|
When I try to use the WhoIs feature I get an error message "No match found for...". What's wrong?
The American Registry for Internet Numbers (www.arin.net) has made significant changes to the whois database. The new format is not compatible with older versions of VisualZone. To correct the problem, please download and install VisualZone version 5.7.
VisualZone used to work just fine but now it seems to have stopped working. It hasn't reported any new intrusion information for some time now although I'm sure ZoneAlarm has stopped several connection attempts. I'm running ZoneAlarm version 3. What's wrong?
There is nothing wrong with VisualZone. The problem is ZoneAlarm. We have had many reports about this problem since the release of ZoneAlarm version 3. There is a bug in ZoneAlarm that will cause its database to become corrupt. When this happens ZoneAlarm will stop logging information about new intrusions to its log file. This usually happens after you install ZoneAlarm 3 or upgrade to a new release, but it can also happen after you restart your computer. This problem is also mentioned on the ZoneLabs web site. ZoneLabs recommends that you uninstall ZoneAlarm, delete all files in the Internet Logs folder and reinstall ZoneAlarm. But we have been able to narrow it down to one specific file (IAMDB.RDB). Here is an easier way to solve the problem:
- Shut down ZoneAlarm
- Open the folder C:\Windows\Internet Logs
(or C:\WinNT\Internet Logs if you're running Windows NT or 2000).
- Delete the file IAMDB.RDB
- If the file BACKUP.RDB exists delete that file as well
- Restart your computer
- Start ZoneAlarm (the file IAMDB.RDB will automatically be recreated)
Please note that most of ZoneAlarms configuration settings will return to default so you may want to make a note of your current settings. Also make sure to verify the suggestions on the announcement web page: http://www.visualizesoftware.com/visualzone/20020311.htm
Run the ShieldsUp test to verify that everything is working correctly:
- Start VisualZone
- Choose Tools and ShieldsUp service from the menu
- On the ShieldsUp web page click Probe my Ports
This should trigger a couple of alerts in ZoneAlarm that should also show up in the VisualZone attack list.
Do I need to uninstall my existing version of VisualZone before I install the new version?
No, you do not need to uninstall the previous version. In fact it is better to install the new version over the existing one. That way your current configuration settings remain in tact.
Why do I get an "Abort, Retry, Ignore" error when I try to install VisualZone?
The most likely cause of this error is that the previous version of VisualZone is still running. You need to close VisualZone before running Setup to install the new version.
VisualZone tells me I need to configure DShield before I can submit reports. How do I do that?
From the menu in VisualZone choose "Tools" and "Options...". In the "Configure VisualZone Report Utility" window, click on the "DShield" tab. Now click on the "Signup" button and follow the instructions.
I am trying to configure DShield. What should I put into the "Outgoing mail (SMTP)" field?
The SMTP server name is the name of the outgoing mail server (SMTP server) of your Internet Service Provider. The name of the SMTP server should have been given to you by your Internet Service Provider when you signed up for their services.
Usually the name of the SMTP server is something like this:
For example, if the name of your Internet Service Provider is Myprovider.com, then chances are that the name of their SMTP server is something like smtp.myprovider.com (or something similar), but you will have to check the information from your Service Provider to make sure.
If you cannot find the information you're looking for, you may be able to find it by looking at the settings of your E-mail account in the software you use to send E-mail.
For example, if you use Outlook Express you could try to find the information by choosing "Tools" and "Accounts" from the menu. Click on your E-mail account and then click on the "Properties" button. Select the tab labelled "Servers". The "Outgoing Mail (SMTP)" name should be listed there. You can Copy&Paste the name to the DShield settings in VisualZone.
NOTE: If you cannot get DShield submission to work properly, for instance if your Internet Service Provider does not support SMTP, you can use mail.dshield.org as an alternative. However, if you use mail.dshield.org as the outgoing mail server, the option to send a copy of the report to your own E-mail address will be disabled.
I'm trying to send an Abuse Notification E-mail, but VisualZone tells me that "MAPI Services" are not available on my PC?
MAPI (Message Application Programming Interface) is a Windows standard that allows programs to interface with E-mail client software. Outlook Express, Outlook 97, Outlook 2000, Netscape Communicator etc. are all E-mail client software that are compatible with the MAPI standard. VisualZone uses MAPI to create the Abuse Notification E-mail.
If you receive this error, this means that Windows was unable to execute the MAPI services (this is a problem of Windows and/or your E-mail software, not VisualZone). This can happen for instance if you installed a program that is MAPI compatible, then uninstalled it because you decided you didn't want to continue to use it. Sometimes the original E-mail software is not restored as the default MAPI client after the uninstall. This is just an example. There are other reasons why this could have happened.
You will have to make your current E-mail software the default MAPI client again. Normally this is done during the installation of the software, so you may have to uninstall / reinstall that software to get it working again. Maybe you can check the helpfile of the E-mail software you use to see if it mentions anything about MAPI.
Everything was working fine, but now if I start VisualZone, I get a DBISAM engine error. What should I do?
