Zone Labs, Inc. ZoneAlarm - Release 2.1.25 Dear Customer: Thank you for choosing ZoneAlarm--the Internet security utility and firewall that detects Internet access on your computer and controls which programs have access to the Internet. This ZoneAlarm release combines powerful security features including application Internet access control, a complete local firewall with easy-to-use security level settings and advanced local and Internet zone capabilities. NEW! Release 2.1.25 now incorporates ZoneAlarm MailSafe - E-mail Attachment Protection. Please read the What's New section for complete details. Unless otherwise indicated, all materials provided in this version are copyright (C) 2000 by Zone Labs, Inc. Zone Labs, Inc., San Francisco, May 08, 2000 Table of Contents 1. How to get help 2. Minimum system requirements 3. How to report problems 4. Installation/Uninstallation 5. Running ZoneAlarm 6. What's New in This Release 7. Known problems 1. How to get help Visit the ZoneAlarm support Web site at http://www.zonelabs.com/support.htm to get the latest hints and tips on using ZoneAlarm or for help diagnosing a problem. If you're curious what a firewall alert means, click the "More Info" button (when available) to send the alert to our Alert Analyzer web site and receive a short analysis. 2. Minimum system requirements ZoneAlarm requires: - Microsoft Windows 95 (original with WinSock 2 or OSR2), or Windows 98 (original, SP1, and SE), or Windows NT 4.0 (SP3, SP4, SP5 or SP6), Windows 2000 Final Release - an 80386 or faster processor (486 recommended), - 8 Mb of system memory. A full installation requires approximately 3 Mb of hard disk space. ZoneAlarm works with most types of TCP/IP connections, including Ethernet LAN, DSL, cable modem and dial-up connections. 3. How to report problems Please check the ZoneAlarm support Web site at http://www.zonelabs.com/support.htm for the latest in usage issues and bugs, or for help diagnosing a problem. If you can't find an answer to your problem, please report it via email to support@zonelabs.com. In any report include: - The operating system version you're using; - The ZoneAlarm and TrueVector version installed on your computer (You will find this information in the ZoneAlarm Configure panel); - Application(s) used to access the Internet, and their version; - Protocol and contents that might have caused the problem; - URL or website you visited; - Contact information so we can get back to you. 4. Installation/Uninstallation To install ZoneAlarm, run the installation executable. The setup program will prompt you for all additional steps. The installation procedure records the changes made to your system to a file called INSTALL.LOG in the installation directory (by default, C:\Program Files\Zone Labs\ZoneAlarm). To install on a Windows NT machine, you will need administrator privileges. To install on Windows NT 4, this product requires Service Pack 3,4,5 or 6 be installed. To install on Windows 2000 use only the Final Release version of the operating system. Upgrading an existing installation of ZoneAlarm requires that you reboot the system before running the newly installed version. This is particularly important for Windows 2000 users, to ensure the system does not restore the previous TrueVector device driver. To uninstall ZoneAlarm, select the Start | Programs | Zone Labs | Uninstall ZoneAlarm item on the main Windows menu. 5. Running ZoneAlarm You can start ZoneAlarm by choosing the Start | Programs | Zone Labs | ZoneAlarm item on the main Windows menu. ZoneAlarm will also start automatically each time you start the computer. To read the ZoneAlarm Help page, press the F1 key on the ZoneAlarm application window. 6. What's New in This Release This release introduces the ZoneAlarm MailSafe E-mail Attachment Protection feature. This version: - protects against inadvertent execution of VisualBasic Script e-mail attachments downloaded while the MailSafe feature is installed and set active. - quarantines VBScript associated e-mail attachments (those having the .vbs filename extension), and pops up a warning message when you try to execute the attachment. - ZoneAlarm MailSafe can be enabled/disabled in the Security panel. For an overview of ZoneAlarm's basic features, see the ZoneAlarm help file (normally installed in C:\Program Files\ZoneLabs\ZoneAlarm\Help\ZoneAlarmHelp.htm). Release Notes: 2.1.25 - This release adds ZoneAlarm MailSafe - E-mail Attachment Protection. - This release works around a bug in Windows NT4 SP6 that can cause a BSOD. 2.1.18 - This release seals the DHCP port for inbound probes. - This release fixes a problem experienced by some users of NT SP6 with faulty 3COM network card installations, resulting in no stealth mode. 2.1.10 - Introduces logging features, including: - renaming the Traffic panel to the Alerts panel. - logging of alerts to a text file. - the ability to browse the most recent