How to Use Zone Labs Integrity Desktop

Zone Labs Integrity Desktop Think you don't need a firewall? I installed Integrity only 4 days before I took this screen shot. In that time, it blocked 750 intrusions, of which 103 were high-rated. The green and red bars at the top of the Integrity window vary with the amount of traffic to and from the Internet. Click the red stop button to shut of communications with the Internet immediately. Click on the yellow padlock to turn on and off the Internet Lock. When the Internet Lock is on, your PC is not visible on the Internet. Beside the padlock are icons for the programs that were communicating with the Internet at the time that I took the screenshot. I was using Eudora, Netscape, Yahoo Messenger, and Dreamweaver, respectively. If you don't know what one of the icons represents, point your cursor to it and Integrity will tell you.

You don't normally have to either turn on or turn off Integrity; by default, it installs automatically starting when you start up your computer and you'll want to keep it running to protect you all the time. But if you do want to turn it on or off, here's how.

To open the Integrity Desktop:

When Integrity is running, to open the Integrity Desktop, all you have to do is double-click on the Integrity icon in the Windows System Tray at the right-hand side of the Windows taskbar at the bottom of your screen. When your PC is not communicating with the Internet, the Integrity icon is a stylized lowercase letter i, with a blue bottom and a red triangle dot. (It's in the upper left-hand corner of the Integrity Desktop window above.) When you are communicating with the Internet, there are two sets of bars; the green bars are incoming communications, the red bars are outgoing communications. (These same bars are in the Integrity Desktop.)

To close the Integrity Desktop:

Click the Windows X close button at the upper right of the the window. This does not turn Integrity off.

To turn Integrity on:

By default, Integrity installs with its firewall launched automatically when you boot your computer. You can start it by hand with Start -> Programs -> Zone Labs -> Integrity Client

To turn Integrity off:

Right-click on the Integrity icon in the Windows System Tray at the right-hand side of the Windows taskbar at the bottom of your screen. (A lowercase letter i or a set of red and green bars.) Select Shut down Zone Labs Integrity Desktop.

After you start using Integrity, you'll see alerts pop up from time to time. Actually, you'll see a lot of them at the beginning.

Detailed description of the different type of logs is specified in the Help menu: Keyword: Event logging, Program Alerts, and Alert Informational.

Program Alerts

Program Alerts occur when a program on your computer wants to access the Internet. The Program Alert will tell you which program it is. Click Yes to allow the program to access the Internet, No to block it. If you will always want to answer in the same way for that particular program, check Remember this answer the next time I use this program before you click Yes or No. For the first week or so that you're using Integrity Desktop you'll get a lot of Program Alerts, but they'll taper off pretty quickly.

Just to make your life a bit easier, here are two small bits of advise:

• Click Remember this setting and Allow to when it asks you about Services and Controller app.
• Click Remember this setting and Allow to when it asks you about Spooler Subsystem App.

Usually, when you get a program alert you'll recognize the program that wants to access the Internet -- OUTLOOK.EXE is obviously Outlook. Integrity will tell you the name of the program and will give you a View Properties link that will open the file's Properties, which tells you, among other things, when it was created, what type of file it is, and who can use it.

And what if you don't know what it does even when it tells you what the name of the program is? Use the Program Alert's Alert Advisor section; click More Info. For example, I just got an alert from about the Generic Host Process for Win32 Services. When I clicked More Info, it took me to a Zone Labs Web page that told me what the program is and does, allowing me to make a safe decision.

Sometimes Zone Labs doesn't know about a specific program. Usually a Google search for the .exe file or the .dll in question will give you the answer. Someone else will have already asked "My firewall asked me whether I should let blah.exe talk to the Internet" and you can use the answer they received.

Just type the name of the exe file (for example blah.exe) in Google's search box: http://www.google.com/

But don't worry; all the answers you give to a Program Alert are displayed in the Program Control section of the Integrity Desktop and you can change them whenever you want.

Personal Policy Alert

The other type of alert you'll see a lot of are Personal Policy alerts.

