|Academic Computing and Communications Center|
How to Use Zone Labs Integrity Desktop
|Opening and Closing the Integrity Desktop and Turning the Integrity On and Off|
You don't normally have to either turn on or turn off Integrity; by default, it installs automatically starting when you start up your computer and you'll want to keep it running to protect you all the time. But if you do want to turn it on or off, here's how.
After you start using Integrity, you'll see alerts pop up from time to time. Actually, you'll see a lot of them at the beginning.
Detailed description of the different type of logs is specified in the Help menu: Keyword: Event logging, Program Alerts, and Alert Informational.
Program Alerts occur when a program on your computer wants to access the Internet. The Program Alert will tell you which program it is. Click Yes to allow the program to access the Internet, No to block it. If you will always want to answer in the same way for that particular program, check Remember this answer the next time I use this program before you click Yes or No. For the first week or so that you're using Integrity Desktop you'll get a lot of Program Alerts, but they'll taper off pretty quickly.
Just to make your life a bit easier, here are two small bits of advise:
Usually, when you get a program alert you'll recognize the program that wants
to access the Internet -- OUTLOOK.EXE is obviously Outlook. Integrity will tell
you the name of the program and will give you a View Properties link
that will open the file's Properties, which tells you, among other things, when
it was created, what type of file it is, and who can use it.
And what if you don't know what it does even when it tells you what the name
of the program is? Use the Program Alert's Alert Advisor section; click More
Info. For example, I just got an alert from about the Generic Host Process
for Win32 Services. When I clicked More Info, it took me to a Zone
Labs Web page that told me what the program is and does, allowing me to
make a safe decision.
Sometimes Zone Labs doesn't know about a specific program. Usually a Google search for the .exe file or the .dll in question will give you the answer. Someone else will have already asked "My firewall asked me whether I should let blah.exe talk to the Internet" and you can use the answer they received.
Just type the name of the exe file (for example blah.exe) in Google's search box: http://www.google.com/
But don't worry; all the answers you give to a Program Alert are displayed in the Program Control section of the Integrity Desktop and you can change them whenever you want.
Personal Policy Alert
The other type of alert you'll see a lot of are Personal Policy alerts.
They just tell you that the firewall has protected your computer from a probe from the outside. You can just click OK to close them. And when you've seen enough of them and you don't want to see any more, click Don't show this dialog again. before you click OK. Closing the window or turning off the alerts doesn't turn off your firewall protection.
Have you ever wondered whether having a firewall would make any difference? Click Overview on the left side of the Integrity Desktop, and take a look at the Status tab after it's been running a few days. It lists the number of intrusions that the firewall has blocked since it was installed. I think you'll find it staggering. (Check out my Integrity Desktop above. I took that screenshot only 4 days after I installed Integrity.)
|The Overview Menu: Setting a Password and Backing Up and Restoring Integrity Settings|
The Overview menu, Preferences tab allows you to set a password for the Integrity Desktop. If you won't forget it, that's a good idea, so that other people who have access to your PC won't be able to change your security settings.
Overview is also allows you to Backup and Restore your Integrity settings,
which can be useful if you're upgrading Integrity or moving from one PC to another.
When your backup your Integrity settings, a file containing your current settings
will be saved in XML format. If you're just upgrading your Integrity, the easiest
place to put it is on your Windows desktop.
Here's how to save and reload your Integrity preferences.
|The Firewall Menu: Zones|
The Firewall section comprises the Main, Zones, and Expert tabs.
The default setting is to allow broadcast/multicast network traffic for both the Internet and the Trusted Zones.
To read more about the differences between these zones, refer to Integrity Desktop client Help menu: keyword Zones.
Finally, the Expert tab allows you to customize multilayered security settings in addition to the Zone security settings. By default no rules are set. With experience in network protocols and security settings, you can manipulate source and destination packets via source and destination ports according to protocol, date and time. The current default port permission setting is outlined in the Help menu: keyword Port Default Permissions.
|--UIC IP Address Preconfigurations|
The UIC Integrity client is pre-configured to trust
Note that these servers are all you need to use ACCC
|-- Filtering By Ports|
The Integrity Desktop Firewall security of High, which we recommend for the Internet Security Zone, blocks all network traffic except broadcast/multicast. You can, however, use the Custom Firewall Settings dialog to set Integrity up to specify allow types of traffic at specific "ports".
|The Program Control Menu|
This Program Control menu shows the set of applications and its components that are currently allowed to access your system.
The Main tab shows that the program control is set at default setting of Medium control which will ask for Internet access and Server rights for applications and have application components in a learning mode. Zone Labs, Inc. recommends the Medium setting for the first few days of normal use. This component learning mode enables Integrity Client to quickly learn the signatures of many frequently used components without interrupting your work with multiple alerts. Use this setting until you have used your Internet-accessing programs (for example, your browser, email, and chat programs) at least once with Integrity Client running. After you have used each of your programs that need Internet access, change your Program Control setting to High to minimize the number of alerts you will see.
The Program tab of this menu shows the access permission or server permission of application in your system. To know more about the difference between the two, check the Help menu: Keyword Permission Server.
Advanced users can specify the ports and protocols a particular program can use, the hosts it can access, and other details.
The Component tab shows the application components and their corresponding access permissions on your system. A guideline of when to allow access or deny access to application component is discussed in detailed in the Help menu: Keyword Component Loading Alert.
|--UIC Software Preconfigurations|
The UIC Integrity client is pre-configured to allow some common applications to access the network (Adobe Acrobat Reader, Internet Explorer, SSH Client, Ping, WS-FTP95).
|The Alerts and Logs Menu|
The Integrity Alerts and Logs menu Main tab allows you to set
options as to what levels of incidents you are alerted about and the Integrity
The default location for these Integrity logs is: C:\WINNT\Internet Logs\ZALog.txt
|Adding Trusted Servers or Zones|
The UIC Integrity client is preconfigured to trust many ACCC public servers, but you probably will want to add additional servers. A group that you probably will need are the UIC Bluestem servers, ness.uic.edu, ness1.uic.edu, and ness2.uic.edu. They will try to ping your machine when you login with Bluestem, and without adding these servers, Integrity will block their pings.
To add these servers:
In addition to its firewall, Integrity Desktop has a number of other interesting services. We just list them here. There is more information on all of them on the Desktop, and in the Integrity Help.
|-- The Privacy Menu|
On the Main tab, the Cookie Control option allows you to block cookies from Web sites. The High setting is a bit extreme, but I've used the Medium, and had very little problems with it. The Ad Blocking option lets you block pop-up, pop-under, and animated ads (that's the Medium setting), and, if you wish, also all banner ads. The Mobile Code Control option also allows you to turn off all "mobile code". (Not a good idea.) All of these options can also be customized if you want.
The Site List tab gives a list of the sites that you have listed in the current session along with the sites that you have specifically set privacy settings for.
The Cache Cleaner on the Cache Cleaner tab does what you'd think it would; cleaning your cache on a regular basis can speed your computer up.
|-- The E-Mail Protection Menu|
On the Main tab, Inbound File attachment Protection, can be On or Off.
Out bound E-mail protection, also can be On or Off. Make sure this is On. This makes sure that no program except those you approve can send outgoing email. This means that even if you do get a worm or a virus, it can't send email out because you wouldn't give it permission to send email. Would you?
You might want to click the Advanced button and check out the advanced options as well.
On the Attachments tab, there is a list of extentions and types of file that will be quarantined; you can either add or delete file types from the list.
|Integrity Desktop||Previous: Installing Integrity Desktop||Next: Using Mac OS X Built-In Firewall|