I have some questions about some things in my WinXP..

OK, I recently found out that for a year, my mom did not install ANY firewalls and I never knew why my homepage would change at certain times without even being on the browser or getting a trojan that Nortan found while I was on a different program..
Well I have downloaded 2 firewalls since last night; Sygate Personal Firewall and ZoneAlarm Plus (free versions) and I have noticed that there are certain programs that I have, but dont really know what they were and the ZA will ask me if I want to trust these programs, and since im not sure, I click "no".

I'll name a few of the files I'm suspicious about:

NDIS User mode I/O Driver
RAS PPPoE mini-port/call-manager driver
Support.com Scheduler and Command Dispatcher
Application Layer Gateway Service
Client Server Runtime Process
Common Client CC App
Generic Host Process for Win32 Services (svchost.exe(I have 4 of them running))
dumprep.exe (slows my computer down when its loaded for unknown reason)
ViewMgr
ViewMgrInstaller (these 2, I have no idea what the hell they are)
VERITAS Update Manager (What is VERITAS?)
hpztsb05.exe
vsmon.exe
tgcmd.exe
---
Also, I'm having issues with msmsgs.exe. Whenever I end its process on my TaskManager, it comes right back..even if I disable it with system restore off it still comes back when I turn it back on, or if it doesn't, it will load when I reboot the computer. It also seems to try unblocking itself from my zonealarm firewall, but fortunately it blocks the windows messenger when it tries to unblock itself..
--
And my last question at the moment, What is probably the best free firewall you can download off the internet at the moment?

I have ZoneAlarm Plus and I've heard its one of the best free ones out there, but I want to know if there are any better ones out there..

edit: I forgot to mention that I have the Comcast internet (DSL) service..

hi...i am havin the same problem as well....
i used to have zonealarm...i found it annoying more than helpful...right now i ahve most of the adware detectorss and removers....

i have spyblaster installed...it runs on ur backgrn...
i run hijack this once a day or once in two days...and remove stuff...tt looks fishy..(chk the name of the registers online...it helps)
adware n spybot and spysweeper installed as well...
spysweeper is the best...removes traces of verythin:)

1)but i want to noe wht kinda firewall should i have as well...to not allow trojans like rsvp...blaster worms...etc from being downloaded...i dont think norton really stops it...coz i had it as well...and it went past it...

2)so how come trojrans...adwares still bypass firewalls, that have the latest updates...isit coz the traffic is too much...?

3) how does stateful packet filterin fit into this scenario? or does it...?coz i thought its supposed to noe what kinda connections have been established...

4)so its not goin to check the adwares that are being accidentally downloaded when we are surfin isit?
adwares n trojans...enter into our machines by....masquerading as internet packts so our firewalls dont see them? coonfused....help??

So wait, Nortan Antivirus firewall does not work as efficiently as it should? What about the firewall that comes with Nortan Antivirus 2004?

Veritas is a company that makes backup programs.

I personally prefer (and Sahirh and have great fun debating the differences of hardware vs software firewalls) a hardware firewall solution.

Linksys makes a nice firewall for an easy price to live with.

Firewalls are not going to completely protect your system. You and anti-virus solution to deal with the worms and viruses. I hear this all the time - "But if I have a firewall why do I need anti-virus" and vice versa. You need both. Your firewall is not going to stop your email worms and viruses.

Chris does a great job explaining the firewalls in his tutorials and there is a good discussion on stateful packet inspection at:

www.firewall.cx/modules.php?name=Forums&...p;highlight=stateful

Another one of those arguments is long overdue

First up, firewalls are not meant to protect you against spyware, adware, malware, trojans etc.. thats not how they work.. they are meant to prevent certain traffic... This happens to stop most worms in their tracks because they cannot propagate to the system as its ports are blocked. It also stops trojans from phoning home.

Personal firewalls are a 'nuisance' for the initial training period when you ahve to tell them what to allow / what to block. This phase is critical.. just clicking allow everything makes life even worse for you. Personally I think its suicide right now to run a home computer with Windows without a firewall (hardware / software) in place.. I don't necessarily stay up to date with patches, but I have yet to catch any bugware or worm.

On Windows I use ZoneAlarm. I find it sufficiently powerful, reliable and very effective. I have used Sygate at work, as well as Norton Internet Security. I find both of them bloated, unneccesarily complicated for a regular user and by and large rather obtrusive. ZA is much nicer.. it has its weaknesses but its miles ahead of the pack.

Now to deal with your specific programs. which to allow and which not to.. ZA has a button called 'more info' which takes you to a website with information on common processes. This is helpful. I will try and cover what sounds safe here:

NDIS User mode I/O Driver - A network driver .. safe
RAS PPPoE mini-port/call-manager driver - You probably use cable.. safe
Support.com Scheduler and Command Dispatcher - Sounds like spyware to me.. I wouldnt allow
Application Layer Gateway Service - Windows service for Internet Connection Sharing and ICF - safe
Client Server Runtime Process - No clue
Common Client CC App - Save.. NAV
Generic Host Process for Win32 Services (svchost.exe(I have 4 of them running)) - Safe.. its an agent for all networking services.. having multiple processes of it is perfectly normal
dumprep - Windows error reporting tool.. pain in the ass.. safe, but I would disallow
ViewMGr - no clue
ViewMGrInstaller - sounds like spyware
VERITAS Update Manager - As tfs said
hpgablooch.exe - One of Hewlett Packards annoying printer update tools ? I hate them.. disallow..
vsmon.exe - The ZA firewall engine itself
tgcmd.exe - Eh ?

If you want a list of processes with information
www.liutilities.com/products/wintaskspro/processlibrary/

Getting familiar with the processes that normally run on your box is one of the most important things you can do.

Ah, thank you for what to allow and disallow..I dont know what alot of the programs do on this computer anyways. Another thing I am curious about, everytime I boot up the computer, the FINDFAST.exe boots up on startup (I check the Task Manager often)
and my mom told me that it shouldnt do that. Do you think possibly someone is on the computer or has set something so it boots up on startup?
Also, my messenger likes to conect to the internet every hour or so, so I have ZA block it fromthe internet..
Should I keep it blocked?

Oh and one more thing, if I dont load up my firewall quick enough when I boot my computer up, (since I have DSL) the hacker or whoever will send a .dll to my systems32 folder and it will change my homepage to "about:home" and the homepage would be a search engine and pop-up windows would constantly say stuff like "You have spyware on this computer, click here to remove them now" and I told my mom NOT to click on them, so she doesnt.
So I have to boot up safe mode and delete the file infecting the homepage in the systems32 folder every singe dang time and it drives me nuts! (I find out the file name by running "HijackThis" and then afterwards, I run CWShredder and it removes the MsConfig trojan or whatever it is..)
So my question is, how in the heck do I prevent this from occuring again? I've done this atleast 20 times and I'm starting to go insane from it. I also heard from someone at school, that its possible to set your computer up so the firewall will start before the internet connects so that wont happen. Can I seriously do this on a WinXP with DSL? If so, how?