ZoneAlarm's Trusted Zone & Internet Explorer

[Firebytes]

Please excuse my ignorance on this subject.

I use Firefox the majority of the time and Opera occasionally. When I fire either browser up ZA (free) pops up as expected and asks if they may have internet access.

I rarely ever use Internet Explorer but I noticed that when I do ZA pops up and asks if IE may have trusted zone access instead of internet access. The only thing listed in my trusted zone is the loopback adapter but allowing IE access to the trusted zone gets IE onto the internet. If I deny access to the trusted zone then IE advises it can't connect to the internet.

It was my understanding that in ZA the trusted zone was only for allowing access to the local network or other computers specifically marked as trusted.

Why if my other browsers must ask for internet access does IE ask for trusted zone access instead? Also, why can it get onto the net by doing so?

Thanks in advance for answering a possibly dumb question.

[Firebytes]

bump

[AKAJohnDoe]

I deleted the entry I had for IE in ZoneAlarm, then started up IE. ZA told me IE was trying to monitor activities, so I denied that and told it to remember that. Now it has one green bar (Restricted) and checkmarks in both Trusted and Internet under Access. Question marks (Ask) in the Server and Send Mail columns. Never asked about Trusted or Internet, just did the OK on it's own.

I changed the ZoneAlarm settings for IE back to Kill and Red X's all across as it was before

[Firebytes]

I appreciate the reply but it really didn't answer my question.

Hmm, I figured that if nothing else that Stem would be able to answer this one with his keyboard tied behind his back. Is Stem AWOL on us?

[noway]

Quote:

Originally Posted by Firebytes

...I use Firefox the majority of the time and Opera occasionally. When I fire either browser up ZA (free) pops up as expected and asks if they may have internet access.

If you have used both of these browsers before and allowed access to Internet and/or Trusted zones and checkmarked ZA to remember these settings, then nothing should pop up when using these 2 browsers. Most people run the firewall that way, rather than setting them to Ask.

Quote:

Originally Posted by Firebytes

I rarely ever use Internet Explorer but I noticed that when I do ZA pops up and asks if IE may have trusted zone access instead of internet access. The only thing listed in my trusted zone is the loopback adapter but allowing IE access to the trusted zone gets IE onto the internet. If I deny access to the trusted zone then IE advises it can't connect to the internet.

Could it be that you have specified under IE Internet Options that IE should connect to a local proxy (ie. 127.0.0.1, port 8080)? If so, then IE is trying to connect to the local proxy. As above, there should be no popping up of ZA if you have selected "remember this setting" when you told ZA what to do the last time it happened. If you don't want IE to connect via a proxy just remove the loopback address and port under IE Options. (Tools-Internet Options-Connections)

Quote:

Originally Posted by Firebytes

...

It was my understanding that in ZA the trusted zone was only for allowing access to the local network or other computers specifically marked as trusted. Why if my other browsers must ask for internet access does IE ask for trusted zone access instead? Also, why can it get onto the net by doing so?

The last version of ZA I was comfortable using was 4.5.594 and I always use a local proxy (Proxomitron). With 4.5.594 I didn't have to put the loopback adapter into the Trusted Zone, but you may have to in newer versions. Are you using a local proxy at all? If not, why have you not removed it from the Trusted Zone in ZA?

[Firebytes]

@ noway, thanks for taking time to reply.

Quote:

Originally Posted by noway

If you have used both of these browsers before and allowed access to Internet and/or Trusted zones and checkmarked ZA to remember these settings, then nothing should pop up when using these 2 browsers. Most people run the firewall that way, rather than setting them to Ask.

I choose to have ZA ask me each time before almost all my programs can access the internet.

Quote:

Originally Posted by noway

Could it be that you have specified under IE Internet Options that IE should connect to a local proxy (ie. 127.0.0.1, port 8080)? If so, then IE is trying to connect to the local proxy. As above, there should be no popping up of ZA if you have selected "remember this setting" when you told ZA what to do the last time it happened. If you don't want IE to connect via a proxy just remove the loopback address and port under IE Options. (Tools-Internet Options-Connections)

I have never set IE's options to use a proxy.

Quote:

Originally Posted by noway

The last version of ZA I was comfortable using was 4.5.594 and I always use a local proxy (Proxomitron). With 4.5.594 I didn't have to put the loopback adapter into the Trusted Zone, but you may have to in newer versions. Are you using a local proxy at all? If not, why have you not removed it from the Trusted Zone in ZA?

