Zone Alarm Anti Spyware

Vettetech · #1 December 6th, 2007, 05:26 PM

My cousin is using ZAAS and I was wondering if that has HIPS. I dont see anything in there site about it. He was gonna use OA or Comodo. Yes Coolio I did say Comodo.

Perman · #2 December 6th, 2007, 05:52 PM

Hi,

ZAAS's application and O/S firewall are kind of HIPS . aren't they ?

Vettetech · #3 December 6th, 2007, 05:53 PM

Im asking.

Wordward · #4 December 6th, 2007, 08:33 PM

This is from a ZA person that knows something about ZoneAlarm's Triple Firewall Defense. It helped convince me that just using ZAAS with only an Antivirus would be fine. I saw a review in zdnet that praised ZAAS and this was the response I got from the person.

http://forums.zonealarm.org/zonelabs...ssage.id=46763

Quote:

Originally Posted by Oldsod

The article at zdnet.com.au is misleading. It stresses the antispy scanner and not the ZA firewall. It is the firewall of the ZA that provides the "shields" not the scanner. Of course there is the spy site blocking, but that is still more or less a function of the firewall (it is the firewall blocking the sites, not the scanner).

The spy scanner is developed by ZA and so are the definitions. It concentratesd more on spyware that attempts to infect the PC and attempt outbound access. It will miss various toolbars or browser helpers (for the Internet Explorer), CWS and various adware, and certain esoteric spyware such as spysheriff or smitfraud. But it does find and remove various troyans and malware. Possiblely not the greatest scanner, but far from the worst.

The main consideration is the Triple Defense Firewall of the ZA. It can be best described as the Inbound firewall and the Outbound firewall and the Windows firewall. Three firewalls as defined by ZA.
OK Inbound and Outbound is self evident- outbound is control applications for the port/protocol and actual outbound access per the zones.
Naturally if malware attempts to phone home or call some server and reveal personal information or get more malware installed, the Outbound firewall is doing the job to stop these actions. Even if some malicious dll or file attempts to gain access of a normally approved application, the ZA will see the application violation happening and will stop this immediately.
The Inbound firewall - control ports and allows in and provides true stealth at the same time keeping ports closed. ZA uses a true stately packet firewall, so internet connections are well taken care of.

The Windows firewall can be seen in the ZA in the OS firewall tab and in the Program Control. In the OS firewall can be easily seen the controls for start up programs and activeX installs and changes to the host file and so forth. These are considered to be "shields" and many antispy scanners with full time guards have this feature.
But the Windows firewall goes even further than the OS firewall tab. The new applications (not in the ZA normal listing), new installs, certain changes to the services, certain changes to the registry, application interaction (.dll or .exe using other applications) are recognized by the Windows Firewall and can be blocked. Also unapproved .dll can be stopped from continuing. This makes a form of HIPS or antispy/antimalware protection or shield and in many ways it is a very easy to use HIPS.

In many ways, the strength of the ZA AS firewall/spyware scanner is not the detection and removal of spyware, but prevention and deterence of infections. An example would be keyloggers- it will do a lousy job to detect pre-installed keyloggers if the ZA AS is installed fresh on an infected machine. But install the ZA AS on a clean machine and almost every later attempts to install the keyloggers can be prevented or stopped. So many users will post in the forum asking why the ZA alerts them that a browser or media player or certain applications is attempting to "monitor the keyboard or mouse" or hooking into the keyboard or mouse and they do not understand why or what is happening. Well the answer is simple- the ZA was alerting about a keylogger attempt. In these cases such as browsers it is all very innocent, but a malicious keylogger would do the very same. The ZA is watching and preventing.

http://review.zdnet.com/internet-sec...-32380240.html

Jon_T · #5 December 7th, 2007, 12:10 PM

In the review:
The bad: ZoneAlarm Anti-Spyware lacks antivirus protection; lacks free telephone support.

How is not having a antivirus bad? IMO kind of a dumb statement being that ZA has the ZA ISS and ZA AV products.

Apparently Robert Vamosi does not take in consideration that some users do not want "all-in-one" suite type security apps -- hence ZA has offered the ZA AV and ZA AS products. I wished ZA would also have just the ZA firewall without any additional non-firewall features/bloat.

