win2k and winxp question about internet access

This is my first post to this forum.

I use zone alarm pro on 2 different computers (one win2k and the other winxp based). zone alarm prompts you when a program requests internet access.

I've also been looking at the xp machine closely (since I had a trojan infection recently and ended up reformating the hd and doing a fresh install of xp). I've been using the demo version of DiamondCS Port Explorer. On the xp machine it shows lsass.exe as connected on a socket but as a "hidden process and not a service or system process." Yet on the win2k machine lsass.exe showes up connected on a socket as a system process. Why would it be any different on the xp machine?

ALso, on the xp machine, the messenger service is disabled. Yet zone alarm asks me if messanger can have permission to access the net as a SERVER. Again is that normal and if so, why?

Lastly, I've notice that when using the win2k box, zone alarm asks me if i want to allow internet explorer and outlook express to access the internet as a SERVER. Is that normal? If so, why do they need to act like a SERVER on the net (instead of just a normal program)?

Thanks for any help.

 

Regarding the Port Explorer hidden sockets question, you should read this thread: http://www.wilderssecurity.com/showthread.php?t=6989

I have a counter-question about messenger. Sometimes the messenger service and MSN Messenger are confused. So I would like to know which one you are referring to?

The last bit I will leave up to the ZA specialists.

Regards,

Pieter

 

Thank you for the link. Interesting to read that lsass.exe is probably a false positive.

I'll search for za posts concerning the requests for server access.

Thank you for the reply.

 

Pieter, sorry forgot to answer your question above. It was asking for server access for MSM messenger. That is not the messenger service I disabled. I guess I confused the two.

Again, thanks for your response.

 

LowWaterMark,

The 2 machines are not connected.

Thanks for sharing your experiences with programs asking for server access on xp. The xp machine just was reformated and xp reinstalled. I'm reasonably sure it's ok (even going to an extreme of running pcflank's tests on a newly formated and installed os).

On the XP machine, I've just gone in ZA and selected no server access to the internet for the programs listed (but not the services).

I've been using 2k daily for about 3 years (work and home). I just started using xp about 1 month ago. It does seem to run a bit different than 2k and I'll just have to learn about it and get used to it.

Thanks for your response.

 

there is a very good site by Blackviper at http://www.blackviper.com which goes into some detail about the services and how to setup different profiles to achieve a faster and/or more useful machine depending upon whether you are a gamer or share internet connections and others. I have found his information very useful here.


http://www.blackviper.com/WinXP/service411.htm

http://www.blackviper.com/WinXP/servicecfg.htm

http://www.blackviper.com/WIN2K/servicecfg.htm

HTH

Tom Wilson ~ Coyote
http://TomCoyote.org

 

Hi rayik/coyote_tom, welcome to the boards

Rayik, tom has posted great links there [if you have not seen them before] for checking your services.

As to the 2 OS's being different in terms as to what's running or not, I am curious, because I have JUST started a new thread [which way to go?] in here asking for comments on each OS.

I am getting a complete new system [the works] and am wondering what OS to install? Current Win2K PRO or XP PRO. I realise this may be a bit off topic to your original post, so you could comment in my thread I would appreciate it, seeing as you run both.

LowWaterMark also has valuable comments in here so would certainly take his post into consideration

Just my $0.02 worth


edit: tried to put a smilie after last par, but my dsylexic fingers typed a ? instead. Go figure, lol