I use ZA version 6.1.744.001 since the 4.5 version wouldn't run on my new laptop (BSOD). The only proxy I go through is the transparent proxy that avast! uses so that the webshield will function. I guess I could remove the loopback adapter from the trusted zone in ZA and see if it causes any problems. I thought that Firefox had to have the loopback adapter to function but maybe I am wrong.

I guess its no big deal since IE still has to ask before it can access even the trusted zone but I was very curious why accessing the trusted zone (loopback adapter) allowed it to access the internet.

[Bubba]

Quote:

Originally Posted by Firebytes

I was very curious why accessing the trusted zone (loopback adapter) allowed it to access the internet.

One of the first checks a web browser makes is host name resolution(local Hosts file) and if nothing comes up then the next step is a DNS query.

You have to let IE access the Trusted Zone or give IE Trusted Zone access but require it to ask for Internet access. He\She can go to other rooms in the house(127.0.0.1) but must ask for permission to go outside(Interent Access).

[Firebytes]

Quote:

Originally Posted by Bubba

One of the first checks a web browser makes is host name resolution(local Hosts file) and if nothing comes up then the next step is a DNS query.

You have to let IE access the Trusted Zone or give IE Trusted Zone access but require it to ask for Internet access. He\She can go to other rooms in the house(127.0.0.1) but must ask for permission to go outside(Interent Access).

Sorry Bubba, maybe I just don't understand what you are saying (very possible with me ), but IE doesn't asks for internet access (as FF and Opera do). It just asks for trusted zone access. If I allow IE to access the trusted zone it immediately connects to my home page on the internet without asking for internet access.

[Bubba]

Quote:

Originally Posted by Firebytes

Sorry Bubba, maybe I just don't understand what you are saying (very possible with me ), but IE doesn't asks for internet access (as FF and Opera do)

Correct me if I mis-understood something you said earlier but you said you use avast's transparent proxy ?

If that's the case and after you have given Avast permission for Internet access, IE does not need to ask for Interent access since it's going thru the open door of avast's transparent proxy. IE then only needs Trusted Zone access. As for FF and Opera, I'll have to defer to others because I've not used O and only used FF briefly many moons back.

[Firebytes]

Quote:

Originally Posted by Bubba

Correct me if I mis-understood something you said earlier but you said you use avast's transparent proxy ?

Yes, I use avast, which to my understanding creates a transparent proxy which you go through to allow the webshield to operate.

Quote:

Originally Posted by Bubba

If that's the case and after you have given Avast permission for Internet access, IE does not need to ask for Interent access since it's going thru the open door of avast's transparent proxy. IE then only needs Trusted Zone access. As for FF and Opera, I'll have to defer to others because I've not used O and only used FF briefly many moons back.

That may very well be how IE is doing it I suppose. I just figured that if my other browsers had to ask for internet access from ZA that IE would have to do so as well. Live and learn I guess.

Thanks for the help.

[Stem]

Hi Firebytes,

As mentioned by Bubba, it does sound like avast is forcing proxy use. One way to check is to block IE from Internet zone to see if IE is actually using allowed rules for Avast (through local proxy).

IE does require loopback for UDP, or connections will be very very slow (well certainly the versions of IE I have looked at).

[Firebytes]

Blocking IE from the interent zone by default had no effect on it being able to connect to the internet. It had never even had to ask for internet access before when ZA was set to make IE ask. IE just seems to need access to the trusted zone (loopback adapter) to access the internet.

I did notice one thing that was a little strange. I usually only use IE to access Windows Update site and thats all. Today I was trying IE and going to different sites. I was able to surf to different sites but once(while already online and merely changing websites) ZA popped up that IE was requesting internet access. I denied it to see what would happen and it didn't connect to the site. After closing IE and restarting, it only needed trusted zone access again to get on the internet. I eventually managed to get it to ask for internet access again (while changing websites) but it seems to be random.

So, I guess IE just operates differently than FF, Opera, and basically all my other programs when used in conjunction with ZA and Avast's transparent proxy. They all must request internet access to get on the net even if they have been allowed access to the trusted zone.

Anyway, thanks to everyone who posted to help satisfy my curiosity concerning this matter.

[Bubba]

Quote:

Originally Posted by Firebytes

I eventually managed to get it to ask for internet access again (while changing websites) but it seems to be random

Your ZA logs would possibly show DNS(port 53) requests during those "random" times.

[Firebytes]

Quote:

Originally Posted by Bubba

Your ZA logs would possibly show DNS(port 53) requests during those "random" times.

I checked the program log in ZA for IE and when it is asking for trusted zone access it is connecting to "Destination DNS: Loopback". When it is asking for internet access it is connecting to "Destination DNS: zonelabs.com". Which is the same destination that FF connects to when accessing the internet.