XML Rules Files for ZoneAlarm Pro 5

Discussion in 'other firewalls' started by treat2, Apr 23, 2005.

Thread Status:
Not open for further replies.
  1. treat2

    treat2 Registered Member

    Joined:
    Apr 23, 2005
    Posts:
    26
    Hey all,

    I've been in the S/W Dev biz since '81 and doing Windows since 94 beginning with C/SDK, so feel free to talk as techie as you want.

    First, what I'm looking for...

    I would like to find some downloads of a few well tested versions of the XML Rules File that people have created for ZoneAlarm Pro 5.

    That would not seem to be too much to ask of even the authors of AZ, particularly in light of their asking EVERYONE to upload their own rules files, to the authors of AZ. Yet googling it turns up, not a SINGE place that
    I can find any such thing to download.

    Microsoft is the last place to quote good stuff about, and their provided Security Schemes that can be implemented on Windows actually are pretty poor, but at least they provided a few versions of security schemes and named them appropriately, so that you 'd have an idea of what you might want to use. (Personally, I've no need for them, even though I tried their "most" secure version, which was surprisingly poor.)

    HERE'S THE DEAL... I've been using Norton's AV and Firewall for 5 years,
    and I've made lots of custom rules that EVERYONE should have been provided with, for a stand-alone Dialup "Web Surfer" configuration. It took me years to actually come up with a really decent set of rules, and I still keep adding new rules to it. LET ME COMMENT ABOUT A FEW THINGS FOR ZA THAT I'M WANTING.... (upper-case is NOT shouting here) ...

    Without doing a direct count of my System Rules in Norton, there are about 20 Rules or so that everyone should have OUT OF THE BOX, but Symantec doesn't bother with, and which makes Norton "next to useless" out of the box. There are quite a few more rules which actually take me about 3 weeks to fully implement. UNFORTUNETLY, even after 5 Years, Symantec STILL has not createtd a WORKING version of a file to capture all of the rules that I would like to transfer from year to year, when I upgrade, or buy another PC. UNLIKE Symantec's buggy incomplete malfunctioning rule capture and restore facility ...

    ZA does provide a WORKING debugged facility to capture the Rules you create, which would be (in light of the 3 week setup time for Norton) a big time saver, and something that at this time, I REALLY need ASAP.

    What rules ZA actually does implement out of the box, I assume to be few, and insufficient to do anything useful. Additionally, the "Learning" mode for 2 other aspects of ZA, are also insufficient to provide a decent Firewall.

    The fact is this... there are specific well known ICMP rules (Ports) that should be blocked for (Inbound, Outbound, and In/Out) use. Those Ports to block and not to block are fairly standard, and require SEVERAL rules to actually implement depending upon whom your PC is talking to. However, they all need to exist. The SAME holds VERY true for the 65535 Ports used by TCP/UDP. There are Ports over 1023 and under 1024 that should be blocked out of the box, which of course are not, and which makes Symantec's Firewall a problem for people that are unfamiliar with their Firewall. The SAME rules need to exist in ZA, AND WOULD exist in ANY well-tested "Web Surfer" configuration of it. Moreover....

    These Rules MUST BE in a specific order. They must refer to what is and what is not blocked. They must also specifically refer to 127.0.0.1, 0.0.0.0, "My Computer", the Trusted Zone (which your PC should not be in), the Internet & Restricted Zones too. Additionally,

    There are a number of VERY COMMONLY used programs, like Word, and Frontpage, as well as, a number a NASTY programs in System32, like Telnet Server/Telnet, REXEC, RSH, and more that also should be blocked by any rational "Web Surfer". These COMMONLY USED PROGRAMS, and KNOWN EXE's and DLLS in the Windows and Programs Directories, ALSO REQUIRE specific rules, which any WELL-TESTED Rule-base for ZA should have implemented.

    A fairly direct manual thought-out translation of the System Rules from Norton to ZA was attempted, and a number of custom rules for MANY of the above mentioned programs was also attempted. They were created and tested, with the result being that some moron seriously screwed around with ZA, and forced every program to permit Server access to anyone, and the ability to turn off and change that setting was totally blocked. (Please don't even bother asking: "Did ya login?"). Naturally, as part of that translation virtually every part of ZA was customized, with rather disasterous results.

