|
|
|
What's new in version 5.7
|
ZoneAlarm version 3 users
click here: Announcement
|
|
Whois - The problem with the ARIN whois server has been solved. It works even better now. VisualZone will now perform multiple queries to find additional information if available.
|
|
|
|
New Configuration Option:
Load VisualZone on startup - This new configuration option has been added to the Preferences tab in the VisualZone configuration window. In previous versions you were only offered the option to start VisualZone automatically, when you installed the software. You can now turn the option on and off from the configuration window.
|
|
Abuse Notification E-mail text - You can now change the default text of the Abuse Notification E-mail from the VisualZone configuration window. Choose Tools and Options from the menu and select the Miscellaneous tab. Click the Edit Text button to edit the default Abuse Notification E-mail text.
|
|
|
|
Backup and clear attack list - This function hasn't changed, only the description in the menu. The original description "Clear attack list" didn't make it clear that the ZoneAlarm log file would be backed up first. This menu option is more useful for ZoneAlarm version 2.x users. ZoneAlarm 3 archives its log file automatically. Unfortunately you cannot turn archiving off in ZoneAlarm version 3.x. VisualZone 6.0, scheduled for release later this year, will introduce a new log file manager which will compensate for ZoneAlarm's archiving feature. This will be especially useful for users of the free version of ZoneAlarm 3 because the free version archives its log file every day.
|
|
View last announcement - This new menu item has been added to the Help menu. It allows you to return to the last announcement web page that VisualZone received. In previous versions you had no option to return to an announcement unless you had bookmarked the web page. The new menu item automatically remembers the web address for you so you can return to it any time you want.
|
|
|
Miscellaneous:
Keyboard shortcuts - VisualZone now has a keyboard shortcut for almost all of its features. You can find out what the shortcuts are by browsing through the menu.
Backtrace and location information format - VisualZone 5.7 stores the backtrace and location information differently from previous versions. The new format is faster, but more importantly it uses significantly less disk space. Any existing information is automatically converted into the new format during Setup so you don't loose any data. Please note that Setup does not automatically remove the old information after the conversion has completed in case you still need it for whatever reason. If you decide you don't need the information anymore you can simply delete the "Whois" folder in the VisualZone program folder.
Automatically check for updates - The automatic update check feature now works differently. In previous versions, VisualZone would check for updates a few seconds after starting VisualZone. This was undesirable specifically for modem users because the "Dial-up" window would pop-up each time VisualZone was started and an Internet connection was not available. Version 5.7 will check for updates only if an Internet connection is already available so modem users can enable the 'check for updates' option too.
Windows 2000 and XP user accounts - VisualZone now stores its configuration and database files in folders that are compatible with Windows 2000 and XP's 'limited' user accounts. This prevents the access denied error (#5) when running VisualZone on Windows 2000 or XP while being logged in as a 'limited' user. Please note that VisualZone still needs access rights to the folder where ZoneAlarm stores its log file.
Splash screen - The VisualZone startup 'splash' window will now be disabled if the "Minimize to system tray on startup" option is enabled. You can also disable the splash screen completely by adding nosplash to the VisualZone command line.
'Close' command-line option - You can now close VisualZone from a batch file by adding the word close to the VisualZone command-line. The CloseVZ.exe program no longer works with VisualZone 5.7 or higher.
|
|
NOTE:
If you are currently running a previous version of VisualZone, do not uninstall it before installing version 5.7.
|
|
What was new in version 5.6
|
|
Clear attack list
This new option has been added to the "File" menu and allows you to archive the ZoneAlarm logfile and clear the VisualZone attack list.
Please use this option instead of the ZoneAlarm "Delete log" button. If you delete the log in ZoneAlarm, the logfile will be physically deleted and this will result in a warning message because VisualZone will not be able find the logfile. Clearing the attack list in VisualZone will backup your current logfile and prevent this warning from being displayed.
|
|
|
"VisualZone was unable to load the ZoneAlarm logfile!"
You now have the option to disable this warning if the ZoneAlarm logfile could not be found. The following checkbox has been added to this window. If you disable it, the warning will no longer be displayed:
If the logfile could not be found during import, "Not found!" will be displayed on the VisualZone status bar. In the mean time, VisualZone will look for the logfile at each auto-import interval. As soon as a new logfile is found, VisualZone will import the logfile and continue to monitor it for new attacks.
|
|
Backtrace
New Configuration Options:
These settings control what happens when you backtrace an IP address. You can select to run a full Backtrace or you can choose to run a safer partial Backtrace.
