Using the Free Zonealarm Firewall
I have used the free Zonealarm firewall for many years. It is very popular. Though other free firewalls are equally popular today, I have never had a problem with Zonealarm and, therefore, continue to use it. There are many firewalls you can purchase - the highest rated is usually Zonealarm Pro. Before installing a 3rd-party firewall, it is recommended that you turn off the Windows XP firewall. Click Start / Control Panel / Windows Firewall (classic view). Click the “off” button and click OK. (The WinXP firewall is not highly regarded because it does not block outgoing requests.) Whatever firewall you install, there will be some setup procedures. Search the Internet and you will find articles to help you install your firewall. If you aren’t particularly PC savvy, I recommend you have a friend or a local PC consultant help you. When configuring your firewall, opt for the highest security settings. After your firewall is installed, it should automatically start at each reboot. Leave it running. Do NOT shut it down! The following discussion will center on Zonealarm, but the basic tenets will apply to most software firewalls.
How the firewall works
Once you implement Zonealarm, it will block outside programs from accessing your PC. Zonealarm will give you a pop-up Alert whenever a program on your PC wants to access the Internet. You must reply to the alert by choosing llow or Deny. Also, there is a little box you can check that says “remember this setting.” I will refer to this as the “always” selection. If you don’t check this box, the next time the same program requests access, Zonealarm will ask you again. If you do check the “always” box, it won’t. Don’t worry - your decision is not irreversible. If you get annoyed at your firewall and just click Allow each time you get an alert, you might as well not use a firewall because you are not letting it protect your PC. Here it what I suggest: Keep a small notebook by your PC to log the program that caused each Alert and to document what action you chose. This will help you become familiar with the programs on your PC that want access, and also help you train Zonealarm so that eventually you will receive very few Alerts.
In the beginning you will get a lot of Alerts because many of the applications running on your PC, and some Windows programs, will want to access the Internet. These programs had free rein before you installed your firewall. Most of these applications do not need access to the Internet! They want access in order to look for program updates, or to send usage statistics home. I only keep the Windows operating system updated; I don’t care about the other applications. You need to decide ahead of time if you want the applications on your PC (i.e. Word, Adobe) to stay updated. If so, when you get an Alert and you know for sure that that it is coming from a legitimate program on your PC, say “always Allow.” and the program will not bother asking for permission again. If you aren’t 100% sure, click Deny and note that in your log.
Most of this is common sense. If you just started an application and you receive a Zonealarm alert, it just may be coming from the application. If you cannot tell for sure by the program name Zonealarm provides for you, search the Internet with the program name - usually some website will tell you which application the program name belongs to. If an alert pops up out of the blue, be careful! I suggest you Deny and write down the program name and your actions in your log. Also look up the program name on the Internet and note your findings in your log. If nothing bad happens, do the same thing the next time you get the same alert. After several times, click “always” Deny and that particular program will not bother you again. This is how you properly train a firewall. However, if after you click Deny, an application you had open stops working properly, end the application and restart it. It it still fails to work, end it. Then go into Zonealarm, click the Programs tab, right-click the application name, and click Remove. Start the application again. Since you removed the entry from Zonealarm's list, a new alert should be generated. This time click Allow and see if the program works properly. If so, note this in your log. Then, the next time you use this application and you receive the Zonealarm alert, you may click “always” Allow and you should not hear from this application again. Much of this is common sense. The frustrating thing about a firewall is that you do need to train it in the beginning.
Programs you should “always Allow”
The following programs need to access the Internet. When you get the first Alert from Zonealarm, you should respond “always Allow:” Zonealarm (zlclient.exe), anti-virus software (mine is Avast and the program names either start with avast or asp), other anti-malware software, (mine are ad-aware.exe and spybotSD.exe), your email program (Thunderbird is thunderbird.exe, Outlook Express is msimn.exe, and I believe Outlook is outlook.exe), and your browsing program (Firefox is either firefox.exe or mozilla.exe; Internet Explorer is usually iexplore.exe). Also, I have found that a Windows program called svchost.exe needs access in order for your PC to access the Internet.
Note: Often, when your browser, anti-virus, or anti-malware program has a major update, it will generate a Zonealarm Alert even though you previously said “always Allow.” The Alert will say something like “this program has changed since the last time it ran.” Just say “always Allow” again.
