I always kept ZoneAlarm in learning mode for this reason. ZoneAlarm
is not smart enough to know why files were changed, only that they were.
That should answer your BSOD question but let's dig deeper.
If you stay in learning mode be warned you must decide if the prompt is due
to a virus/trojan/worm etc. If it happens after an update it usually isn't.
It happens after a crash it probably isn't, but could be. If it happens
after installing shareware/freeware and the prompt concerns a program or
file that shouldn't be related to what you just installed, you probably just
installed a trojan. If it is a new program installation you will be
prompted. Well guess what. It's up to you to decide if it is a legit
program. ZoneAlarm doesn't know and I would suspect that by installing the
program in the first place you wouldn't know either. This is a severe
shortcoming of ZoneAlarm and many programs like it.
On the other hand if your not in learning mode ZoneAlarm will block access
if a file changed whether the file was updated legitimately or not. Again it
doesn't know why the file was changed it only knows that it was changed.
When would ZoneAlarm help. If you were to install and run a program that
shouldn't be accessing any network services. Then you should suspect
something is afoot if ZoneAlarm prompts you for access. It might be spyware,
adware, trojan, etc. Or then again it might just be accessing the internet
for registration purposes. Here again ZoneAlarm doesn't know.
As to the windows explorer accessing the internet, it is given access
because it is tied into internet explorer. And if you deny that access you
will deny anything else that ties into the same access. And there are many
ms and third party programs that use IE for internet access.
Deny access before the firewall...No. If you are denying access in
ZoneAlarm's program settings you are doing so at the application level. The
filters in Win2K and XP do so at levels further down the protocol stack. You
could allow the application access and deny access by port number, but you
will also deny those ports to other applications. You cannot filter ports
through the operating system with Win9.x anyhow so you would still have to
do it with ZoneAlarm.
>From what I hear the new version of ZoneAlarm tries to "phone home" at
startup to verify the registration number. My guess is they have taken
measures to try to prevent disabling this with settings in ZoneAlarm. That
might be the reason it tries so feverishly at startup. Here again you could
TCP/IP filter with 2K and XP but you will also be disabling the same port
access in other programs.
As to disabling your antivirus on bootup. Shame on you! You now have no
protection against boot sector viruses if you get one. And don't expect the
virus definition updates to protect you. Somebody always get a new virus
before the defs are updated. Not to mention installation disks from even
some of the most reputable companies have been known to contain viruses.
Just ask Disney. In other words you can get a virus without ever going
online.
My advice on this one is get firewall that is compatible with your
antivirus. Application level firewalls like ZoneAlarm protect you(or atleast
try) from running Trojans after you already have them. Antivirus keeps you
from getting them in the first place.
"peter" <peter@nospam.com> wrote in message
news:ao8out$r2q$1@knossos.btinternet.com...
> I received the following message from a friend who having upgraded the
> following three programs is having problems (Windows ME) with blue screen
of
> death and error message 06: 0028: C27E2FB8 or OE: 0028: C17571A0
>
> snip .... upgraded to MS IE including tools; (6.0.2800.1106) Update
> Versions
> SP1
> Zone Alarm Version 3.1.395 and
> Computer Assoc's e Trust EZ-Antivirus Version: 6.0.123
>
> When I first downloaded the upgrades for the 2nd two, they both said that
> one did not have to delete the previous versions, but both refused to
> install properly whilst the original version was still installed. In the
end
> I had to uninstall/delete both originals, and then install the newer
> (upgraded) versions. The Firewall (Zone Alarm) is set by me to load at
start
> up, whilst the Anti Virus loads as I go online to avoid any conflict, and
> keep as much of my resources available for normal computer work when not
> online.
>
> Immediately I found that "Windows Explorer" was trying to access the Net
> (no
> such authority had been granted previously). This MS program was blocked
by
> the Firewall, but would try and gain access some 20 or 30 times, even
after
> being refused. Here I ask: How can one refuse access, without the program
> reaching the Firewall. I don't even want it to try! No where can I find
any
> details of controlling this program......snip
>
> Many thanks for any help (I apologise for long post).
>
> Peter
>
>
- Next message: David: "Re: Zone Alarm - A Very Simple Question"
- Previous message: : "not ableto connect to internet server"
- In reply to: peter: "Blue Screen of Death"
- Next in thread: : "Re: Blue Screen of Death"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
