Just wondering how Zone Alarms Triple Defense Firewall works to protect your PC? I read about what it is suppose to protect against on the CheckPoint website, but I was hoping someone could explain in more detail exactly what all the Triple Defense Firewall covers as far as protection for the end user. I also wonder if there is any need for using anything more than an AntiVirus with it, as it seems it works like a HIPS software as well. Thanks.

On trying it,I asked my good self the same question.;)

The impression was that in fact there is a HIPS type activity going on,possibly under the protection definition of "protecting your OS".

If all the settings are set to high( as for example in DSA), the popups carry the same type of questions as DSA.

Would think the most appropriate further HIPS would be Threatfire,not one of the others which would probably just duplicate whats already going on.

bestest from the Coo:P

I in fact use this firewall & think that for the average user it will provide adequate protection.

-{ Quote: "... The impression was that in fact there is a HIPS type activity going on,possibly under the protection definition of "protecting your OS" .." }-
Protection wise, how do you think it compares, to the new OA 2's HIPS, Process (Programs), and firewall combo?

All I do know is that ZA is rated as one of the best;D

Edit-one of the things that was liked was the brief learning period after which advanced settings could be applied.with good memory and lack of "noise"

In my usage of Online Armor I think I like ZA better as it scans your processes on install & then advises you with HIPS like activity of new events. Since I used the free version I am not in a position to say if Online Armor Pay is a great deal better. It Might be. The Spyware component of ZA is lacking in Online Armor & ZA has host file protection & Spysite blocking built in. There is also a mailsafe component which can help protect your email from virus' if your AV fails to pick a virus up. A real possibility in my case since I use NOD32 which does not scan the secure connections that AT & T uses for their Email. It also has cookie protection which is lacking in Online Armor. I personally think that ZA is better but for all those people who really like Online Armor well they may know a lot more about the product than I do as my use was very limited. I think if you combined Za with BoClean also you would really well protected. In fact Some people in this forum use Threatfire with ZA with great effectiveness. You decide!

Wordward,

In answer to your query-

Should think the triple protection is not a toothpaste after all but:

Network,Program and Operating System Firewall

"Network and Program Firewall
Delivers proactive firewall protection with multiple layers of security that stop inbound, outbound, and program attacks while remaining completely invisible to hackers.
Guards the network perimeter from inbound and outbound threats with the world's #1 firewall
Prevents spyware and other malicious programs from sending your personal information across the Internet
Full stealth mode to keep you concealed from anyone on the Internet
Protects your programs from malware
.
Operating System Firewall (OSFirewall™) IMPROVED
This additional layer of security prevents hard-to-remove spyware, including rootkits and kernel-level threats, from getting onto your PC and causing damage.
Identify and filter over 100,000 applications for constant protection against threats
Monitor program installation, registry changes and file access down to your PC's core
Monitor additional program actions for more thorough protection
Prevents malicious software from damaging files in your core Windows operating system"
.

Also it does have HIPS,which no doubt is also described above.

"products like Comodo and ZoneAlarm Pro that are firewalls with HIPS. "
(Tech Support Alert)

Hairy Coo:

With ZA AS, did you look at how many processes are running and how much RAM they use?

TIA

From memory there were two processes and the highest mem usage (it did vary)was about 38000k,a bit more than average.

I read that before Hairy Coo, and and although I understand it, I guess I was just hoping for even more detailed information as to what it specifically covers in comparison to various other programs of this caliber. For example ProSecurity, SSM, Online Armor, and DSA. I'm thinking ultimately they all may offer about the same level of protection.

Hi,

Comparing ZA's triple Firewall Protection with standalone HIPS such as ProSecurity and its alike may not result in an impartial information. Perhaps we should ask ourselves this: does ZA's triple-- provide us sufficient service without those pure HIPS ? If yes, then just brush them aside for now, if not , I guess it will not hurt to sprinkle few of those spices, adding more flavours. IMO, ZA AS is the easiest one in ZA group to work with. I can give you an earful if you ask me about other two; ZASS and ZA pro.
Take care.

The current ZA Antispyware edition seems to run smoothly compared to OA firewall. I don't have any BSOD's while using Antivir, Threatfire and Sandboxie with ZA. It is rated very good(8600 pts) at the matousec.com site. I believe you can manually stop any keylogger/malware if you use the kill control option. Some use this option to prevent the Antivir Classic (avnotify) nagware from popping up after an update.

My main gripe is that they haven't had any new stuff since they introduced the Operating System Firewall (OSFirewall™) and the antispyware module. The ZoneAlarm ForceField Beta is another story! Too many memory hogging agents running around and bug crashes.

Triple FW just means protection from inward hack attempts (normal FW function), protection from attempts to send info out (normal software FW function) and the Operating System FW. It is the latter function that is of most interest here. It is a 'behaviour blocker', which is looking for suspicious activity on your system. This is quite different from the executition protection and control of a HIPS program like PG, SSM or ProSecurity. Though the results may be the same.

To give an example, if you are using IE and go to a malicious site containing embedded code which attempts to exploit IE to run a .dll by invoking rundll32.exe, a HIPS prog would thwart this by preventing rundll32.exe from running without express permission. However ZA would thwart the attempt because IE has lower priviledges than rundll, and when a program with lower priviledges tries to spawn an app with higher priviledges it is prevented from doing so. All of this depends on configuration and how you answer pop-ups, but basically HIPS are looking for ANY prog running without express permission while ZA is looking for suspicious activity.

Ther are many types of activity considered suspicious and the ZA help guide gives info on these. For the uninitiated, behaviour blocking is probably easier to handle than full execution control since this covers legitimate activity as well.
-{ Quote: " There is also a mailsafe component which can help protect your email from virus' if your AV fails to pick a virus up. " }-
All mailsafe does is quarantine any attachment with a predefined extension on the grounds it may be suspicious. It is up to you how you handle it then, but if you try and open it and your AV fails to pick up the worm, mailsafe won't help! Mailsafe is just drawing your attention to a potential risk and prevents thoughtless opening of attachments.

-{ Quote: "To give an example, if you are using IE and go to a malicious site containing embedded code which attempts to exploit IE to run a .dll by invoking rundll32.exe, a HIPS prog would thwart this by preventing rundll32.exe from running without express permission. However ZA would thwart the attempt because IE has lower priviledges than rundll, and when a program with lower priviledges tries to spawn an app with higher priviledges it is prevented from doing so. All of this depends on configuration and how you answer pop-ups, but basically HIPS are looking for ANY prog running without express permission while ZA is looking for suspicious activity." }-
So Wordward, it sounds as TF may would still be needed for real-time protection with ZAAS.

I hear you 19monty64, but from what I have read in regards to what all Zone Alarm Triple Defense Firewall is suppose to protect against, I'm still unclear if any other protection besides an AV is needed? Hopefully a little more help from some ZA users will clear things up for me.