upgrading zone alarm installing pro over free deleting database files understand z.a. logs gracie's security pages zonelabs website moonlake cybersmiths email gracie |
good choice: you've installed zone alarm! but all the options can be a little intimidating at the beginning. so here are some settings i found helpful at first; they are NOT official recommendations from zonelabs, and may even differ from theirs. depending on how you work, some you'll see right away that you want to change; others you will change as you develop your own preferences. but these will get most people started easily and safely! for more info on setting za up on a network, see this zone labs page. note: these suggestions are for zone alarm pro; the choices will be slightly different for za free, but most are interchangeable. first, open zone alarm from your system tray icon. see the panel across the top that says, from left to right, alerts, lock, security, programs, configure? let's click on these one by one and look at the options in each. in each case, i'll cover the options available in zone alarm pro and give my suggested settings for you to start with. some of these options are not available in the free version; just skip those if that's what you have. * alerts panel: log alerts to text file? yes (this will let you see what alerts came in long after you've forgotten them <g>.) show the alert pop-up window? yes (if you don't want to be bothered, say no; you'll see a little flashing icon in the system tray when you have an alert instead.) advanced: check hide local address, check show pop-ups, suppress 1,2,3,4,7,8 only, choose frequency and style of log you prefer (i do weekly, tab, to make the file small and easy to read.) * lock panel: automatic lock: disable (if you tend to leave your computer unattended and online for more than about 15 minutes and you want to automatically halt all transmission after that period, then enable it.) in most cases it may be better to just click STOP before leaving the computer, or dial-up users should just disconnect from the internet. engage internet lock after: 15 minutes (this will be grayed if you disabled it.) allow "pass lock"? check if necessary for email client, etc. then set them in programs, options (see later). * security panel: internet zone: high security local zone: high security mailsafe enabled? yes advanced: general: check if you are on ics (internet connection sharing); internet servers blocked? yes, unless server software is needed (see below); local servers blocked? no, if you connect to ftp or gaming sites, yes, if server software is not needed (see below). note: turns out that to connect to my web host and other ftp sites, i need this unchecked, then set up the ftp sites in the security, advanced, local zone contents tab; auto check gateway? yes; allow vpn? only if needed. local contents: set up ftp servers and/or gaming or p2p file sharing sites you need to connect with. for those on a lan, you'll need to set up your machines to allow access across the network; see the zonelabs site for more info on this. local custom: check: allow outgoing dns, allow outgoing dhcp, allow broadcast/multicast. internet custom: check: allow outgoing dns, allow outgoing dhcp, block netbios. mailsafe: check everything unless you get one type all the time from a trusted source; if this is the case, you still should scan each incoming file with an av program. * programs panel: easiest way is to wait til za asks you and then decide for each program either yes (check 'don't ask me again'), ask each time (just click 'yes' this time but don't check 'don't ask') or no (check 'don't ask again' and it will deny it access til you change the setting.) to give you a rough guideline about what to allow (this will differ from person to person, and you can always change a setting you don't like):  for 'allow connect' column:allow without asking: e-mail clients, web browsers, others you are absolutely sure of that can't be used against you (like your av program's auto updates); allow after asking: media players, ftp clients (i have mine set to allow without asking), telnet clients, automatic updates (except your av program if you want), icq and other instant message clients, and other applications normally allowed network access; disallow: applications not expected to have network access; any unknown software. for 'allow server' column: NONE to start except possibly your ftp program (that means put x's everywhere down the server columns); if absolutely necessary, those you KNOW to be server applications should be assigned "allow after asking" (the question mark) status and given temporary server privileges when launched. note: some, but not most, anti-virus programs may need server status to work as in-the-background scanners.pass lock enabled (in options): if you decided to enable the internet lock after x minutes, then if necessary, give e-mail clients pass lock privileges if you must have them check e-mail regularly; web browsers and/or ftp clients could be given temporary pass lock status for long downloads, then rescind it. don't give pass lock privileges lightly. advanced: these are the defaults for programs you haven't yet set up. so click "ask for permission" for everything on the permissions tab (no checks below), check everything on the alerts and functionality tab. note: for more help with special programs that may need special handling, see this page on zone labs' site. there are many suggestions given - use only the minimum required to allow your program to work properly. * configure panel: on top during internet activity? no load zonealarm at startup? yes; this is very important!!! check for updates automatically? no enter your license key if your using za pro. enter your registration info. the program will register itself the next time you connect. you're done for now! congratulations! if you start to have problems with the programs settings, delete the database files. if you need to install an upgrade, check my suggestions here. if you decide to move from the free version to pro, here's some suggestions. enjoy! |
|
"thanx bob h. & fred langa who got me started, & marcus of zonelabs for help above & beyond." |
||
