You turn it off by right clicking the "Network Neighborhood" icon and "properties", then right click the "Local area connection", and "properties", then the "advanced" tab. But why would you want to turn it off? It's OFF by default, so it's going to be off unless you or someone activated it. On that same window for "settings", ALL of those boxes should be UNchecked. SP2 may be a different thing.
If SP2 for XP is inclusive of SP1a, then I'm going to have to "eat it" since SP1a was hideous, it caused problems. I use SP1. Yeah, "on the surface" (as they'd have you believe) all SP's are "better", but they never talk about what types of features it (any new SP) REMOVES, or what problems the SP will cause! I've never had any problems running multiple firewalls, and I suggest all do the same, you can NEVER have too much protection. The XP firewall only blocks traffic ONE WAY, so another FW is needed anyway. Since I have one in my router, it's a good idea to use a software FW for all of its features not found in a hardware FW. I don't think that issue of mine I described below was related to using multiple FW's since USR was "involved in some manner" yet to be determined. -Clint God Bless Clint Hamilton, Owner http://OrpheusComputing.com ) ----- Original Message ----- From: "rb47" < Clint and others, A couple of things: 1) HOW do you turn on or off the firewall that comes with XP??? After this experience of yours Clint, I really need to know how to turn on or off, since I bought the pro version of the Sygate firewall, and want to use it. 2) After a recent tech email I got with regard to the upcoming service pack 2 for XP, they are advicing to think VERY carefully before installing it, since Microsoft is primarily planning a number of things that could end up causing *** LOTS *** of headaches for MANY people all over the place. It is primarily aimed at adding security and related items to XP. On the surface, this would be normally viewed as a good thing. However, one of the biggies is that the current default for the firewall built-in to XP is OFF. Unfortunately, with the new service pack, that is going to change, and not for the better it is going to prove it would seem. The problem is that the firewall will automatically turn ON, whether you are already using a different firewall or not. And Microsoft does not care if you are already using another firewall, and the result possibly being disaster, with conflicts the result - as Clint has found, it would seem. Along with a number of other items in the service pack, the advice is - be very careful. Ralph "Support-OrpheusComputing.com" wrote: > > Thanks, Barry sent me that off list and I guess I should have > posted that he sent it to me. :-) I figured that alg.exe was > needed for the firewall, and I do have 3 firewalls running. > The hardware firewall in my router, XP's, and Sygate. I guess > it could have been a Trojan I as first suspected but nothing > ever turned up. Could be something brand new that no AV > software or firewall signature files know anything about yet. > That still doesn't ascertain USR's involvement in this which > I'd really like to find out. > -Clint > > God Bless > Clint Hamilton, Owner > http://OrpheusComputing.com ) > > ----- Original Message ----- > From: "Bram" <[EMAIL PROTECTED]> > > Hi Clint, > > Found this on the internet , don't know if it helps any. > > "FILENAME: Alg.exe. > PROGRAM NAME: Application Layer Gateway. > DESCRIPTION: Part of Windows XP that provides support for ICS > and Internet > Connection Firewall (ICF). > RECOMMENDED ACTION: If a third-party firewall warns you that > ALG.exe wants > access, check to make sure you're not double-firewalled. If you > are, disable > ICF. If you are using neither ICF nor ICS and are warned that > ALG.exe is > trying to access the Net, deny it. A Trojan horse or worm may > be trying to > use it as a backdoor." > > Bram > AngloCom --Original------ About an hour or so ago I started to "experience some very odd behavior" on this PC (XP Pro). My HD is partitioned several times, and my G partition is "storage". No programs are installed on it, it's just a backup of everything, but "Desktop" is stored on that partition. (I moved it from the original location to G, it's been like that since day 1, a long time ago). Every time I clicked the G icon on my desktop to access that partition, I got an alert from what I think was the Native XP firewall, but it could have been a Sygate alert. I say the XP firewall since if I recall correctly that alg.exe is what is, or part of, the XP firewall--at least alg.exe is what is running in the background during a cont-alt-del check of what's running when the XP firewall is active. If it's disabled, alg.exe