alerts inside the Alerts panel. - This release fixes an abnormally high CPU and file usage when the Alerts panel is active. This could cause disk repair utilities to restart their activity over and over. 2.1.9 - When TrueVector shuts down abnormally, the user has an opportunity to restart it. - Fixes several bugs: - PINGs from certain programs (notably, Napster) would be blocked by the firewall. - While running Netscape 4.7 on Windows 2000, Netscape would occasionally appear to "hang". - The log database (computername.LDB) would grow by 512 bytes each time the TrueVector engine started. - When running on Windows 98 SE (but not the Windows 98 original edition), some users found that after Resuming from Standby Mode, some traffic can be blocked by the firewall. 2.1.3 - The log text file format has changed, to reflect more information stored in alerts. - The log file records GMT offsets less than one hour, to handle half-hour timezones. - ZoneAlarm no longer starts up when the deskband is created at startup, if the "Show ZoneAlarm at startup" option is unchecked. - Adapter subnets by default are now _excluded_ from the local zone unless you check the checkbox to turn them on. This default mode is safer for cable-modem and DSL users, but requires LAN users to turn on the checkbox. Several bugs are fixed: - In some network environments, Windows 2000 would lose network connectivity after about 5-30 minutes. - ZoneAlarm's behavior under a flood attack could cause TrueVector to crash. - The Alerts panel would "freeze up" after startup. - The rules database (IAMDB.RDB) would grow by 512 bytes each time the TrueVector engine started, even though no data would be stored in the rules database. - A BSOD at startup under Windows NT4 SP3. 2.1.1 - The Traffic panel has been renamed to the Alerts panel, and it lets you view recent alerts and controls how you can log them to a file. - The "Show Alert Popup" checkbox has been moved from the Lock panel to the Alerts panel. If you've turned off the alerts popup, then you can restore it from the Alerts panel. - FTP active mode is granted permission to act as a server for the duration of a transfer. - Several spurious popups are corrected, particularly on Windows 95/98. - Several crashes and BSODs on Windows 9x and NT are fixed. 2.0.26 - In this version, server permissions are handled very differently, to improve usability: - A new server application always asks permission, rather than being denied access without user recourse. - Local servers, including local proxy servers like Norton Anti-Virus Email Protection (POPROXY) and most ad-blockers, always have permission to act as a server and to accept connections from the same computer (the local host). When they attempt to accept a connection from outside the local host, the user will be asked for permission to expand the service zone. - The installer installs ZoneAlarm into your "Program Files" folder, if you're not upgrading from a previous version located elsewhere. - This version fixes: - a number of driver crash bugs, BSODs and power-management problems, including: - slow boot up under Windows 2000 (accompanied by WMI error 54); - crashes and odd behavior under Windows 98, particularly with USB mice. 2.0.22 - This version fixes: - many crash bugs/"Blue Screens" in Windows 95, 98, and Windows NT/2000. - compatibility problems with CyberKit, NetMedic, and certain other ICMP-based tracing/pinging programs. - an occasional blocked connection and alert that would often block an image download, usually when visiting pages with more than 15-20 graphics images. - the STOP button on the deskband wouldn't engage/unengage the Internet Lock. - a crash in the installer, normally reported as a crash in VSUTIL.DLL, caused by running on Windows 95 with the first versions of WINTRUST.DLL (meaning, with no Internet Explorer updates). - inconsistency with the "run on startup" and "auto-check for updates" checkmarks on versions of Windows 95 without an "All Users" startup folder. - TrueVector service now starts up before other Internet servers (such as Microsoft IIS) and tracks/controls their traffic. 2.0.17 - This version fixes: - server programs on Windows 2000 would always be blocked by the firewall. This often led to system failures. 2.0.16 - This version fixes: - a system crash (Blue Screen) under Windows NT, particularly when starting and stopping the program often. - IDENT (port 113) requests are de-stealthed for a computer you're talking to (for example, an IRC or FTP server). This allows the server to confirm your IP address to permit IRC, FTP or other connections. Note that unless you're running an approved IDENT server, other hosts will still see your IDENT port as stealthy. - programs that would appear in the programs list but which never had Internet activity. 2.0.15 - This version fixes: - another set of spurious popups, particularly those related to ICMP and multicasts. - downloads of very big files via newsgroups. - a very common Blue Screen in Win95, when running a new program. 