ZoneAlarm Pro v4.0.123.012 Installation and ScreenCaps

Note: this page discusses only ZoneAlarm Pro, not the free version.

This html page and its images may be downloaded as a zip file (1,131KB) here: zap-4-0-123-012.zip for offline perusal.

This page contains screencaps of settings for zaPro in a configuration which have been working for me so far (no successful unauthorized intrusions, no successful unauthorized outgoing connections which I am aware of).

Installation:

Good installation practices suggest that first you cold boot the computer:
- Click "Start" > "Turn off computer" > "Shut down"
- Leave the power off for at least ten seconds
- Turn the computer back on.
If the system is WinMe, WinNT or WinXP, you should also perform a System Restore checkpoint:
- Click "Start" > "Programs" > "Accessories" > "SystemTools" > "System Restore"
- Select "Create a restore point" and click "Next"
- Enter a descriptive phrase and click "Create"
- Click "Close" after the restore point is created.
If a previous version of zoneAlarm is already running, shut it down entirely by rightclicking on the icon in the system tray (notification area) and click on "Shutdown ZoneAlarm".
It is a good idea (though not required) to disable anti-virus software for the duration of the installation.
Either run the downloaded installation program or insert the ZoneAlarm CD in the drive.
Accept the default installation directory: C:\Program Files\Zone Labs\ZoneAlarm\
If you are upgrading from an previous major version of zoneAlarm (v2.x, 3.x), select a "Clean Install"; if you are upgrading from v4.x, select "Upgrade" and click "Next".
Accept the license agreement.
The next screen will have four dropdown fields:
- how do you connect?
- rate your understanding of internet security?
- how many computers do you have?
- what type of computer are you installing zoneAlarm for?
Select the appropriate answers and click "Next"
Click "Finish".
ZoneAlarm Pro will install.
After installation is done, a dialog box will appear indicating that "the computer must be restarted for installation to be completed; do you wish to restart the computer now?" Answer No, do not restart the computer now (click "Cancel").
You will be returned to the Windows desktop.
Now manually perform a cold boot as described in Step 1.
Leave the computer powered down for at least ten seconds then turn it back on.
Upon bootup, a screen (see the first screen capture below) will appear, "Secure Programs Automatically":
- If you performed a "Clean Install", select "Yes".
- If you performed an "Upgrade", select "No".
then click the "Next" button at the lower right.
Another screen (see the second screen capture below) will appear "Help us make Zone Labs security better". You will be asked if you wish to "... periodically ... anonymously share your security settings with Zone Labs".
I am not comfortable with this so I say "No".
Click the "Finish" button at the lower right.
ZoneAlarm Pro should now be fully installed.
Perform another cold boot as described in Step 1.

Next, whether you are a new or experienced user of zoneAlarm, you should go through the ZoneAlarm tutorial. It isn't that long (9 screens) and will take all of about two minutes to read. What it will do is familiarize you with the product.

To access the tutorial, click:
"Start" > "Programs" > "Zone Labs" > "Zone Labs Security Tutorial"

Finally, open ZoneAlarm Pro by doubleclicking on the icon in the system tray and go through all the menus as shown below in the screencaps.

Please note that these are settings which seem to have worked well for me. Your system and your requirements may vary.

Also note that this page in no way is meant to replace utilizing the Help feature of ZoneAlarm. This page is meant only to serve as a starting point. When in doubt, Read The Fine Manual!

01overviewStatus.gif
A simple status screen. One item to note: All of the screens have a small item at the bottom called "Hide Text"; this slides the vertical dividing line to the left hiding the descriptive text. This can be handy if you want more "real estate" for reading settings.

01-overviewStatusHideText.gif
When text is hidden, it can be regained by clicking on "Show Text".

02overviewProdInfo.gif
The license number is delivered by email upon registration; you have to be online to register the product.

03overviewPrefs.gif (self-evident)

04firewallMain.gif (self-evident)
Leave Internet Zone Security on "High"; at this setting your computer is operating in "stealth" mode which means that hackers can't even see that your computer exists.

06firewallMainInetCustInet.gif (default settings)

07firewallMainTrustedCustTrusted.gif (default settings)

09firewallMainAdvanced.gif (default settings)

10firewallZones.gif
Hostnames, IP addresses or IP ranges put here can be defined as "Internet", "Trusted" or "Blocked".
An "Internet" entry will use the Internet Zone rules on the Firewall > Main tab.
A "Trusted" entry will use the Trusted Zone rules on the Firewall > Main tab.
A "Blocked" entry will will be denied all communications.

11firewallExpert.gif
Provides additional "fine-tuning" capabilities for permitting or blocking communications.