Previous versions of VisualZone already allowed you to run a backtrace automatically if a new attack was detected. But now you can specify if VisualZone should run a full or a partial backtrace.
|
|
|
|
This option has been added by the request of several users who want to be able to temporarily mute the alarm sound, for instance while watching a DVD or during a meeting. This option remains active until you close VisualZone or if you turn it off manually. The icon in the system tray will change to show that the Mute option is active.
|
|
Miscellaneous:
New Look
VisualZone 5.6 has a new "flat" look. This allowed us to shrink the size of the "Attack Details" and other windows just enough so that VisualZone will now run on a monitor with a resolution of 640x480.
Sorting IP addresses
VisualZone will now sort the Local and Intruder IP addresses on their numeric value instead of their text value (e.g. 212.x.x.x will be displayed after 62.x.x.x).
Very large ZoneAlarm logfiles
VisualZone will check the size of the ZoneAlarm logfile and warn you if the file is very large. A few users have reported logfiles in excess of 10 megabyte! Although VisualZone is able to cope with logfiles this large, it will take a very long time to complete the import procedure. This led some of these users to believe that VisualZone had locked up. To prevent this, a warning will be displayed if the logfile grows very large. When this happens, it is recommended that you use the new "Clear attack list" menu option to backup the logfile and start over.
Whois
VisualZone would sometimes choose the wrong Whois server for certain registrars in South America. This has been corrected.
|
|
|
What's New - This new button has been added to the VisualZone toolbar. It links to this webpage for easy access to the latest information about VisualZone.
|
|
What was new in version 5.5
|
|
New Configuration Option:
VisualZone groups identical attacks together and increases the value of 'Count' for each duplicate entry. This makes the attack list less cluttered and easier to read. Grouping of identical attacks is still the default, but now you can also choose to see each attack individually by disabling this option.
|
|
New Configuration Option:
"Default sort order on startup"
You can now choose the default sort order on startup. In previous versions, the default sort order was Number (e.g. "#"). A few users have indicated that they would like the Date field to be the default sort order, so we have made this configurable. You can now choose any of the predefined sort fields to act as the default sort order on startup.
|
|
Miscellaneous:
Bug in ZoneAlarm
We have discovered a bug in one of the recent versions of ZoneAlarm. The result is that on rare occasions, ZoneAlarm will write an entry in the logfile that starts with a number of spaces ("Null" characters). This would prevent VisualZone from importing the logfile past this entry. We have developed a workaround for this problem which enables VisualZone to import the logfile past this point.
DBISAM Engine Error
This issue is also documented in the VisualZone Frequently Asked Questions list. This error message can be caused for instance if your computer restarted due to a system crash or if you turned off your computer without shutting down first. This will prevent VisualZone from closing normally. On rare occasions, this can cause a problem with the VisualZone local database. In previous versions of VisualZone you would have to delete the database manually to fix the problem. Starting with version 5.5, VisualZone will now repair the error automatically.
Filter options
The value chosen for the "Is/Is Not" field in the filter options was not saved. This has been corrected.
Grouping of "ACCESS" type records
Records of type "ACCESS" would sometimes be grouped together incorrectly. This has been corrected.
Knock, knock...
A few users have complained that the "Knock-Knock" alert sound is too loud. For this reason, we have now included an extra sound file: "sKnock.wav" which produces the same sound but at half the volume. You can change the default sound by going to the "Configure VisualZone Report Utility" window, open the "Alarm" tab and click "Browse". Select the file sKnock.wav and click "Open".
|
|
What was new in version 5.4
|
|
New DShield Option:
You can now configure VisualZone to automatically submit reports once every 6 hours (this is the interval recommended by DShield for submitting reports).
|
|
|
WhoIs - The problem with the RIPE whois database server has been solved. It's now even faster then before.
|
|
|
Frequently Asked Questions - This new button has been added to the VisualZone toolbar. It links to a list of Frequently Asked Questions (FAQ). Some questions tend to pop up more frequently then others. We have compiled a list of the most frequently asked questions and made it accessible through this link.
|
|
Miscellaneous:
- The memory indicator on the status bar has been removed. It could cause an error message if a certain combination of software was running simultaneously.
- The spelling error (SMPT vs. SMTP) on the DShield configuration window has been corrected. A help text has been added to explain the function of the SMTP server name field.
- The spelling error (Gougle vs. Google) in the help text of the Google button on the toolbar has been corrected.
- The tray icon animation has been changed slightly. The "eye" remains visible, which makes it a little easier to click on the icon to stop animation.
- An icon has been added to the "Alarm" tab in the "Configure VisualZone Report Utility" window so you can preview the alarm sound you have chosen.
