Having used Ad-aware to get rid of the Spyware on you machine and installed a ZoneAlarm Firewall to keep them away, the user could be forgiven for being baffled as to what the reports actually mean. The file ZALog.txt that sits in Windows>>Internet Logs can be read by Notepad and a typical log would look like this:
ZoneAlarm Logging Client v2.6.88
Windows 98-4.90.3000- -SP
type, date, time, source, destination, transport
PE, 2001/06/24, 18:40:58+1:00 GMT, Microsoft AutoUpdate, 195.92.195.94:53, N/A
FWIN, 2001/06/24, 19:20:22+1:00 GMT, 210.169.179.88:1277, 62.136.58.145:515, TCP(flags:S)
FWIN, 2001/06/24, 19:25:04+1:00 GMT, 24.94.176.73:137, 62.136.58.145:137, UDP
But what does it all mean?
The simple solution is to have a programme that does the interpretation for you. But you don’t have to write one yourself as you can take the easy way out and log onto: https://zonelog.co.uk/ where you can download ZoneAlarm Log Analyser written by Matt Walker. This programme is shareware and if you don’t cough up the £8.23 shareware fee the programme will still work perfectly except that when you run it a registration window will open and stay on screen for a few seconds before the “Remind Later” button becomes active enabling you to run the programme fully. When you register you will be sent an “unlock key” the number of which has to be inputted into the text box as well as other details and you never see the window again.
Once up and running a window about one quarter screen size opens up and also a small box that states “No data to display in current range”. Click OK and the box disappears.
Clicking on Menu>>Help>>Contents opens up the help files that give thorough details of what to do and how to go about it. But briefly go to Menu>>File>>Import Zone Alarm Log and the log details will be displayed. It would help if you also clicked on Specified Range and in the two drop down boxes selected a range of dates a few months apart. For example: that days date in the ‘from’ box and the last day of the year in the ‘to’ box. You can always change these later if you wish.
Go to Menu>>Tools>>Options and tick “Automatically import new log data on program startup”. Also tick “Clear entries from ZAlog during import”. If you leave this un-ticked what will happen is that ZoneAlarm will add to ZALog.txt and ZoneLog Analyser will import that log and add it to the already displayed details, so you will get the same reports over and over again.
You can ignore the WHOIS Settings for now and in Misc Settings tick “Show Severity column” and click OK.
Back in the main window, double click any line and in the window that opens up click either or both of the two “Details” buttons for information about the unauthorised attempt at access to your computer or to pass data from it.
If you really want to know lots more about any attacks ZoneLog Analyser will fetch that information for you but you have to be on-line.
Finally is the programme worth the shareware fee? I believe that it is because it does supply the user with very useful information even if the user doesn’t know what to do with it. But they could learn. In any case the author has put in an awful lot of work to produce the programme for our benefit and paying the shareware fee will ensure that he will continue to upgrade and improve it.