12progcontrolMain.gif (default settings)
I have found it best to leave the Program Control slider at "Medium". If you set it to "High", then zaPro wants you to validate each Component of each program being used and it is just prohibitive: I counted over 900 entries in the Components section. Life is too short. :)

13progcontrolMainProgcontrolCustom.gif (default settings)

14progcontrolMainAutolockCustom.gif (default settings)

15progcontrolPrograms1.gif
This and the next four screen captures show the settings I'm using for specific programs. A word about the settings themselves (

):
a

means that the program is always permitted to communicate in that category.
a

means that zoneAlarm will ask you each time the program attempts to communicate in that category.
a

means that the program is never permitted to communicate in that category.
Please observe that none of the programs I use are granted server privileges. I have found that for 99% of normal browsing and internet use, programs do not require server privileges.
The only exception to this that I've found so far is using AOL Instant Messenger (AIM) for the purpose of sending or receiving a file with an IM or chat partner; then AIM must be allowed server privileges (on both ends if the other person also has ZoneAlarm or, presumably, another firewall product).

To find specific directory and file information for a given entry, click on it and details about the program will be displayed at the bottom of the screen in the "Entry Detail" section.

16progcontrolPrograms2.gif

17progcontrolPrograms3.gif

18progcontrolPrograms4.gif

19progcontrolPrograms5.gif

20progcontrolComponents.gif
See above note for Program Control, Main tab.

21alertslogsMain.gif
When you first install zoneAlarm, you might want to set "Alert Events Shown" to Medium or High; it will give you an idea of just how often attempts are made against your system (for example, in the 5 or so hours I've been online since I installed this upgrade, zoneAlarm has blocked 393 intrusion attempts, 202 of which were "high-rated"; this is more than one per minute...).
In very short order though you will tire of clicking "OK" to get rid of the pop-up notification so go here and set Alert Events Shown to Off.
Definitely Log Events. Definitely Log All Program Alerts. You never know when a piece of information will pull your chestnuts out of the fire.

22alertslogsMainCustom.gif

23alertslogsLogviewer1.gif
The log viewer is pretty self-explanatory.

24alertslogsLogviewer2.gif

25alertslogsLogviewer3.gif

26privacyMain.gif
The Privacy settings can get a little tricky especially if you go to certain websites which require cookies to be enabled (on-line purchasing with "shopping carts", certain dynamic websites, that sort of thing).
I have found that the settings I have here allow me to do my on-line banking and make purchases while still maintaining a certain degree of privacy.
If you click any of the "Custom" buttons, they will take you to the same window but with the appropriate tab selected (see the following three screencaps). These will become your "global" Privacy settings applied to each site you visit.
You can, however, define individual sites to have their own individual settings. More on that below under the "Site List" tab.

27privacyMainCookieCustom.gif
If you have problems accessing a website with your current settings, try putting a check in the "Show Privacy Advisor" checkbox; this will give you a pop-up every time zoneAlarm blocks something based on your settings and this should give you an idea of what is preventing access to the site.

28privacyMainAdblockCustom.gif
I have the animation on because I have a couple sites I maintain which use animated .gif files and I like to know that those are working.

29privacyMainMobileCustom.gif
These I'm not so sure about. I use sites with javascript, regular scripting, java, and ActiveX; I'm not so sure about mime-type integrated objects.

30privacySitelist.gif
This is where you would define a site to have its own settings regarding cookies, ad-blocking and mobile code. Once you edit the settings for a site, it remains in this list in all future sessions.

31privacyCachecleaner.gif
This is just a "handy feature".

32privacyCachecleanerCustomHD.gif

33privacyCachecleanerCustomIE.gif

34privacyCachecleanerCustomNS.gif

35emailMain.gif
This is a feature which, when combined with a decent anti-virus product (with current virus definitions) really helps to minimize the possibility of incoming email borne viruses.
For each type of file in the following list (Attachments), zoneAlarm replaces the extension of the attachment with .zl? where ? is a number or letter. This renders the attached file non-executable in any form.
You can, however, download the attached file and doubleclick on it; zoneAlarm will then open a warning window telling you the type of original file and give you the option to run it, view it with Notepad, or not run it.
As always, informed common sense should be first on your mind: Did you anticipate receiving an email with an attachment? Have you independently communicated with the sender asking them if they sent the email and what were the contents? Where did they get it from?
I realize that sounds paranoid, but then again, I have yet to receive a virus which I did not intentionally put on my computer.

36emailMainAdvanced.gif
This is a rather nice feature which provides some warning if you do manage to get a virus or worm which is trying to disseminate itself without your knowledge.

37emailAttachments.gif
This is the list of attachments which zoneAlarm checks for. Keep in mind that zoneAlarm only checks the extension name, it doesn't actually check the contents of the attachment. This means that the file could be named malware.xxx then somehow get renamed at a later point to an executable extension.
It used to be Safe Sex, now it's Safe Computing. An excellent resource to Safe Computing may be found at:
http://www.cert.org/tech_tips/home_networks.html#IV

Return to LAFN main page
Return to Mentors' page

This page updated: The Ides of March 2004 0230 pst
jtm