Now that we got everyone's prefered firewall software out of the way, back
to the original question... <grin>
David, you said you are using ZoneAlarm. Is your configuration anything like
mine, described earlier? Have you had any problems with blue screens when
using VNC to connect to that system?
Thanks,
-Steve
-----Original Message-----
From: David Brodbeck [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 12:57 PM
To: '[EMAIL PROTECTED]'
Subject: RE: WinVNC and ZoneAlarm Pro blue screen on win2000-sp2...
I guess I just feel that a firewall that only reports unexpected incoming
connections is only doing half the job. It's a philosophical difference,
though; sounds like BlackIce puts convenience over security, which is
obviously what most people want. Unfortunately *probing* for trojans is
becoming passe'; good modern trojans "phone home" instead, and since these
are outgoing connections BlackIce totally ignores them.
I've used ZoneAlarm, and while it's somewhat annoying for the first day or
so, once you've made it aware of the software you normally run it becomes
fairly unnoticable. (Unfortunately it doesn't do much about the underlying
OS. It won't for example catch all the personal info about you that XP and
Win2K report to Microsoft when *they* phone home. It's getting kinda hard
to tell legit software from trojans anymore. ;) )
-----Original Message-----
From: Les Bessant [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, July 24, 2001 12:19 PM
To: '[EMAIL PROTECTED]'
Subject: RE: WinVNC and ZoneAlarm Pro blue screen on win2000-sp2...
BlackICE will protect against outgoing exploits that it knows about. It
*will* stop anyone probing for SubSeven or other Trojans. Good antivirus
software will also detect trojans on your system.
Given his ramblings about how Windows XP will cause the death of the
Internet, I'm finding it incerasingly difficult to take Gibson even remotely
seriously. He happily promotes ZoneAlarm, which I find bizarre as:
1) It makes the user make decisions about what should be allowed out (do you
want services and controller app to access the Internet?). Fine if you're a
technical person, useless to the average home user.
2) It will (apparently at random) decide to block connections that have been
explicitly allowed[1]
Trojans, Zombies and whatever else can only do their dirty work if you
execute them in the first place. And we don't do that, do we?
[1] I have Webcam32 uploading images by FTP to my website[2] every two
minutes. When I used ZoneAlarm, every so often it would decide to block the
connection, and pop up one of its annoying boxes telling me that it had done
so. Grrrrr.
[2] http://www.tiggercam.co.uk [3]
[3] Yeah, shameless plug
Les Bessant mailto:[EMAIL PROTECTED]
IT Manager, Sanderson Townend & Gilbert
Acting in a personal capacity
http://www.tiggercam.co.uk - New, improved and with more bounce!
>-----Original Message-----
>From: David Brodbeck [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, July 24, 2001 4:57 PM
>To: '[EMAIL PROTECTED]'
>Subject: RE: WinVNC and ZoneAlarm Pro blue screen on win2000-sp2...
>
>
>Just curious what you think of Steve Gibson's conclusion that
>BlackICE does
>nothing to stop anything from making outgoing connections?
>I'm thinking in
>particular of his article about the IRC-connecting Sub7 trojans.
>
>(From http://grc.com/dos/grcdos.htm:)
>
>"The Zombie/Bot happily connected without a hitch to its IRC
>chat server to
>await further instructions. The Sub7 Trojan sent off its eMail
>containing
>the machine's IP and the port where it was listening. Then it
>connected and
>logged itself into the Sub7 IRC server, repeating the disclosure of the
>machine's IP address and awaiting port number. No alerts were raised,
>nothing was flashing in the system tray. The Trojans were not
>hampered and I
>received no indication that anything wrong or dangerous was going on."
>
>Now, I wouldn't put it past him to have somehow misconfigured
>it. But from
>his review it seems like a pretty useless piece of software,
>if a program
>can run roughshod like that with no response at all. It
>wouldn't be the
>first time a company had released something that was essentially
>"PlaceboWare." (Some of the Windows 3.1 "memory enhancers"
>were that way.)
>
>-----Original Message-----
>From: Les Bessant [mailto:[EMAIL PROTECTED]]
>Sent: Tuesday, July 24, 2001 11:42 AM
>To: '[EMAIL PROTECTED]'
>Subject: RE: WinVNC and ZoneAlarm Pro blue screen on win2000-sp2...
>
>
>Err, apart from the obvious one of not using Zone Alarm?
>Seriously, have you
>tried removing ZoneAlarm (temporarily if need be) and seeing
>what results
>you get using a trial of another personal firewall[1], such as
>Tiny Personal
>Firewall[2], BlackICE Defender[3], or Norton[4], amongst others?
>
>
>
>[1] Or intrusion detection product
>[2] Free for personal use http://www.tinysoftware.com
>[3] I like it, even if Steve Gibson (http://www.grc.com) doesn't
>[4] Can cause BSODs on Win2K in some circumstances, but if you are not
>affected by that, it's quite nice
>
>
>Les Bessant mailto:[EMAIL PROTECTED]
>IT Manager, Sanderson Townend & Gilbert
>Acting in a personal capacity
>http://www.tiggercam.co.uk - New, improved and with more bounce!