- The code for sending SMTP messages has been rewritten to improve error handling and to make it more robust. Also the option of using mail.dshield.org as the outgoing mail server has been added to allow users who have signed up with an Internet Service Provider who doesn't support SMTP, to submit reports to DShield.
NOTE: Using mail.dshield.org instead of your own SMTP server disables the option of sending a copy of the report to your own E-mail address.
|
|
What was new in version 5.3
|
|
|
|
|
DShield (Distributed Intrusion Detection System)
DShield is a free and open service that collects logfile entries from firewalls all over the world. The data is filtered, summarized and catalogued and when certain thresholds are reached, DShield automatically sends Abuse Notifications to the appropriate Internet Service Providers. This has a much greater impact than sending Abuse Notifications yourself, since the evidence produced by DShield contains data on the intruder from many different firewalls.
DShield also acts as an early warning system for new types of intrusions like trojans, worms and viruses. So by using DShield it's not just you who profits from using it, it's the entire internet community!
Submitting intrusions to DShield is the preferred way of reporting attacks!
The Abuse Notification feature found in previous versions of VisualZone will be discontinued in the future. For the time being, the feature remains available, but only through the Attack Details window. It should NOT be used unless you feel it is absolutely necessary, for instance if you are being attacked multiple times from the same source and the hack attempts are particularly severe (and even then you could choose to use DShield instead).
|
|
|
*NOTE: Signing up for DShield is voluntary.
You are not required to subscribe to DShield. You won't loose any functionality in VisualZone if you don't, except that you will not be able to submit intrusions to DShield.
|
|
|
|
|
|
advICE, Tantalo and SecurityStats - These three new buttons have been added to the Details tab in the Attack Details window. You can use these services to find additional information on the port that was targeted during the attack.
|
|
|
'Today' filter - We have had many requests for this little feature. If you click the Today button, the attacklist will be filtered to show only intrusions that have been detected today. To return to normal view, simply click the button again.
|
|
What was new in version 5.2.1
Uninstall - This long overdue feature has finally been added to VisualZone Report Utility. Previous versions of VisualZone had to be "uninstalled" by manually deleting the VisualZone program folder and the VisualZone shortcuts from the desktop and the Start menu. Starting with version 5.2.1, VisualZone adds itself to the Windows "Add/Remove Programs" list accessible from the Control Panel. This makes uninstalling VisualZone easier and more intuitive.
|
|
What was new in version 5.2
Bug Fixed - A problem has been solved that prevented VisualZone from importing entries from the ZoneAlarm logfile that did not include "Transport" information.
Bug Fixed - A problem caused VisualZone to report the incorrect GMT time zone offset in the abuse notification E-mail when going from daylight saving time to standard time. This has been fixed. The contents of the GMT column has been changed as well. It now contains the time offset to GMT time.
Abuse Notification - The layout of the abuse notification has been changed to comply with the requirements of certain ISP's.
|
|
What was new in version 5.1
|
|
New Configuration Options:
"Close button minimizes to system tray"
Although most users want the Close button to minimize VisualZone to the system tray, a few users have indicated they prefer the button to close the program. To statisfy both, we have made this configurable.
|
|
"Include non-attack records in the attack list"
By default, VisualZone only displays attack records (e.g. FWIN, FWOUT and FWROUTE). Some users have indicated that they would like to be able to see the non-attack entries as well (e.g. ACCESS, PE, MS). If you enable this option, VisualZone will recreate its database from scratch and import the ZoneAlarm logfile including all records, both attack and non-attack entries.
|
|
|
Configuration Settings - A bug has been corrected that prevented VisualZone from saving any changes to the configuration settings if Windows was restarted without shutting down VisualZone first.
|
|
VisualZone Report Utility: Key features
|
|
|
Backtrace - Backtrace is a powerful information gathering tool.
The backtrace function starts by doing a reverse lookup on the intruder's IP address to find its DNS name. The reverse lookup is usually successful, but not always. Backtrace then tries to establish a direct connection to the intruder's PC to find additional information like the Node, Workgroup, Domain and Netbios names and the MAC address of the intruder's PC. The backtrace will not always be succesfull. Some of the information needs to be coughed up voluntarily by the intruder's PC.
READ THIS:
Immediately after installing VisualZone, you'll notice that the columns "Intruder Name", "DNS", "Node", "Workgroup", "Domain", "Netbios" and "MAC" are empty. This is normal!