    Having already been screwed with when ZA was fairly customized, and after putting a lot of effort and attention into that, I am thinking that somewhere in this World with so many people talking about how great ZA
    is or was, that SOMEWHERE there MUST BE SOME downloadable version of some well-tested customized XML Rule file for the average "Websurfure", even if not using a dial-up, which really doesn't matter much anyway. (Of course, many will chime in about how bad ZA is, and I am aware of it. However, having bought another computer and with 3 other to maintain, it is a VERY BIG PAIN in my butt to go from year to year, with Norton's Firewall, given their lousy buggy and incomplete version of a rule file.)

    So, for all those that are saying how great ZA is, and REALLY KNOW what they are talking about, when it comes to the Ports, Directions, IP's, Zones, standard NASTY Windows Programs, etc that need rules, and those "good" Ports and other directions, for the same IP's etc that things should be PERMITTED, i.e. unblocked ....

    PLEASE, let me know if there is any place to download a well-tested, well written XML rules file for ZA. (The folks that believe that you just throw ZA onto your PC, write a few rules, and that's it... are not the folks I am interested in hearing from.)

    Thanks in advance to anyone for useful replies.

    BTW. Symantec is a bit at a loss for how to even collect all of their own rules and transfer them anywhere. (That used to not be the case, but I suppose that outsourcing has taken its toll in knowledge of their products.)
     
  2. treat2

    treat2 Registered Member

    Joined:
    Apr 23, 2005
    Posts:
    26
    Mod, forgive me, (as a rarely seen poster not inclined to hog your space), but I want to try ONE MOE TIME to see if after all of the high praise I keep seeing about ZA, if there is a SINGLE PERSON who has ever seen ANY bunch of well-tested and categorized bunch of XML Rules Files for ZA.

    Having spent the better part of last night and part of today searching for any sign of the existence of such files, I haven't found a single customized Rules File created by ANYONE AT ZONEALARM, or whom uses ZA, that is avaliable for download anywhere on the Net, and I've used a few search engines with a variety of search criteria likely to find any such thing, to be a sure as possible.

    So.... If ZA is so great, where is there any Rules file on the Net which can show it to be as good as many people believe?

    I REALLY have a use for that file, I'm NOT asking just to take a jab at ZA, in fact, I would rather be off of Norton, which Symantec can't even program properly to produce a rules file without that program crashing along the way, AND EXCLUDING A TON of Rules that they simply ignore and are time-consuming as hell to recreate year after year on 4 different damn PC's!

    So, I am indeed asking for good reason. I've got 3 disks with ZoneAlarm Pro 5 on them, and have an incentive to use it, BUT ONLY if I can get the damn thing to work with a well-tested comprehensive rule set, for any average home surfer.

    (See the note above, if you have no idea what kind of rules I'm talking about.) Thanks in advance for anyone's assistance, and I assure everyone I won't ask a 3rd time.

    Mod, thanks in advance for permitting this indugence with my asking the question 1 last time!
     
  3. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    Hi treat2

    Will the ZA .xml backup files created on one system work on a different one?
    I actually have one saved from when I looked at ZA Pro v4, but it is specific to my system, applications, remote servers, etc. I'm not sure if these were meant to be shared or just used as a backup for the system on which it is installed.

    In later versions of NIS/NPF there was an unsupported and undocumented way to save/restore rules, but only for that system. NIS Pro used to have the ability to export rules/configurations that was transportable between systems, but I do not know if any current versions still have this functionality. Upgrading on the same system I believe now gives you the option to save your current configuration/rules.

    If it is help with defining rules you are after, feel free to ask. This post from the Other Firewalls Sticky Post relates to ZA Plus/Pro and may be of help: Zone Alarm Plus/Pro Program Options (Updated for ZAP v4.0)

    Regards,

    CrazyM
     
  4. treat2

    treat2 Registered Member

    Joined:
    Apr 23, 2005
    Posts:
    26

    Hey CM,

    ZAP5 lets you save the rules and restore them from an XML file of any name you choose. I wouldn't want to chance rules from ZAP4 though. However, I'd not be concerned over any delta of ZAP5.