They just tell you that the firewall has protected your computer from a probe from the outside. You can just click OK to close them. And when you've seen enough of them and you don't want to see any more, click Don't show this dialog again. before you click OK. Closing the window or turning off the alerts doesn't turn off your firewall protection.

Have you ever wondered whether having a firewall would make any difference? Click Overview on the left side of the Integrity Desktop, and take a look at the Status tab after it's been running a few days. It lists the number of intrusions that the firewall has blocked since it was installed. I think you'll find it staggering. (Check out my Integrity Desktop above. I took that screenshot only 4 days after I installed Integrity.)

The Overview menu, Preferences tab allows you to set a password for the Integrity Desktop. If you won't forget it, that's a good idea, so that other people who have access to your PC won't be able to change your security settings.

Overview is also allows you to Backup and Restore your Integrity settings, which can be useful if you're upgrading Integrity or moving from one PC to another. When your backup your Integrity settings, a file containing your current settings will be saved in XML format. If you're just upgrading your Integrity, the easiest place to put it is on your Windows desktop.

Here's how to save and reload your Integrity preferences.

1. On the Overview menu/Preference tab, use the Backup button (above) to backup current security settings.
2. Save the XML file it creates on your desktop.
3. Uninstall the current client.
4. Install the new client.
5. Then on the Overview menu/Preference tab, use the Restore button and point to your saved XML file.

1. Open the Integrity Desktop: Double-click the Integrity i icon or the green and red bars in the Windows System Tray in the Windows taskbar at the bottom of your monitor.
2. Click on Firewall on the left side of the Integrity Desktop.

The Firewall section comprises the Main, Zones, and Expert tabs.

• The Main Firewall tab allows you to manipulate the Internet Zone, the Trusted Zones, and the Blocked Zones. The default settings for these zones are as follows:
  Internet Zone Security is set HIGH, where your system is hidden and protected from all traffic in the Internet.
• Trusted Zone Security is set to MEDIUM. Medium setting allows sharing mode among Trusted Zones.
• And finally there are no pre-configured Blocked Zones configured.

The default setting is to allow broadcast/multicast network traffic for both the Internet and the Trusted Zones.

To read more about the differences between these zones, refer to Integrity Desktop client Help menu: keyword Zones.

Finally, the Expert tab allows you to customize multilayered security settings in addition to the Zone security settings. By default no rules are set. With experience in network protocols and security settings, you can manipulate source and destination packets via source and destination ports according to protocol, date and time. The current default port permission setting is outlined in the Help menu: keyword Port Default Permissions.

The UIC Integrity client is pre-configured to trust

• the UIC West side server IP range (5 subnet)
• ACCC Novell servers (subnet),
• ACCC Netware servers (IP range),
• and ACCC Keyserver servers (IP range).

Note that these servers are all you need to use ACCC Server Services.
Don't turn the Internet Block on when you're using Server Services.

The Integrity Desktop Firewall security of High, which we recommend for the Internet Security Zone, blocks all network traffic except broadcast/multicast. You can, however, use the Custom Firewall Settings dialog to set Integrity up to specify allow types of traffic at specific "ports".

1. Open the Integrity Desktop: Double-click the Integrity i icon or the green and red bars in the Windows System Tray in the Windows taskbar at the bottom of your monitor.
2. Click on Firewall on the left side of the Integrity Desktop, then click the Main tab.
3. Click either of the two Custom buttons.
4. On the Custom Firewall Settings dialog, there are tabs for the Internet Zone and the Trusted Zone. Check all types off traffic that you want to allow in either zone. If you want to allow traffic from specific ports, check Allow incoming UDP Ports: as shown in the figure below, and type the port numbers or ranges, separated by commas, that you want to allow in the box provided.
   
5. When you're finished, click the Apply button, then click OK.

1. Open the Integrity Desktop: Double-click the Integrity i icon or the green and red bars in the Windows System Tray in the Windows taskbar at the bottom of your monitor.
2. Click on Program Control on the left side of the Integrity Desktop

This Program Control menu shows the set of applications and its components that are currently allowed to access your system.