2.0.13 - This version fixes a large number of spurious popups when browsing commercial sites that use load balancing on multiple, closely numbered IP addresses. - This version no longer pops up a message when a commercial ad site attempts to elicit a response to indicate if you're still looking at the site. - If you are running the DeskBand toolbar, be sure to close it first, and then restart your computer, before upgrading. Simply closing the deskband does not make the Windows Shell unload it from memory, and you cannot overwrite the file with a new one if it is in memory. 2.0.11 - This version fixes a bug where ICQ would be blocked by the firewall at High security mode. The same problem may have affected other UDP-oriented programs. 2.0.10 - "Low" security behaves like ZoneAlarm 1.8.x - User registration data is now stored in the registry using an "obscured" format. - This version fixes a number of bugs: - On systems with large fonts, the ZoneAlarm window would not expand to show the entire panel contents, when opening a panel. - Shutting down while ZoneAlarm was iconic or hidden might cause it to come up improperly sized, and the programs list's first column would be collapsed. 2.0.2 - This version now tracks ICMP control activity through the TCP driver, so that programs like Ping, TraceRoute, and CyberKit will request permission to send ICMP packets. - There is a zone editor to let you modify the reach of the "Local Zone". To access the local zone editor, go to the Security panel and click the "Advanced" button. - This version includes significant changes to the popup message box, including navigation buttons to help you handle multiple error messages. - In previous versons of ZoneAlarm, TrueVector would default to permitting access to a program if it could not obtain a confirmation from the user. This typically occurred when ZoneAlarm was not running, such as when the system is at the Login screen. This behavior is now determined by the security level: at High and Maximum security levels, a program will be denied access to the Internet if it was previously unknown and ZoneAlarm is not currently running. - The programs list automatically filters out programs and versions that are no longer on your computer. - Only programs started after ZoneAlarm will appear in this list. - The minimize/close behavior has been changed to match that of most other Internet utilities. The new behavior is: - The minimize button now leaves ZoneAlarm as a minimized application on the shell toolbar. - The close button does what the minimize button did in previous versions--it hides the ZoneAlarm window and leaves only the icon in the system tray. - To completely shut down ZoneAlarm and remove it from memory (what the close button did in the previous version), right-click on the system tray icon and choose "Shutdown ZoneAlarm" This release fixes several problems: - several shutdown problems that can, over time, lead to rules-database corruption. - the installer/update sequence is much improved. - TrueVector would prevent SQL Server 7 from starting. 7. Known problems - 16-bit applications will always be blocked by the firewall in High security mode, on Windows 95A with WinSock 1.1 still installed. This can be fixed by installing WinSock 2, available from Microsoft. - 16-bit applications that access the Internet register under Windows NT as "NTVDM.EXE". You can only enable or disable permissions for 16-bit applications as a group. - If ZoneAlarm starts up and does not appear to be reporting on Internet activity, check the CONFIGURE panel. This panel reports the status and version of ZoneAlarm, the TrueVector Internet Monitor engine, and the TrueVector driver. - The access locks and permissions you set using ZoneAlarm continue to be enforced by the TrueVector Internet Monitor engine when the ZoneAlarm user interface is not running. This protects your computer when you're not logged on. - The tooltips on the Programs panel display in two colors, one for each column of information. The left column displays using the system tooltip text color; the right column displays using the system Highlighted Background color. You can set both of these colors in the Control Panel | Display | Appearance dialog box. - This version of ZoneAlarm is not compatible with routing software that runs on the same computer. These include Connection Sharing and NAT router software. - Build 2.1.18 and 2.1.25: Certain cable network installations may experience problems logging on with this version, as the computer attempts to renew its DHCP lease. Switching to "Low" security mode while logging on should work around the problem. - This version of ZoneAlarm MailSafe works with POP3 and IMAP mail clients. HTTP-based mail clients, such as for HotMail, are not supported. (C) Copyright 2000, Zone Labs, Inc.