    I appreciate the URL. It's way too basic for me. I've constructed a set of System Rules during the past 5 years I've been using Norton. They refer to Ports, IP/DNS Names,
    Direction of the message (In, Out, In/Out), Allow/Block,
    etc. the same sort of stuff you could put into ZAP5's System Rules. The Program specific Rules also have the same elements in both firewalls.

    I spent a few days doing a very careful manual (i.e. thought out/logical) translation of each and every System Rule I have in Norton, into ZAP5. I also spent a considerable amount of time to understand as much of ZAP5 as is available and where unclear, checking the doc.

    Despite many days spent doing this I found that even as soon as I was given an IP address I was clearly being targetted by other folks within the subnet assigned to my ISP. More visibility occurred with more activity, and in an hour I found over 555 unsolicited TCP/UDP messages
    that were not of the nature of a port scan, but were from individuals, where sent to my IP, and were blocked.

    Despite the claim of stealthing and such an option, that was clearly not the case.

    After about 3 days of use I found that all the settings in ZA were changed to allow every program in the system be a Server (i.e. have Server Access), to any Zone in the Net, AND THAT the entire column in which Server Access is indicated for all programs, the Green checkmark to indicate "OK" was protected from my changing ANY OF IT.

    In other words, some moron got in, and screwed with the ZA settings on the machine, and whatever else.

    Naturally, I scan my system using an upto date Antivirus Program, and many different anti-spy, anti-malware, programs are kept running as applicable, and used regularly to scan as well.

    The Sites I permitted to be in the Trusted Zone were very limitted, but included Symantec and Zone Labs.

    During the time ZA's Firewall was running I kept Norton 2K5 running, and the MS Firewall running on XP Pro with XP SP2 and NTFS.

    The amount of checking I did on the System Rules suggested that they were not different than I setup in Norton, and the way I go about setting up a Firewall is very carefully, over a period of days to weeks.

    I SUSPECT, but do not know for certain, that one of the 2 Firewall Vendors was screwing with me, and not a casual hacker, since the ability and knowledge to accomplish what was done to the ZA settings would be very limitted, but certainly known by the ZA folks, and I've no reason to believe that the Symantec folks would not have knowledge of how to accomplish the same thing.

    Since I do no financial transactions on the Net, there's little incentive to target my machine. However, competing Firewall Vendors that both have clients able to send them messages, make them both suspect for that event.

    In any case, I can find NOT a SINGLE source on the NET, after days of searching that would indicate ANYONE has ANY System Rules for ZAP5 that might even be tested.

    I KNOW Zone Labs has the stuff, since they have a built-in checkbox on one of their screens that allows ppl to "share your rules with us".

    Now, as to why Zone Labs would NOT THEN loadup and TEST the stuff, to make just a few decent configurations for ppl to get out-of -the-box, as well as, to download from their site suggests that they would prefer to keep their customers ignorant, and with a Firewall that REALLY does very little, when it's just slapped on a hard drive by their typical customer.

    Incentive to keep them coming back... the expectation of a better Firewall, but none forthcoming. It being a matter of business and dollars, rather than the inability of them to create, install, and publish about 2 dozen System Rules, and several dozen Program Specific Rules for even Standard Windows EXE's and DLL's, for a few typical configurations, like (for example), a dial-up home user, wanting very high security on the Net, for starters.

    Still, it would seem that despite this same thread being posted in 2 very good security related Forums, of which this is one, and in ZA's own third Party Forum, as well, NOT ONE configuration was made known to me.

    Damn shame because Norton still can't write out ALL the rules that you create, NOR can they even write a program to create the XML File of a few Rules they profess the program will write out, before that program crashes, leaving me stuck with having to retype the same ole stuff
    every upgrade and on my 4 different PC's consecutively, taking a few weeks to accomplish!

    Ignorance is bliss, so their customers have no idea how useless their firewalls are, and 99% of them don't even bother to look at their own firewall logs, or know how to.
    GRRR!

    Thanks CM, but their's not much you can do. I've got good System Rules for a pretty solid Firewall, but translating them to ZA was a huge task, and all I'm looking for is for something that I KNOW exists, but isn't being created for public consumption. Regards - T2
     
Loading...
Thread Status:
Not open for further replies.