When good AV, firewall software goes bad. 3

[jlockley]

I have just spent a week finding out that either AVG or ZA has blocked all internet access to my two office desktops (at the same time as an apparent database glitch kept me from accessing web mail from my home consoles..a really interesting week, it's been).

The smart money is on Zone Alarm, as installing it not to start up but then starting it blocked all connection immediately. (Yep, we're that sharp), but with both currently uninstalled I am flying on luck, which we all k now can't last very long.

AVG continues to plague my email client (Eudora) post removal, and even with extensive registry cleaning, I can't figure out what's got its hooks in the program (AVG specific error reference on starting Eudora. Not devastating, but annoying.)

I may give AVG another try, but Zone Alarm is out, so here the questions.

1) How to remove the AVG reference from Eudora. Text search in the Eudora folder does not bring up any files containing the string)

2) Software firewall alternative to Zone Alarm..I tried buying a modem with router, but its not SBC compatible.

Any other comments on ZA? (My suspicion is that the downloaded version causes no problems, but that the block is with the upgrade.

Running IE 6, by the way.

 

[spizotfl]

check out this post from another forum:

http://castlecops.com/t116539-Guide_Make_your_own_System_Security_Suite_for_Free.html

this person recommends a bunch of different free security related products, including a few different firewall options

"Maturity is a bitter disappointment for which no remedy exists, unless laughter can be said to remedy anything."
-Vonnegut

 

[jlockley]

thanks. JLL

 

[eyec]

ZA out of the box (i.e. downloaded) does not do everything everyone wants. each user needs to take the time to set up and tweak it to get the best results. if you are still having problems with ZA after tweaking it then by all means find something that works, but don't throw it out without taking the time to set it up .

just my 2 cents.

as for AVG i would try to see if there is something with Eudora and AVG, i have not heard of any problems but here again i would take some time to tweak it.

 

[jlockley]

I have had za for years, and had it down to whatever I Needed to have it down to - tweaked within an inch of its life.

Until a few weeks ago it worked like a charm, then went south on me. Figuring it was somehow corrupted, I uninstalled it (without looking to delete anything that remained on the computer). The problems disappeared.

I reinstalled it and they returned.

I believe that I upgraded it shortly before the problems began. The local techs for SBC, who seem to have a firm h andle on what causes problems (as opposed to the useless offshore folk, who appolgize until you never want to hear "sorry" again, but know absolutely nothing) maintain that ZA is the key to most connectivity/access problems. While I usually dismiss this as the usual "it's someone else's fault, now go away" approach to support, these guys were thorough to a fault.

I figure there is something in the upgrade that just won't let me through. Or SBC has changed and upgraded with something that can't get past and something I don't know.

 

[iamnotageek]

I use the free edition of ZA 5.5x on several home machines but I stay away from 6.x, as I've heard a number of unfavorable reports, as well as seeing it crash a win98 machine that we use on the bench at work (I fix computers for a living). I don't know if you can still download v5.5 or not - I have it on a CD - but the only times I've seen problems with it that were not configuration related were when it was upgraded to 6.x.

 

[cmeagan656]

ZoneAlarm 5.5.94.0 is available at

http://oldversion.com/program.php?n=zalarm

Cheers.

 

[jlockley]

Very good. I think that's the answer for now. I detest having no firewall.

What about routers with fire walls. Anyone have any experience/problems with them?

 

[CobolKid]

ZA does one other thing; it attempts to send encrypted packets to ZL's server at boot time and when starting a browser. First started seeing this in the logs two updates ago. Running the registered version.

Steve

 

[jlockley]

What packets? That's discomforting. Would the effect of this be slowing down the system? Curious. I am still running the legacy version for now, but given a few apparent problems with Zone Labs products, what would be alternatives, aside from routers.

 

[erikhertzel]

I would recommend trying Kerio Personal Firewall. More and more people are switching to that vs. ZA. I personally have about had it with ZA and it causing problems for people.

Check Kerio out here:

http://www.sunbelt-software.com/Kerio-Download.cfm

It should work with your SBC (DSL I presume).

Regards.

Erik

 

[jlockley]

I figured I wasn't the only one. It's affordable. I will try it. Yes, SBC DSL.

 

[CobolKid]

Right on erikhertzel, more configurable than any else I've seen.

Jlockley, I doubt you would notice any overall loss in performance; the events last for a few seconds or less. What's discomforting is what is sent, and the fact that the events are not logged unless the program "thought" it was caught; for example, if a router or firewall device rejected the packets instead of dropping them (causes an ICMP 3 to be returned).

The content has two distinct sections. The first appears to be a comprehensive packet log. The second appears to contain the content of the vast majority, if not all, of the p.c.'s favorite places. One real record from each is included below, note that some portions have been obscured ("x").

Section 1:
03-16-2006 16:03:42.08 - 15337444 Packet ACCEPTED: Proto: IP_TCP Flags: 0x00000005 Src: xxx.xxx.xxx.x Dest: xxx.xx.xxx.xx SrcPort: xxx DstPort: 80

Section 2;
<DT><A HREF="

http://www.xxxxtor.com/"

ADD_DATE="949758000" LAST_VISIT="1120782378" LAST_MODIFIED="998728523" LAST_CHARSET="ISO-8859-1" ID="rdf:xxxxxxx">xxxxtor</A>




Steve

 

[erikhertzel]

jlockley

Kerio Personal Firewall is free.

From Sunbelt:

"Sunbelt Kerio Personal Firewall 4 can run in a free mode vs. a
full (paid) mode. Install it now, and for the first 30 days it
will run in 'full' mode. After that, it shuts down selected
features, but will continue to run in 'free' mode".

So, don't pay for it, unless you need the 'full mode' is my recommendation.

Erik

 

[jlockley]

Thanks. It's running with no problems so far.