VisualZone does not backtrace existing intrusions when importing the ZoneAlarm logfile since doing so could take hours for just a few hundred intrusions. Also, performing a backtrace on older intrusions is unreliable since the intruder may have a different IP address and the old IP address may be in use by someone else. However, if you want, you can perform the backtrace manually on older intrusions by selecting the intrusion and clicking on the Backtrace button, either on the toolbar or in the "Attack Details" view.
|
|
|
Abuse notification - If you have had enough of a hacker, you probably want to report his behaviour to the proper authorities. VisualZone makes this easy. Simply select the hacker you wish to report and click the "Abuse Notification" button. VisualZone will automatically prepare an E-mail containing detailed information about all hacks attempted by the intruder.
|
|
|
Who Is - If you decide to report a hacker, you should do so to the Internet Service Provider of the hacker. To find out who that Internet Service Provider is, open the attack details form and choose "WhoIs". Then click on the "WhoIs" button and VisualZone will instantly report all available information about the owner of the IP address. This information usually includes a special E-mail address for reporting hack attempts for you to send the abuse notification to.
|
|
|
Geographical Location Information - VisualZone has a really cool lookup feature that displays a map of the part of the world where the intruder is located.
|
|
|
HTTP - VisualZone can try to establish a direct HTTP connection to the IP address of the attacker. If the intruder has a webserver running, you'll be able to contact it making it very likely that you'll be able to identify who he is.
|
|
|
FTP - Similar to the HTTP feature, VisualZone can also try to establish a direct FTP connection to the IP address of the attacker. Many hackers have FTP servers running and although most will be password protected, many times you'll be able to find out more even by just looking at the reject message!
|
|
|
SPAMCOP.NET Lookup - This service allows you to gather more information about the intruder. Spamcop can function as an alternative to the WhoIs feature of VisualZone. In some cases the information about a particular IP address is unavailable on the WhoIs server. You can try the Spamcop lookup service to find out if there is any additional information that VisualZone may have missed.
|
|
|
Google Groups search - Want to know more about a hacker? Click on the link to the Google Groups search website and enter some information about the hacker, for instance his name. If at any time in the past, this hacker has ever posted a message in any newsgroup, you will know his E-mail address! You could warn the hacker directly to stay away from your PC. You can also read his messages and even post a reply exposing the hacker to the world!
This was originally the DejaNews function. In February 2001, Google acquired DejaNews. Luckily they continued this great service, however they dropped the ability to search for IP addresses which will make it a bit more difficult to find information about an intruder.
|
Toolbar - A fully customizable toolbar with direct easy access to all features of VisualZone.
|
Sorting - You can sort the list of intrusions in many different ways. The sort order is also used by the reporting facility so you can print reports in any order you wish.
|
|
Import - VisualZone uses "SynchronICE 2.0" to keep it's database in sync with the ZoneAlarm logfile. SynchronICE uses a highly optimized and very fast algorithm for determining what records need to be updated. A complete rebuild is not required to keep VisualZone's database in perfect sync with ZoneAlarm's logfile.
|
|
Reports - VisualZone includes powerful reporting features for keeping lists of hack attempts and intruder details.
|
|
Filter - Information can be filtered to your requirements. Any field can function as a filter field and with the powerful boolean conditions, you can quickly get a list of attacks that you wish to investigate further. You can also use a filtered list for printing reports, so that only those records get printed that you want.
|
|
Find - You can search the intrusion database on any field. Searches can be case sensitive or not and you can specify whether to search for complete fields or only partial data.
|
|
|
Version Check - This service allows you to quickly check for new versions of the software. It will also check for important announcements and will alert you if there are. All this is done without sending any information to Visualize Software of course!
Just click on the "New" button on the toolbar and within a few seconds you'll know if there is any important information regarding VisualZone that you should know about.
|
|
|
Configuration - VisualZone has many configuration options. You can customize almost every aspect of the program to your liking. And it doesn't even stop there. You can reorder the columns for instance by dragging the title field of a column to a different position. In a similar way you can also resize any column to you liking. You can glue the menu and any toolbar to any side of the VisualZone window and you can even make toolbars free-floating. Everything you change will automatically be remembered the next time you start VisualZone.
|
|
ShieldsUP - "Without your knowledge or explicit permission, the Windows networking technology which connects your computer to the Internet may be offering some or all of your computer's data to the entire world at this very moment! ShieldsUP quickly checks the security of your computer's connection to the Internet." This great service is provided by Steve Gibson, internet guru and maintainer of the www.grc.com website.
ShieldsUP will test how well ZoneAlarm is protecting you by scanning your PC for open ports. ZoneAlarm will report these scans as possible hack attempts. They are NOT!
Never send abuse notifications about alerts originating from the ShieldsUP service!
|
|