Handling other Alerts
What about all of the other programs you don’t recognize that generate Zonealarm Alerts? If you’ve just launched an application and you get a Zonealarm Alert immediately or quickly after, the program you just launched is probably the culprit! First log the program name in your logbook. Then click Deny and see what happens. Everything will probably continue running just fine. Assuming so, put this in your logbook. You can look the program up on the Internet. There’s a lot of chatter in security forums about programs that generate Zonealarm Alerts but not a lot of census. Sometimes it will be a Windows program; sometimes folks won’t know what it is. Occasionally someone will say it is a virus posing as a Windows program. If you’re scanning your PC each week, don’t panic; it probably isn’t a virus. Remember - unless you are 100% sure, Deny, Deny, Deny!! Zonealarm is your friend, but you need to train it. This is how: when you get an Alert, write the program name in your logbook and indicate that you clicked Deny. If all proceeds normally, indicate this in your log. Then about the 3rd or 4th time you get an Alert for that program, choose “always Deny” and Zonealarm will not bug you about that program anymore! This is how you eventually stop getting Alerts.
You may not want to “always Deny” your media-playing programs (i.e.. wmplayer.exe, quicktimeplayer.exe) in case they need access if you’re trying to play a media file from a website. If you use Instant Messaging, chatter on the Internet says you should just click Allow each time and not “always Allow.” And a special note about Word: when you are copying and pasting from the Internet into a Word document, Word will need access and you should say Allow. If Word asks for access at some other time, just click Deny.
For what it’s worth, here are some programs for which I’ve clicked “always Deny” and my PC runs fine. However, your PC might be different so I make NO guarantees! They are: DSLog (dslog.exe), Support (support.exe), Update Checker Module (jucheck.exe) - this is Java wanting to update itself, services.exe, Windows Explorer (explorer.exe), Run a DLL as an app (rundll32.exe), Spooler SubSystem App (spoolsv.exe), LSA Shell (Export Version).and Dr.Watson (drwtsn32.exe) - I don’t send the occasional random error report to Microsoft.
Looking at the Zonealarm list of programs
To see the list of programs that have asked Zonealarm for access, maximize Zonealarm on your screen and click on the Programs Control tab. Then, at the top, click the Programs tab and you’ll see a list of all the programs that have generated an Alert. If you said Allow or Deny, there will be ? in the 1st column. If you said “always Allow” there will be green checkmarks. If you said “always Deny” there will be red Xs. You can click on a program setting and change it. Also, if you ever have a situation where your browser, email, or anti-malware program is hung up, simply right-click the program name and click Remove. Exit the application and relaunch it. Zonealarm will be forced to generate an Alert for the program and you choose Allow or always Allow. This seldom happens, but that’s how you handle it.
Programs asking for “server rights”
When you look at the “Program Control” tab in Zonealarm, you’ll see two columns: Access and Server. So far we’ve only talked about requests for Internet Access, so our choices have been reflected in the 1st column. Occasionally you’ll get a Zonealarm Alert that says a program “wants to act as a server,” or “wants to accept connections from the Internet.” Allowing a program to act as a server means that an outside connection can access your PC through that program! Practically all Trojans and many other malware want server rights, so beware! Typically, the only programs that may need server rights are the file sharing programs like Bearshare, or games that require point-to-point connections with other players across the Internet. A few times I’ve had an Alert that the Windows program svchost.exe “wants to accept connections from the Internet” and when I said Deny, my Internet browser hung up. So I closed my browser, restarted it, and all was well. The chatter on the Internet says its OK to allow this program to accept connections, but I’d Deny first and see what happens. There is a virus posing as svchost.exe, so if you haven’t scanned for viruses in the last week, I’d Deny the request and immediately do a thorough virus scan just to be safe.
One more time?
For those of you who are still a little uncertain of how a firewall program works, let’s play a game. Let’s say you have a guard (your firewall) sitting by the door to your apartment. First of all, your guard will automatically block anyone from coming in unless you have specifically given that person permission. Secondly, the guard will be monitoring anybody requesting to leave your apartment and when someone does, he’ll check his list.
- Your spouse, Chris, wants to enter or leave the apartment. The guard sees that Chris is “always Allow” so he lets Chris in or out.
- Your cat, Fluffy, wants to leave the apartment. The guard sees that Fluffy is “always Deny” so he does not let Fluffy out.
- A salesperson wants to enter the apartment. The guard does not see this person on the list, so he asks you what to do. You will Allow or Deny depending on the person.
- Your 10-year-old son, Jason, wants to leave the apartment. His name is on the list with a big ? after it because you want the guard to ask you (Alert) each and every time Jason wants to leave. You will Allow or Deny depending on the circumstances!
