Zone alarm giving false alert?

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I just installed sims 2 bodyshop for a new game coming out in
september. Every time i run the program zone alarm asks for permision
to let the program access the internet. I have asked others who have
downloaded the program but they say it never tries to access the
internet. I checked for viri and trojans and spyware but there was
nothing. I downloaded a new copy of the program and installed it
but the same thing is happening. Even a starter pack I downloaded
tried to get out after I installed it for the program. Could zone
alarm pro be giving a false alert? The two sources I got the program
from, thesims2ea.com and gamespot are both reputable places.

Tom

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

Hi Tom, Does the program have an option to check for updates
automatically? charlie R


"Tom Whitehead" <not@here.com> wrote in message
news:h6taa0hllqa1r527h5hmr20jrek5ffkec0@4ax.com...
>
>
> I just installed sims 2 bodyshop for a new game coming out in
> september. Every time i run the program zone alarm asks for
permision
> to let the program access the internet. I have asked others who have
> downloaded the program but they say it never tries to access the
> internet. I checked for viri and trojans and spyware but there was
> nothing. I downloaded a new copy of the program and installed it
> but the same thing is happening. Even a starter pack I downloaded
> tried to get out after I installed it for the program. Could zone
> alarm pro be giving a false alert? The two sources I got the
program
> from, thesims2ea.com and gamespot are both reputable places.
>
> Tom

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Fri, 14 May 2004 20:28:13 -0500, "charlie R"
<welpctSKIPME@psci.net> wrote:

>Hi Tom, Does the program have an option to check for updates
>automatically? charlie R
>
>
>"Tom Whitehead" <not@here.com> wrote in message
>news:h6taa0hllqa1r527h5hmr20jrek5ffkec0@4ax.com...
>>
>>
>> I just installed sims 2 bodyshop for a new game coming out in
>> september. Every time i run the program zone alarm asks for
>permision
>> to let the program access the internet. I have asked others who have
>> downloaded the program but they say it never tries to access the
>> internet. I checked for viri and trojans and spyware but there was
>> nothing. I downloaded a new copy of the program and installed it
>> but the same thing is happening. Even a starter pack I downloaded
>> tried to get out after I installed it for the program. Could zone
>> alarm pro be giving a false alert? The two sources I got the
>program
>> from, thesims2ea.com and gamespot are both reputable places.
>>
>> Tom

No, it's a program that was put out by the people who made the sims
game. It is a one time program to make sims characters until the sims
2 game comes out in september. It's kind of a promotional program The
full game will have the editor built in. It does have a feature to
upload the sim characters you create to their showcase web page.
That feature has to be clicked on before it will upload though. Zone
alarm gives an alert just starting the editor. So far no one else has
reported having this problem. Zone alarm pro displays "repeat program
do you want to allow TS2BodyShop.exe to access the internet?
Destination IP: 151.164.14.201:dns. I think the destination dns is
my internet servive provider sbcglobal.

Tom

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Sat, 15 May 2004 03:22:27 GMT, Tom Whitehead <not@here.com> wrote:

>On Fri, 14 May 2004 20:28:13 -0500, "charlie R"
><welpctSKIPME@psci.net> wrote:
>
>>Hi Tom, Does the program have an option to check for updates
>>automatically? charlie R
>>

I just tried this, I connected to the internet and typed netstat
and got 64.62.252.134:8098.
Then I started body shop and let it through. Typed netstat again
and it added crl.microsoft.com:http established. I loged off the
internet and relogged on now the program is not trying to connect
anymore. I don't understand any of this.

Tom

 

[Dak]

Archived from groups: comp.security.firewalls (More info?)

On Sat, 15 May 2004 03:59:17 GMT, Tom Whitehead <not@here.com> wrote:

>Then I started body shop and let it through. Typed netstat again
>and it added crl.microsoft.com:http established. I loged off the
>internet and relogged on now the program is not trying to connect
>anymore. I don't understand any of this.

CRL stands for Certificate Revocation List. Any standards-compliant
certificate-signed program will check the CRL to see if the program's signature
has been revoked by the issuer. Contrary from being a security concern, this
check makes sure your program is authentic.
You can prevent its access by either adding "crl.microsoft.com" to your HOSTS
file, or by UNCHECKING "check for publishers certificate revocation" in your IE
browser (TOOLS/INTERNET OPTIONS/ADVANCED tab/SECURITY section).
More information available in this Microsoft Knowledge Base article (so you can
make up your own mind whether to disable it) :

Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign
<http://support.microsoft.com/default.aspx?scid=KB;en-us;293811&>

--
dak

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

On Sat, 15 May 2004 02:59:34 -0500, dak
<comp-security-firewalls@spamtrap.cjb.net> wrote:

>On Sat, 15 May 2004 03:59:17 GMT, Tom Whitehead <not@here.com> wrote:
>
>>Then I started body shop and let it through. Typed netstat again
>>and it added crl.microsoft.com:http established. I loged off the
>>internet and relogged on now the program is not trying to connect
>>anymore. I don't understand any of this.
>
> CRL stands for Certificate Revocation List. Any standards-compliant
>certificate-signed program will check the CRL to see if the program's signature
>has been revoked by the issuer. Contrary from being a security concern, this
>check makes sure your program is authentic.
> You can prevent its access by either adding "crl.microsoft.com" to your HOSTS
>file, or by UNCHECKING "check for publishers certificate revocation" in your IE
>browser (TOOLS/INTERNET OPTIONS/ADVANCED tab/SECURITY section).
> More information available in this Microsoft Knowledge Base article (so you can
>make up your own mind whether to disable it) :
>
>Update Available to Revoke Fraudulent Microsoft Certificates Issued by VeriSign
><http://support.microsoft.com/default.aspx?scid=KB;en-us;293811&>

Ok..thanks this clears up the mystery. I couldn't believe these
people were putting malware in bodyshop. The sims has been the most
succesful game of all time. Didn't think they would do anything shady.

Tom