Just curious if any ZoneAlarm Pro or Anti-spyware users have ever seen ZA in action by blocking any malware from getting into their PC? Thanks.

I have, A little like bubble pops up on the lower right side and told me it blocked part of a web site do to spyware.

I don't know about testing malware but you can test your firewall several ways. Download GRC leak test. PC Flank test. System Shutdown Simulator. All of which ZAAS passes.

It stopped PCflank.com from loading. Not sure if it still does or not.

{QUOTE-> Just curious if any ZoneAlarm Pro or Anti-spyware users have ever seen ZA in action by blocking any malware from getting into their PC? Thanks. <-QUOTE}

ZA Triple defence firewall is a combination of:

- HIPS in ZA OS firewall;
- Central blacklist of known malware. If ZA Smartdefense is active, known malware executables/dll/drivers will be killed as soon as detected.
- http address filtering. Spysite bocking. Web browser is prevented to connect to known spyware/malware sites.

Never seen the blacklist smartdefense in action, but I have experienced often HIPS and spysite blocking (when testing malware). The latter seems quite effective since it does not require any user intervention. The HIPS function is dependent on user choice (allow or deny).

Cheers,
Fax

{QUOTE-> ZA Triple defence firewall is a combination of:

- HIPS in ZA OS firewall;
- Central blacklist of known malware. If ZA Smartdefense is active, known malware executables/dll/drivers will be killed as soon as detected.
- http address filtering. Spysite bocking. Web browser is prevented to connect to known spyware/malware sites.

Never seen the blacklist smartdefense in action, but I have experienced often HIPS and spysite blocking (when testing malware). The latter seems quite effective since it does not require any user intervention. The HIPS function is dependent on user choice (allow or deny).

Cheers,
Fax <-QUOTE}

Hi, Fax.
I need you to ask something. Does ZA Pro or ZAAS or any other ZA's product protect from:
Trojan.SPY.Agent.IR.2, Trojan Agent.agv Test, Vundo spyware Test, Trojan.Clicker Delf.AJ.7 Test, Trojan Tibs.ALMX, XP Killer trojan test, Trojan KillAv.cf Test, Trojan KillAV.S.Srv Test, Trojan KillAV.DP Test, Delphi Trojan Test, LdPinch Trojan Test, Data stealing test, Trojan Downloader Small.ddt Test, PE 386 rootkit, Trojan LoadADV.gen Test, Backdoor SdBot.gm, Backdoor Agent.apf.2, Backdoor Bifrose.LW, Backdoor Hupigeon NC Test, Haxdoor Rootkit / Backdoor test, Haxdoor.GS.16, Worm Brontok Test, Worm Bagle.GL (rootkit) Test, Worm.VB.AS.21 Test,

Keyloggers:
Klogger, Keylogger FE, Keylogger P, Martin's Keylog, Perfect Keylogger, Family Keylogger , Zkeylog, Actual Spy, Elite Keylogger, Hook Keylogger 1, Keylogger Lite, Active Keylogger, Active X keylogger, Hook Demo, Keylogger Demo, Keylogger IJ, Trojan/SPY.small.CD, SilentLog, Invisible Keylogger (stealth), Keyghost B, Net Logger, Global Keylogger result,

Rootkits:
HackerDefender Rootkit, FUTo enhanced rootkit, Odysee rootkit (2 variants), Agony rootkit, Agony rootkit, Unreal.A rootkit, Phide rootkit, BadRootkit Demo, RKU Demo rootkit, Vanquish rootkit, AFX 2005 rootkit, Fhide rootkit, Rootkit.Win32.Agent.ea.2, Rootkit.Win32.Agent.cf, Rootkit.Win32.Agent.dh, Rootkit.Win32.Agent.q, Vundo/DNSChanger test, Goldun.MG.3 Rootkit Test, Rustock rootkit Tests (4 variants), Rustock rootkit Tests, Magic.Control / Hot-Tv Test, MsSync Rookit test,

The rising threat : SSDT restorers, the 'HIPS/firewalls killers:
Backdoor Agent.alm Test, Bifrost Backdoor:A custom server test, Rootkit Win32-Agent.fq Test, Trojan Small.emw Test, Rootkit Agent.ey Test (loader2.exe is a "brute force" HIPS killer), Rootkit.Agent.ez Test,

I picked up this from the website where an tester tested each product (HIPS) against REAL MALWARE:
http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

All of these tests are copied also from:
http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm

I will try when I get home. I have never had a problem getting ZAAS to pass any test. Remember ZA Free does not have the same protection level as the other versions. The OS Firewall is not available in the free edition.

{QUOTE-> I will try when I get home. I have never had a problem getting ZAAS to pass any test. Remember ZA Free does not have the same protection level as the other versions. The OS Firewall is not available in the free edition. <-QUOTE}

Hi, Dieselman.
First I don't know from where would you download these tests since there is no link (it's obvious since some of these malware are real, I'm still not sure if every malware sample is real)

Second, even if you manage to somehow find these tests and download do it on Virtual Machine because they will seriously damage your PC if you fail these tests.

Three:
Ask Ragwing on Comodo's forums to send you through e-mail at least 2 malware tests that he managed test on virtual machine.
And ask him from where did he pick up them?

These tests are only for very experienced users and experts.

I have a 500 GIG external drive which I can use as a virtual drive. I will try it. Will not try it out on my new DELL WOW laptop. I am running ZAAS and NOD32 on that machine as well as my desktop.

{QUOTE-> I have a 500 GIG external drive which I can use as a virtual drive. I will try it. Will not try it out on my new DELL WOW laptop. I am running ZAAS and NOD32 on that machine as well as my desktop. <-QUOTE}

Ok, please let me know what tests ZAAS passed and which tests it failed.
Thanks.

{QUOTE-> Hi, Fax.
I need you to ask something. Does ZA Pro or ZAAS or any other ZA's product protect from: <-QUOTE}

Hi!
Ehm well, really impossible to answer... you should test each of them. I guess you mean installing them and not protecting the machine after the infection. Right?

I guess ZA HIPS, as other HIPS, are as good as the user using it. So, if you allow a driver to install then you are lost...

In principle ZAAS HIPS should warn you about attempts to hijack processes, rootkit installation, blocking trojans connecting out, etc... NOTE: Program Control should be set to MAX protection (default after the first 20 days of use – due to auto-learn). Or for even more protection you can activate component controls in the advanced options of the ZA program control.

I would be really curious to see the results against your list ;D Although for a real life experiment you should test the ZASS (suite) unless you want to specifically test the HIPS in ZA.

Cheers,
Fax

{QUOTE-> Just curious if any ZoneAlarm Pro or Anti-spyware users have ever seen ZA in action by blocking any malware from getting into their PC? Thanks. <-QUOTE}
Check out spycar.org (similar to eicar for AV).

Oldshep