We'd like to remind Forumites to please avoid political debate on the Forum... Read More »
📨 Have you signed up to the Forum's new Email Digest yet? Get a selection of trending threads sent straight to your inbox daily, weekly or monthly!
New router setup, but first virus since got machine!?
Comments
-
Zonealarm pro "phones home" (to about 6 different websites) on a regular basis, using the SSL port. It is suspicious in my opinion, this is a product that is supposed to protect you from software phoning home, and it does it itself. They say it is nothing to worry about on their website, but have removed posts from their forums, when people ask about it.. You are supposed to be able to disable the phoning home, by turning off all the "check for updates etc..", but the interface is so convoluted, that all these settings are difficult to find. Pro is turning into bloatware, as they keep adding features to keep up with the competition.
This freebie can also help diagnose which ports are opened by which process..
http://www.sysinternals.com/Utilities/ProcessExplorer.htmlEver get the feeling you are wasting your time? :rolleyes:0 -
GreenNotM wrote:The tests you are doing is the way to proceed :T - seems symantec was testing your home/pc LAN - i.e PC and router comms - if you was logged into the routers config pages then that would explain the open ports you have above. As long as they cannot be seen from the internet, your LAN is secure :beer: the tests you are doing are from outside systems - so your results look fine.
Hi GreenNotM
Many thanks for explaining the terms so clearly. Great. :beer: I'd been getting confused before starting the thread, as I'd tried a few online tests and got very different results; great to understand why. Much appreciate confirmation about tests and results. Am relieved that results are fine!
Thanks, Cat0 -
Have I missed something? If you are running Symantec tests from the website, that is testing what the outside world can see. I have had strange results from the website, the cynic in me thinks they report problems that aren't there, so you panic and buy their firewall..Ever get the feeling you are wasting your time? :rolleyes:0
-
albertross wrote:Zonealarm pro "phones home" (to about 6 different websites) on a regular basis, using the SSL port. It is suspicious in my opinion, this is a product that is supposed to protect you from software phoning home, and it does it itself. They say it is nothing to worry about on their website, but have removed posts from their forums, when people ask about it.. You are supposed to be able to disable the phoning home, by turning off all the "check for updates etc..", but the interface is so convoluted, that all these settings are difficult to find. Pro is turning into bloatware, as they keep adding features to keep up with the competition.
This freebie can also help diagnose which ports are opened by which process..
http://www.sysinternals.com/Utilities/ProcessExplorer.html
Hi albertross
You've just explained something I looked up after installing TCPview, as I didn't know what akamai-cluster.enta.net was. There were about 6 instances of it for a minute or so. Looked it up and it says it's about ZoneAlarm and other installers such as windows update, if I remember right, so that must be what's phoning home? Is SSL = 'secure shell something'?
Definitely a bit iffy to phone home, and to remove posts on the forum is more than iffy. It's a shame they're doing stuff like this, as they have/had a really good reputation.
I was getting an HTTP Error 403 again when I try to download the sysinternals program. Had this a few times earlier, but was able to find what to adjust in ZoneAlarm then. Found it complicated to sort this time. Proves the point you made about it being awkward to adjust etc! Many thanks for the link.
Cat0 -
These are the zonelabs phone home servers..
avu.zonelabs.com
cm2.zonelabs.com
hs2.zonelabs.com
ls2.zonelabs.com
pa2.zonelabs.com
ps2.zonelabs.com
update.zonelabs.com
register.zonelabs.comEver get the feeling you are wasting your time? :rolleyes:0 -
from a command window (dos prompt) ( start>> run >>cmd ) run "netstat -b -v" it will display what processes/dll's have any ports on the go and who they are talking to !!
SSL Secure Sockets Layer - a way of programming with sockets/ports- it creates an encrypted comms line between a host and a server - usually indicated by the yellow padlock at the bottom of an IE window.Rich people save then spend.
Poor people spend then save what's left.0 -
albertross wrote:These are the zonelabs phone home servers..
avu.zonelabs.com
cm2.zonelabs.com
hs2.zonelabs.com
ls2.zonelabs.com
pa2.zonelabs.com
ps2.zonelabs.com
update.zonelabs.com
register.zonelabs.com
Think they've got all sides covered with that lot!0 -
GreenNotM wrote:from a command window (dos prompt) ( start>> run >>cmd ) run "netstat -b -v" it will display what processes/dll's have any ports on the go and who they are talking to !!
SSL Secure Sockets Layer - a way of programming with sockets/ports- it creates an encrypted comms line between a host and a server - usually indicated by the yellow padlock at the bottom of an IE window.
Hi GreenNotM
Many thanks for the clear definitions and how to run netstat. Interesting. It better not be talking to any ZoneAlarm home servers! :rotfl:
Cat0 -
Forgive me if I'm going off at a tangent here, but it seems to me that you have a secure system anyway. The ports that are open need to be open for you to use Internet explorer, otherwise you wouldn't be able to connect to internet websites.
The virus you got was most likely picked up on a website. No firewall can protect against that, just keep your virus checker running, maybe also get a popup blocker. And avoid 'dodgy' sites.
It's still a good idea though to check your ports periodically, but use an independent port checker (eg http://portdetective.com/) and not one from a supplier of security products, as there is an obvious conflict of interest there.
You may also want to install http://www.dumeter.com and run it in the background - this will indicate visually if any machine is uploading/downloading to your machine.Of course, I may just be talking b****cks!0 -
Hi wonka
Many thanks for the links and advice. It was just that I didn't know what the different ports were, and I was getting huge red warnings on some online tests I ran before posting here, and didn't know if I needed to tweak the new router settings. While doing tests before posting, had read that there are various hidden parts of XP that are connecting with internet etc, so had thought that the port warnings I was getting might be something to do with that. Grrrreat ... not only is there Windows to secure but hidden parts of Windows too!
Great to learn what these ports are and that there's no need for concern as they need to be open. I've got Kaspersky fully updated and have IE's pop-up blocker and also ZoneAlarm's running. Just get a lot of little pop-up's from ZoneAlarm now, telling me it's blocked the pop-up! :rotfl:
Thanks, Cat0
This discussion has been closed.
Confirm your email address to Create Threads and Reply
Categories
- All Categories
- 350.4K Banking & Borrowing
- 252.9K Reduce Debt & Boost Income
- 453.3K Spending & Discounts
- 243.4K Work, Benefits & Business
- 598K Mortgages, Homes & Bills
- 176.6K Life & Family
- 256.5K Travel & Transport
- 1.5M Hobbies & Leisure
- 16.1K Discuss & Feedback
- 37.6K Read-Only Boards