disappears from the task manager. More on that in a moment. Maybe the *way* I was alerted is irrelevant, but I though I'd include that anyway. During that process of the alert (sometimes right before or sometimes right after the alert) ANY folder in the G partition that I tried to even hover over, resulted in a total lock-up of THAT WINDOW ONLY. That G window could not be moved, closed, maximized or minimized. I could open OTHER folders just fine on the desktop, and do other things just fine, just that G partition's window was "DEAD". It would stay like that a couple of minutes or so, then everything would go black, just a black screen and nothing else. (My Desktop background is black and the mouse cursor was still there). Then after a few seconds the desktop would start to come back and my toolbar at the bottom of the main desktop screen would "freak out". The address bar would disappear, the Quick Launch toolbar would disappear, it would go from "three level" to "one level" (revert back to almost the original XP default toolbar layout)! It gets stranger. When I would try to right click to enable Quick Launch again, it would come back with the several dozen icons all out of the order they were in (which has NEVER happened before when the QL toolbar was disabled or disappeared from other reasons). This happened 3 or 4 times with the EXACT SAME results and procedure done each time even AFTER RESTARTS. Each time beginning with me trying to access anything on the G partition. Again, ALL of the other partitions are normal, acting as usual. Now for more on the firewall alert: what is bizarre is the alert was due to US Robotics/3com and there is NOTHING on this PC that is USR or 3com! No modem, just a NIC which is an Intel NIC. Now here's the $$$ question, what the heck would this PC be doing trying to contact USR, or, what would USR be doing trying to connect to this PC, and what has that got to do with not being able to access the G partition and its lockup?? The same thing happened whether I denied or granted access. I denied access the first few times, then I decided to grant it to see if that changed anything and it did NOT. I ran SpyBot, AdAware, etc, and they were clean. The ONLY way I could fix this "issue" was to do a system restore to yesterday and thank God for it, that worked and all seems to be back to normal again. But this leaves me somewhat troubled since I can usually always figure out what's going on, but I'm at a bit of a loss here. I think it's probably a good idea to try and find out what was going on, what caused it, etc. Below is paste from the firewall alert showing the probe, as you can see, that's USR's IP address and their FTP site! Any takers on this one? ;-) File Version : 5.1.2600.1106 (xpsp1.020828-1920) File Description : Application Layer Gateway Service (alg.exe) File Path : C:\WINDOWS\system32\alg.exe Process ID : 0x5E0 (Heximal) 1504 (Decimal) Connection origin : local initiated Protocol : TCP Local Address : 192.168.0.134 Local Port : 3500 Remote Name : ftp.usr.com Remote Address : 65.61.164.30 Remote Port : 21 (FTP - File Transfer [Control]) Ethernet packet details: Ethernet II (Packet Length: 76) Destination: 00-50-18-09-61-4c Source: 00-07-e9-02-0c-58 Type: IP (0x0800) Internet Protocol Version: 4 Header Length: 20 bytes Flags: .1.. = Don't fragment: Set ..0. = More fragments: Not set Fragment offset:0 Time to live: 64 Protocol: 0x6 (TCP - Transmission Control Protocol) Header checksum: 0xdc7d (Correct) Source: 192.168.0.134 Destination: 65.61.164.30 Transmission Control Protocol (TCP) Source port: 3500 Destination port: 21 Sequence number: 2864471034 Acknowledgment number: 0 Header length: 28 Flags: 0... .... = Congestion Window Reduce (CWR): Not set .0.. .... = ECN-Echo: Not set ..0. .... = Urgent: Not set ...0 .... = Acknowledgment: Not set .... 0... = Push: Not set .... .0.. = Reset: Not set .... ..1. = Syn: Set .... ...0 = Fin: Not set Checksum: 0xb0d0 (Correct) Data (0 Bytes) Binary dump of the packet: 0000: 00 50 18 09 61 4C 00 07 : E9 02 0C 58 08 00 45 5C | .P..aL.....X..E\ 0010: 00 30 16 06 40 00 40 06 : 7D DC C0 A8 00 86 41 3D | [EMAIL [EMAIL PROTECTED] 0020: A4 1E 0D AC 00 15 AA BC : 5B FA 00 00 00 00 70 02 | ........[.....p. 0030: F7 80 D0 B0 00 00 02 04 : 05 A0 01 01 04 02 4C 45 | ..............LE 0040: 48 46 43 45 50 46 46 46 : 41 43 41 43 | HFCEPFFFACAC -Clint ============= PCWorks Mailing List ================= Don't see your post? Check our posting guidelines & make sure you've followed proper posting procedures, http://pcworkers.com/rules.htm Contact list owner <[EMAIL PROTECTED]> Unsubscribing and other changes: http://pcworkers.com =====================================================