Below is the same review by Robert Vamosi at Cnet.com, but this one has "User Opinions":
http://reviews.cnet.com/internet-sec...tag=prod.txt.2
If you read the User Opinions they're on earlier versions of ZA AS; i.e., none (at this time) are on the current improved 7.0.462.000 version that's (overall) received positive user opinions here at WSF.

Been using ZA since 2.0 released, however I've staid with ZA Pro 5.5.094.000 (on old P4 box) because I detest all the non-firewall features/bloat of the 6.x and 7.x versions. Besides the bloat there's the buggy releases users have had to contend with.

I also got the ZA AS for one year free offer and when I have the time (after the holidays) will do an backup image and give it a try on my old P4 box, since it "appears" to be the ZA software firewall product with the least amount of bloat/problems.

Currently trying out OA Free on my Intel Core 2 Duo system purchased mid Sept 07.
There's a lot I like about OA but since "I" am not familiar with using a rule base firewall, unable to configure programs OA's firewall like I can easily do with ZA's Program Control, and unfortunately currently no help provided on using a lot of OA's features/settings.

Vettetech · #6 December 7th, 2007, 12:24 PM

Just put OA in learn mode for the first couple of days.

Coolio10 · #7 December 7th, 2007, 12:38 PM

Quote:

Originally Posted by Vettetech

Just put OA in learn mode for the first couple of days.

That defeats the purpose of a firewall...

Jon_T · #8 December 7th, 2007, 12:41 PM

Quote:

Originally Posted by Vettetech

Just put OA in learn mode for the first couple of days.

Know about the Learning Mode, I was referring to being able to configure programs beyond OA's default firewall rules.

In OA you have to know/understand how to edit or create firewall rules.

The Program Control in ZA (and Sunbelt/Kerio firewall) allows you to easily configure programs without having to use rules.

Coolio10 · #9 December 7th, 2007, 12:47 PM

Quote:

Originally Posted by Jon_T

Know about the Learning Mode, I was referring to being able to configure programs beyond OA's default firewall rules.

In OA you have to know/understand how to edit or create firewall rules.

The Program Control in ZA (and Sunbelt/Kerio firewall) allows you to easily configure programs without having to use rules.

Can you show a picture of rule editing in za or atleast what/how you can edit.

Vettetech · #10 December 7th, 2007, 12:49 PM

Quote:

Originally Posted by Coolio10

That defeats the purpose of a firewall...

Coolio................your suppose to put a software firewall in learn mode when you first install it. Thats what learn mode means. But only if you have a clean system.

Vettetech · #11 December 7th, 2007, 12:54 PM

Quote:

Originally Posted by Jon_T

Know about the Learning Mode, I was referring to being able to configure programs beyond OA's default firewall rules.

In OA you have to know/understand how to edit or create firewall rules.

The Program Control in ZA (and Sunbelt/Kerio firewall) allows you to easily configure programs without having to use rules.

I will help you more later. I have no problems using OA. If you put OA in learn mode and launch any program that connects to the internet it will create rules automaticlly. I set OA in learn mode and it made rules automatically for COD2,COD4,Steam,HL2,Q4,BF2,Halo,Time Shift,WOW. It was very easy and no pop ups.

Jon_T · #12 December 7th, 2007, 01:03 PM

Quote:

Originally Posted by Vettetech

I will help you more later. I have no problems using OA. If you put OA in learn mode and launch any program that connects to the internet it will create rules automaticlly. I set OA in learn mode and it made rules automatically for COD2,COD4,Steam,HL2,Q4,BF2,Halo,Time Shift,WOW. It was very easy and no pop ups.

You're not reading/replying to what I posted.

Vettetech · #13 December 7th, 2007, 01:15 PM

I have no problems with OA if you go into firewall rules. You can edit things there.I get your point. But all I did was install OA,reboot and I was up and running. I have yet to need to edit anything. I have atleast 200 apps on my pc and all of them work perfect with OA. What problems are you having?

LowWaterMark · #14 December 7th, 2007, 11:30 PM

The first 4 or 5 posts seemed to be about the topic title, (ie. "Zone Alarm Anti Spyware") and yet, it turned into a Comodo versus OA topic somehow.

People, please at least "TRY" to stay somewhere near the topic title when posting. If you have a question about Online Armor, don't post it in a thread that is titled "Zone Alarm Anti Spyware"!

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search