Zone Alarm Extreme Security 2010

I turned off the browser security in Zone Alarm Control Center, then rebooted the computer, then opened the Task Manager and there was 1 process releated to ForceField, i killed it, then i had 2 seconds till it re-enabled, this was enough time to start Daemon Tools. Zone Alarm Extreme Security was able to defend itself, even if i switched off 1 of his component.

 

Yes, forcefield is protected from tampering and you will not be able to kill it via task manager unless it is already OFF in ZAX Control Center.

 

I would have understood that if ForceField was a unique and separate software from Extreme Security. However, ForceField is an integral part of Extreme Security; even when ForceField was off on the Control Center its process was still on and any termination attempt should have been denied by Extreme Security.

Now in our Scenario according to Narxis, ForceField's process restarted immediately and that proves that ForceField or Extreme Security for that matter reacted against the termination by bringing the process back to life. However, the danger here has to do with the fact that Narxis was able to do what Extreme Security denied him in the first place even in the span of two seconds.

The implication here is two seconds could be what it could take for a prospective malware to dive into one's "cache" treasure trove and report back to its sender, may God forbid of course. In conclusion, I could deduce that base upon what happened in the Narxis' case, Extreme Security needs to reinforce its kernel level protection apparatus.

To me, to give credence to the word extreme in Extreme Security I could advise Zone Alarm to adopt a strategy of "default deny" at the kernel level for all of its processes when at least they are being subjected to force termination.

Thanks.

 

No, I think you missed the point, ZA will deny any access if forcefield is ON.
On the other hand, when OFF there is no use to kill the process nor having ZA to get it back ON, it is irrelevant since it is not functional. It should simply not be there.

I guess this is a design failure, or a bug or simply I miss the logic

Fax

 

Well, i done my own research and i was able to kill ForceField processes even when ForceField was turned ON. I reported the issue to Zone Alarm on the beta page.

I don't know if a malware can do anything with it, for me...the prevention is more important. I always use a virtualized browser, i don't think malware can break out from ForceField. This is why i love Zone Alarm, i think the future is virtualization, the complete OS or just a part of it(the browser). I could use the free sandboxie? Yes, but on Windows x64 it's not the best because of Microsoft PatchGuard and i don't need to put other programs into sandbox. I just need a sandboxed web browser. This is why i choosed Zone Alarm Extreme Security.

You could ask why i not use only the standalone ForceField? Beacuse i used several other security products and tested them with malware urls, malware packages and i found that the Kaspersky SDK engine in Zone Alarm is very effective. I don't need to introduce Zone Alarm firewall, very good too. There is the ID Protection and OS Firewall, these are good too. So i think almost everything in Zone Alarm is very good. They should improve the AntiSpam module and the url blocking in the browser. Another thing is that i like all-in-one suites.

 

Like? Forcefield.exe? You can kill the others processes but with the only effect of closing browser windows.

And even if you kill forcefield.exe you will not achieve much apart from having the browser failing to load with the toolbar. This is pretty obvious to detect

More worrying is if you are able to kill easily vsmon.exe since this is the core of the program...

 

ForceField.exe and for 2 seconds ISWSVC.exe but you were right, i can't kill vsmon.exe. But if u say this is O.K. then it's ok, i'm kind a newbie with Zone Alarm, never used it before.

 

It is not OK my friend even for two seconds. No process from a security software should be able to be terminated at all. The bottom line is the process or processes was/were killed. The proof if you try the same experiment with process explorer and write down the PID of the processes that you are about to kill and go for the kill if the processes come back to life you will see a new PID attached to it or them.

Bottom line, if the process after coming back to life has a new PID means that during a certain time, whether it is two seconds or more, the processes were not available to defend you and hence you were vulnarable. Please try to install just for the sake argument Comodo Internet Security or Norton Internet Security and if you try to kill their processes you will therefore get a deny prompt with the same PID attached to their particular processes.

In that sense, ZoneAlarm has to greatly improve its security products.

Thanks.

 

Strange, can't kill forcefield via task manager here....
EDIT: On WIN7 32bit

 

No, the process killed for 2 seconds has no active defense role. The linked ZA services running behind can't be killed. No offense but you should at least give a spin of the tool you assess before providing a rather superficial assessment of the impacts.

As a matter of principle, you don't need to make all elements of a tool unkillable if they do not provide any additional security benefit.

 

I'm using Win 7 64bit, when i killed it it closed the browser too.

It's not a big deal, when a malware is already inside the system then the Security is already failed and i don't think malware is able to come trough from a virtualized browser.

At least i reported to the beta team, they will check it.

 

I got answer from beta team about the Daemon Tools issue:

Hello,

Thank you for your cooperation, we are working at that.

Best regards,
ZABeta team.


So, they are working on it, that's enough for me.

 

Cool! Thank you for the follow up....

 

Answer for the ForceField process kill issue:

Hello,

This is a known issue, we are working at that.

Thank you for your cooperation.

Best regards,
ZABeta team.

 

I'm glad they are working on it. Like I said before no security software process should be able to be forcefully terminated.

Thanks.

 

fax how do you set Zone Alarm Antispam in Outlook 2007 to automatically put spam in Zone Alarm Junk Mail folder when Outlook 2007 is downloading the messages?

 

I don't follow, what is the problem? It will move spam automatically unless you have rules that moves messages from the inbox to other folders.

 

Cool! We understood that by now... lol

 

Well, it's not moving, if i click on Scan selected folder(Inbox) then it will move to Zone Alarm Spam folder.

 

Do you have any rules in place or Outlook addons? Have you ever compacted the outlook inbox? When the inbox is too fragmented or contains too many messages then the filter will not work correctly.

 

I have the latest Outlook Connector installed for my hotmail account. I have almost 50 messages, i saved them then deleted from inbox. I report back if it's working.

btw.

Is Opera supported by ForceField? Or just IE and Firefox?

 

Hi!
sonicwall spam filter conflicts with outlook collector. By the way, I got rid of cra* collector long time ago. Now hotmail offers (free worldwide) direct secured (SSL) POP downloading.

See, for example, here how to set it up

Fax
EDIT: Only firefox and IE

 

thanks, i removed the outlook connector, it's working now i think, i don't have spam to test it.

 

You're welcome!

 

Missed this post...thanks... must have a different behaviour on 32bit than 64 because here I can't kill it.