Hi,

Recently you guys helped me with some (free) Zonealarm 5 problems, and some suggested switching to (free) Sygate. (I intend to stick with free obviously.) I realized that many of the web surfing problems that I have always blamed on my crummy old laptop -- even previous to the problematic ZA version 5 release -- could actually be happening because ZA just isn't the best choice for me.

So last night I switched, and so far I do think Sygate is better for me. With ZA I always had an intermittent problem with web pages not being accessible or freezing up, and Sygate hasn't had that issue so far. But here are a couple initial observations/questions:

1] People said Sygate would be harder for a novice to configure. That makes me wonder if I missed something, because it came with default choices made and I simply left most of them. Is that ok for most people?

2] It does notify me of certain things ZA didn't, like packets when I'm signing on. Maybe its "lingo" or recognition of components is just different, but I don't know what most of these things are. With ZA I was used to having only the names of programs attempting access alerted about, so the decision to allow or deny was easier. How am I gonna figure out whether to allow access/packets with things like .dlls; kernel 32; and long strings of numbers and letters I have no clue about?? For instance I denied access/packets for several of the above when I logged on last night, but I'm still connected and running. So should I assume I don't need them, even though my system tests clean for trojans, viruses and malware and it's doubtful anything bad was happening?? Should I figure this out by always denying anything I don't recognize, then seeing what happens? **I just don't want to be suffering worse Internet performance than I have to, without knowing it's partly due to my choices** (this machine is no longer capable of performing anything well/fast, so it's hard to know what's due only to that and what isn't).

3] Conversely, ZA used to notify me of many "intrusions" that Sygate doesn't. That was a case of just needing to turn off the alerts, which were actually routine stuff, and let it run. But in Sygate I never chose, or saw the option, to turn off these "intrusion" alerts that otherwise come every few seconds. It just doesn't give me any. The system tray icon is rarely reflecting any incoming or outgoing traffic at all, whereas ZA seemed to think things were going on constantly. Does any of this mean that I have configured something wrong?

4] If I want to accurately test my ports at grc.com, Sygate, pcflank, etc., do I have to connect via dialup rather than the way I do it: opening my SBC Yahoo DSL connection, *then* signing onto AOL through that? Testing it when connected that way has always showed me as perfect and stealthy on all ports; but while the sites advise that proxies, etc. can cause inaccurate results, they never come out and say what to do about it (e.g., connect via dial up instead or something).

THANKS! So far I do think Sygate is going to be better for me, but I always get a few questions stuck in my head over any technical decision I make on my own. ;^ )

I too used Sygate and ZA and noticed a big difference in the ways that the alerts came. Here's the thing, if you don't know what something is, don't let it through. Probably the worst that will happen by not letting something through that is OK to let through is your internet won't connect, or some other program that you use.

The very best thing that will happen is that you block some trojan from coming in or some malicious program from phoning home. There will always be some component of a know program that looks weird, for instance, the .dll files. If you know what program it is trying to get out, and you know you can trust it, let it through. Otherwise block it all.

I'll warn you that the alerts will come and come because of the constant pinging people do. Try not to worry to much and maybe invest in a hardware firewall.

"Should I figure this out by always denying anything I don't recognize, then seeing what happens?"

YES! Unfortunately, on the net these days --what you don't know can really do you some serious harm.

Just set it to "normal" mode and okay the programs, sites, whatever that it asks permission for that you know are good. If you don't know, let it go because if it something yuo need you will figure that out. That's part of the deal, you have to learn how to work it, it cannot read your mind, right?

As far as using the port tests, or anything else, Yahoo amd AOl are not necessary just use your dial-up and go there. The less in the way, the better.

For my money anything to do with AOL is a potential trouble source, yahoo, not as much, but why put things in the way????

Do the port test, DCOMbobulator, LeakTest, and UnplugnPlay on GRC.com, and the browser test at Jason's Tool Box, then you'll know how stealthy you are.

And just check your logs, if you getting repeated scans from some site or address you do not know--put it in google, or use WHOIS:

http://www.dnsstuff.com/

to find out who or WHAT it is.

Thresher

Hi,

passing thru as I try to save my LIFE now!!! Switched to sygate and think it let in a cws (cws.googlems.3).... am severly messed up... read that sygate may have this (and other) vulnerabilities...

P.S. also, how could I not use Yahoo(sbcDSL) or AOL when testing my ports via dial-up; those are the only two carriers I have..????

Sorry so short, going EVERYWHERE looking for cws help; most fixes are said at all the best directly related forums (e.g. spywareinfo, wilders) not to be fixes for long, and the trojan is DOS-ing me on the infected computer...

Ok, in all fairness the article I saw being discussed probably just came out sounding ambiguous, and it wasn't a problem unique to sygate:

http://computing.net/security/wwwboard/forum/12765.html