The Main tab shows that the program control is set at default setting of Medium control which will ask for Internet access and Server rights for applications and have application components in a learning mode. Zone Labs, Inc. recommends the Medium setting for the first few days of normal use. This component learning mode enables Integrity Client to quickly learn the signatures of many frequently used components without interrupting your work with multiple alerts. Use this setting until you have used your Internet-accessing programs (for example, your browser, email, and chat programs) at least once with Integrity Client running. After you have used each of your programs that need Internet access, change your Program Control setting to High to minimize the number of alerts you will see.

The Program tab of this menu shows the access permission or server permission of application in your system. To know more about the difference between the two, check the Help menu: Keyword Permission Server.

Advanced users can specify the ports and protocols a particular program can use, the hosts it can access, and other details.

The Component tab shows the application components and their corresponding access permissions on your system. A guideline of when to allow access or deny access to application component is discussed in detailed in the Help menu: Keyword Component Loading Alert.

The UIC Integrity client is pre-configured to allow some common applications to access the network (Adobe Acrobat Reader, Internet Explorer, SSH Client, Ping, WS-FTP95).

1. Open the Integrity Desktop: Double-click the Integrity i icon or the green and red bars in the Windows System Tray in the Windows taskbar at the bottom of your monitor.
2. Click on Alerts and Logs on the left side of the Integrity Desktop.

The Integrity Alerts and Logs menu Main tab allows you to set options as to what levels of incidents you are alerted about and the Integrity logs.

The default location for these Integrity logs is: C:\WINNT\Internet Logs\ZALog.txt

The UIC Integrity client is preconfigured to trust many ACCC public servers, but you probably will want to add additional servers. A group that you probably will need are the UIC Bluestem servers, ness.uic.edu, ness1.uic.edu, and ness2.uic.edu. They will try to ping your machine when you login with Bluestem, and without adding these servers, Integrity will block their pings.

To add these servers:

1. Open the Integrity Desktop: Double-click the Integrity i icon or the green and red bars in the Windows System Tray in the Windows taskbar at the bottom of your monitor.
2. Click on Firewall on the left side of the Integrity Desktop, then click the Zones tab.
   
3. Click the Add>> button, then click Host/Site. Fill in the Host/Site address dialog box for each of the ness servers: type the host name in the host name fields and a description in the Description field. Click Lookup and Integrity will put the IP address in the bottom box. Then click OK to add it to the Trusted zone.
   
   
4. Repeat for the two Keyservers.
5. In the Integrity Desktop, click the Apply button.
6. Click the X button to close the Integrity Desktop.

In addition to its firewall, Integrity Desktop has a number of other interesting services. We just list them here. There is more information on all of them on the Desktop, and in the Integrity Help.

1. Open the Integrity Desktop: Double-click the Integrity i icon or the green and red bars in the Windows System Tray in the Windows taskbar at the bottom of your monitor.
2. Click on Privacy on the left side of the Integrity Desktop.

On the Main tab, the Cookie Control option allows you to block cookies from Web sites. The High setting is a bit extreme, but I've used the Medium, and had very little problems with it. The Ad Blocking option lets you block pop-up, pop-under, and animated ads (that's the Medium setting), and, if you wish, also all banner ads. The Mobile Code Control option also allows you to turn off all "mobile code". (Not a good idea.) All of these options can also be customized if you want.

The Site List tab gives a list of the sites that you have listed in the current session along with the sites that you have specifically set privacy settings for.

The Cache Cleaner on the Cache Cleaner tab does what you'd think it would; cleaning your cache on a regular basis can speed your computer up.

1. Open the Integrity Desktop: Double-click the Integrity i icon or the green and red bars in the Windows System Tray in the Windows taskbar at the bottom of your monitor.
2. Click on E-mail Protection on the left side of the Integrity Desktop.

On the Main tab, Inbound File attachment Protection, can be On or Off.

Out bound E-mail protection, also can be On or Off. Make sure this is On. This makes sure that no program except those you approve can send outgoing email. This means that even if you do get a worm or a virus, it can't send email out because you wouldn't give it permission to send email. Would you?

You might want to click the Advanced button and check out the advanced options as well.

On the Attachments tab, there is a list of extentions and types of file that will be quarantined; you can either add or delete file types from the list.