This problem can be caused for instance if your computer restarted due to a system crash or if you turned off your computer without shutting down first. This will prevent VisualZone from closing normally. On rare occasions, this can cause a problem with the VisualZone local database. The solution is easy though. First close VisualZone if it is still running. Then double click on the "My Computer" icon on your Windows desktop, go to the VisualZone program folder (e.g. C:\Program Files\VisualZone) and delete the files VisualZone.DAT and VisualZone.IDX. Now start VisualZone and everything should run normally again.
Note: Starting with version 5.5, VisualZone will try to repair the local database automatically if this error occurs. But if it fails for whatever reason you can still use the procedure described above to fix the problem.
I noticed that Windows 95 is not in the list of supported Windows versions. Will it run anyway?
The very first original Windows 95 was shipped with an older Winsock version. A few VisualZone features require Winsock version 2.0 or higher. This is why Windows 95 isn't listed. However, we have found that VisualZone will run on the following Windows 95 installations:
1. Windows 95 with Service Pack 1 installed.
2. Windows 95 OSR2 with Service Pack 1 installed.
OSR2 was the first Windows version that included USB support, but it was only available as an OEM product.
3. Windows 95 with Internet Explorer 5.0 or higher (a newer Winsock version is included with this update).
If neither of these installations apply to you, you can also upgrade your Winsock version manually. Please follow these links for more information:
Click here for more details.
Click here to download the update.
Disclaimer: This update is supplied to you by Microsoft. It does not carry any warranty from Visualize Software of any kind!
I noticed that Windows XP is not in the list of supported Windows versions. Will it run anyway?
Windows XP is not supported officially (yet). However, we have done some preliminary testing and it appears to run normally. These tests were not extensive enough though to warrant the inclusion of XP in the list of supported Windows versions. There are many Windows XP users who run VisualZone without any problems. Up till now we have had only two reports from Windows XP users. Both indicated that they were unable to restart Windows when VisualZone was running. However, we have tested this and it works just fine here, so whatever the cause, it is not directly related to XP. Also, one of these users later reported that the problem was solved although he is still using XP. (Unfortunately he didn't know what he had done to resolve the issue). Other then this we are not aware of any problems with XP.
I'm using a modem. How can I prevent VisualZone from trying to connect to the Internet each time it starts?
By default, VisualZone is configured to automatically check to see if a new version of the software is available. If you're using a dial-up connection to the Internet, this will cause VisualZone to pop-up the "Dial-up Connection" window once a day. You can disable the automatic version check by choosing "Tools" and "Options..." from the menu. In the "Configure VisualZone Report Utility" window, disable the option "Automatically check for updates".
My logfile is very large. What should I do?
How can I clear the attack list in VisualZone?
Each time an intrusion is detected, a new line is written to the ZoneAlarm logfile. If left unmanaged, the logfile can eventually grow to enormous sizes. We have had reports of users who have logfiles in excess of 10 megabyte! Although VisualZone can handle logfiles of this size, it will take a very long time to complete the import procedure. VisualZone will therefore display a warning if the logfile grows very large. When this happens it is recommended that you backup the ZoneAlarm logfile and clear the attack list.
To clear the attack list, choose "File" > "Clear attack list" from the menu in VisualZone. This will create a backup of the ZoneAlarm logfile and create a new empty one (this will prevent the warning that would otherwise be displayed). If you have subscribed to DShield, VisualZone will also check if there are any intrusions in the attack list that have not yet been submitted. You can then choose whether or not these should be submitted before the attack list is cleared.
Will you add the ability to show the "Severity" of an attack, for instance using different colors?
We have indeed been thinking about a way to do this. The problem however is that for a true threat assessment, VisualZone would need to analyse the actual data from the connection that ZoneAlarm blocked. Unfortunately, as soon as ZoneAlarm blocks the traffic the data is lost, so VisualZone never gets to "see" the real evidence. This leaves only the "circumstantial" evidence like the target port number. What you see in other log analysers is that the treat assessment is based purely on the port that was targeted during the attack. This isn't really fair however because many (most) ports are used for both normal as well as malicious traffic. But without the actual data it is impossible to distinguish between the two. So an indication of the severity is just a calculated guess at best. And guessing can lead to the wrong conclusion, which may be even worse than no severity indication at all because it will prevent the possibility of a user feeling "safe" when in fact he/she isn't.
So, until we can find a reliable way to figure out how to assess the real severity of an attack, we will not introduce such a feature. We are however working on this. In fact it ranks second on our list of features we would like to add in a future version of VisualZone and we're confident that we'll be able to come up with a solution.
Is there a helpfile, manual or tutorial available for VisualZone?
No, not yet. We are planning an online help file in a future version of VisualZone. If you have any questions about VisualZone and cannot find the answer in this list of Frequently Asked Questions, please send an E-mail to support@visualizesoftware.com
Do you take requests for new features in future versions?
Absolutely! We wholeheartedly invite everyone to send us any suggestions that could improve the software.
Is VisualZone Report Utility really free?
Yes, VisualZone Report Utility is absolutely free for everyone. The only restrictions are listed in the "Software License Agreement".
I have a question but it is not listed here. What should I do?
Any questions you have that are not answered in this list of Frequently Asked Questions, you can send to support@visualizesoftware.com
|