>
>>-----Original Message-----
>>From: Neel, Steve [mailto:[EMAIL PROTECTED]]
>>Sent: Tuesday, July 24, 2001 3:58 PM
>>To: [EMAIL PROTECTED]
>>Subject: WinVNC and ZoneAlarm Pro blue screen on win2000-sp2...
>>
>>
>>On Win2000 Pro-Sp2, running VNC(server) as a service. The
>>console is logged
>>on. When I try and access my system from another
>>location(work) using either
>>the VNC viewer or the Browser applet, my home PC will Blue
>>Screen with a
>>Page Fault in Non_Paged memory for vsdatant, which is a
>>ZoneAlarm Pro system
>>file. It seems to happen more frequently when using the
>>vncviewer as opposed
>>to the browser applet.
>>
>>This error does not happen all the time. It seems that if I
>>try and access
>>the system shortly after it restarts, it works fine. The
>>longer the system
>>sits idle prior to my remote access the more likely it is to
>>blue screen.
>>Also, if I access the system from remote successfully and
>>remain connected,
>>it will not blue screen over time. The problem happens right
>>at the moment
>>of access or not at all. I'm certain that ZA Pro is configured
>>correctly
>>(allow VNC to act as a server, Full access to my remote IP,
>etc...) Any
>>ideas?
>>
>>Zone Labs has said that Zone Alarm and Zone Alarm Pro are not
>>compatible
>>with WinVNC Server. Being a programmer, I feel anything is
>>possible! <grin>
>>
>>Anyone else run into this problem and more importantly, have a fix or
>>work-a-round?
>>
>>Thanks,
>>
>>-Steve
>>Steven Neel
>>Senior Programmer/Analyst
>>S&C Electric Company
>>Phone: 773-338-1000 (Ext. 2688)
>>Fax: 773-338-5102
>>http://www.sandc.com?refid=sneel
>>---------------------------------------------------------------------
>>To unsubscribe, send a message with the line: unsubscribe vnc-list
>>to [EMAIL PROTECTED]
>>See also: http://www.uk.research.att.com/vnc/intouch.html
>>---------------------------------------------------------------------
>>
>>_____________________________________________________________________
>>This message has been checked for all known viruses by Star Internet
>>delivered through the MessageLabs Virus Scanning Service. For further
>>information visit http://www.star.net.uk/stats.asp or
>>alternatively call
>>Star Internet for details on the Virus Scanning Service.
>>
>
>
>The information in this communication and any attachments is
>confidential
>and may be legally privileged. It is intended solely for the
>addressee. If
>you are not the intended recipient any use, review, dissemination,
>distribution or copying of this information is strictly
>prohibited. If you
>have received this communication in error please notify us
>immediately on
>0191 261 2681 and delete the original message and any copies of it.
>
>Any opinions, conclusions or other information in this message
>that do not
>relate to the official business of Sanderson Townend & Gilbert
>are neither
>given nor endorsed by the firm.
>
>
>_____________________________________________________________________
>This message has been checked for all known viruses by Star Internet
>delivered through the MessageLabs Virus Scanning Service. For further
>information visit http://www.star.net.uk/stats.asp or
>alternatively call
>Star Internet for details on the Virus Scanning Service.
>---------------------------------------------------------------------
>To unsubscribe, send a message with the line: unsubscribe vnc-list
>to [EMAIL PROTECTED]
>See also: http://www.uk.research.att.com/vnc/intouch.html
>---------------------------------------------------------------------
>---------------------------------------------------------------------
>To unsubscribe, send a message with the line: unsubscribe vnc-list
>to [EMAIL PROTECTED]
>See also: http://www.uk.research.att.com/vnc/intouch.html
>---------------------------------------------------------------------
>
>_____________________________________________________________________
>This message has been checked for all known viruses by Star Internet
>delivered through the MessageLabs Virus Scanning Service. For further
>information visit http://www.star.net.uk/stats.asp or
>alternatively call
>Star Internet for details on the Virus Scanning Service.
>
The information in this communication and any attachments is confidential
and may be legally privileged. It is intended solely for the addressee. If
you are not the intended recipient any use, review, dissemination,
distribution or copying of this information is strictly prohibited. If you
have received this communication in error please notify us immediately on
0191 261 2681 and delete the original message and any copies of it.
Any opinions, conclusions or other information in this message that do not
relate to the official business of Sanderson Townend & Gilbert are neither
given nor endorsed by the firm.
_____________________________________________________________________
This message has been checked for all known viruses by Star Internet
delivered through the MessageLabs Virus Scanning Service. For further
information visit http://www.star.net.uk/stats.asp or alternatively call
Star Internet for details on the Virus Scanning Service.
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
---------------------------------------------------------------------
To unsubscribe, send a message with the line: unsubscribe vnc-list
to [EMAIL PROTECTED]
See also: http://www.uk.research.att.com/vnc/intouch.html
---------------------------------------------------------------------
