I've been using the Zonealarm security suite for a while, have the latest version 6.5. Last night I decided to scan ports 1-1250 and it turns out that at least 3 ports were open! wtf! The settings in zonealarm seem to be right, internet zone security is set on high. Why aren't all the ports stealthed, or at least closed?

 

Sounds like a question for the fine folks a Zonealarm. Maybe bug in the software? Maybe a misconfiguration of the software?

 

The opened ports should be stealthed; obviously if they're 53, 80, 443 and the pop3 port (escapes me) those are necessary for internet access and email.

G

 

What ports?

 

Guys - Zonealarm should stealth ALL ports in it's default configuration. If he has open ones it's either a bug in the software, or somehow it's configured to hold those open.

Also, how are you testing this - grc.com shields up?

 

i dislike zone alarms

 

I don't remember which ports were open, it was in the 1-50 range. I tested with shieldsup and a few other sites. All seem to give somewhat different results. The only security scan which told me that the firewall passed all tests successfully was the Symantec one which is basically a joke.

 

My DSL modem/router stealths all of the ports, but will respond to pings - so therefore shields up will report a failure. Since it protects me by NAT I don't need a computer-based firewall.

I haven't needed zonealarm since I had a USB DSL modem that would dump me right on the Internet - but that was years ago.

 

so should I be concerned about those ports being reported as open? does it compromise my computer's security?

 

Is your computer behind a dsl or cable router? If so, it's your router that's responding to the shields up site - not your computer. Try shields up with and without zonealarm. You should get the same results.

Make sure your remote management features for the modem/router are set to disabled and try again. That may shut off those ports.

 

I have a cable modem, I really doubt it's got a built in router

 

Many actually do now. If you are hooked up to the modem with you network card, type "ipconfig /all" at a command prompt and look at the address of your network card.

If your address begins with 10 or 172.31 or 192.168 then your modem most likely is a router. Those are private addresses not used on the Internet. The most common is 192.168.

 

I run no firewall software on my PC. I do use a router on my network. Router > *

Zone Alarm and the like are messy....