Why would Opera and Firefox want to act as Servers?

Why would they need Server permission through ZoneAlarm?

Denying permission does nothing discernible, no negative effect whatsoever that I can see.

deny allowing server rights to any proggie unless it needs them. In normal surfing a browser does not require server rights. Utilities such as Messenger do because of the way they work. Browsers though? Nope.

I suggest you do a full AV and anti-trojan scan for starters. A trojan comes in two bits - a client part and a server part. Once the client sent to you by the hacker downloads he/she requires your 'puter to act as a server and send out info'. Look at your firewall log and see if there are any attempt at outbound traffic. Inbound isn't the main risk, it's the stuff that goes out...like the contents of your HDD...

Try this link for starters (see very bottom of page for advice on allowing server rights). Post again if you have probs. Need info' to advise but don't post IP details or anything that would be helpful to a hacker.

http://www.markusjansson.net/eza.html

edit: added advice on where to look on the page I posted

further edit: what would be useful from the firewall log would be the port number the browser was trying to communicate through. HTT communications use post 80. A browser could act as a server through that port but many trojans are port specific and can be identified from the port they try to use. eg, Back Orifice.

As you say, during normal browsing, this shouldn't come up, but if you use a protocol other than HTTP to access some function, submit data, etc. a browser can be asked to act as a server.

IOW, it depends on what you're doing.

I've run into it when requesting streaming audio/video and while using FTP via a browser.

And then there are the nasty things ActiveX can do within IE. Of course a lot (most?) of these aren't legitimate.

Yes, two new attempts from this morning.

I had another thread, now apparently deleted ('cause I can't find it with Search), where I was asking specifically for help with thes symptoms. There are several things going on that make me believe I DO have something going which is partially in control of my computer when I'm online. However, before I go and try to reconstruct all that information, here's some info from the ZA log on the Opera and Firefox attempts to act as a server from this morning:

Destination DNS: resolver1.level3.net and resolver2.level3.net

Dest IP: 209.244.04.:53 and 209.244.03.:53

Protocol: UDP

Port: 2894 (in both cases)

from ports 4857, 3426, and twice from 1873

(209.244.0.0 - 209.247.255.255) I checked who owns the IP range.

click - start - run - then type msconfig in the field and click - then open the tab marked startup - look at what is listed there - might be a bit of spyware that has d/loaded and is trying to phone home, or it could be a trojan - you need to know what is legit and what is not though.

Try this as a start>>>

http://www.sysinfo.org/startuplist.php

Go to Pest Patrol's site and run the online scan too.

Gotta shoot. I'm off out to work. Will come back in later today if I can.

I'm not entirely sure what I was looking at, but I don't think I discovered anything sinister.

I looked first at the Alt+Ctrl+Del "Processes"list and found a few things that may (or may not) be problematic.

But when I went to the MISCONFIG list you suggested, there wasn't anything there that was a problem. (I DID get to uncheck MSMSGS -- whoohooo!)

But among several possibly questionable things in the Processes list is one that could be quite problematic: csrss.exe It does not, however, appear in the MSCONFIG list.

Obviously, I don't fully understand what I'm looking at, and the difference between these two lists, so don't quite understand the wonderful resource where I can look the various items up.

poll the Mozilla Foundation servers at startup to see if there are any updates. You can disable this and do updates yourself. Tools-->Options. Click on Advanced. Scroll down to Software Update and uncheck both items.

Also, Mozilla suite and Firefox (and presumably Thunderbird) use server sockets to communicate with theirselves (a loopback connection) to help them respond to pollable events. If you were to check ZoneAlarm's logs (presuming you've enabled logging) you'd probably see the connection attempts were on an internal IP address, particularly 127.0.0.1. Any IP address that looks like 127.xxx.xxx.xxx is inside your machine.

This is pretty common programming practice and I'd assume that Opera does the same thing. I can't remember if ZoneAlarm allows you to configure on a per-program basis, but it's safe to allow (at least) Firefox to make server connections. I can't state for certain about Opera. On the other hand, if you're not having any problems with Firefox and want to be extra cautious, go ahead and deny them.

to check for updates. I've had various types of things in the past that didn't need "server" permission to check for updates, including ZoneAlarm, Norton AntiVirus, and others.

Even if there were updates to be had, I can't see any reason why my computer would have to be a server in order to download or update the software. Can you explain that to me?

to talk to itself internally it can appear as a server to a software based firewall. A real (hardware) firewall would never complain about this because it is concerned with packets coming into and out of the machine and doesn't see what is happening inside the machine. The software firewall however sees any activity on the TCP/IP stack of your computer.

It's not that it's checking for updates, but that it is opening sockets internally to talk to itself that causes ZoneAlarm to complain. In this case ZoneAlarm is wrong though. Firefox is NOT acting as a server and is NOT sending any information out the the internet. It's just having a quiet conversation with itself. :-) In short, it's nothing to worry about and you can safely give Firefox what ZoneAlarm is mistakingly calling "server" permissions.

https://bugzilla.mozilla.org/show_bug.cgi?id=100154#c18

NSPR is the Netscape Portable Runtime, a part of Firefox.
http://www.mozilla.org/projects/nspr/about-nspr.html

I've unchecked the automatic update check and am still getting the request for it to act as a server -- sometimes when I'm already online, sometimes when I'm not online.