Zonealarm Forcefield News - not good

Check this out.

http://news.yahoo.com/s/infoworld/20080521/tc_infoworld/101445

SourMilk out

 

Sourmilk,

Thanks for the link the reviewer really doesn't like Sandbox technology. I must check it out for my AV test project

~interact

 

I wonder if it blocks the exploits that drop the outerinfo malware that advertises ZoneAlarm through a dropped desktop shortcut .

I have been trying to get an answer on this for weeks and I am getting nowhere .

http://www.castlecops.com/postt222121.html (for those with access) .

http://64.233.169.104/search?q=cach...rinfoads.com/reficon&hl=en&ct=clnk&cd=1&gl=us

That is the first case that I know of . The link at the top of that thread connects to a ZoneAlarm order page for me :

http://ad.outerinfoads.com/reficon?bid=4047&pid=1600&oid=5&fid=99001281

The icon file that the shortcut draws from is called ZoneAlarmIconUS.ico and there are many cases of it in HJT logs :

http://www.google.com/search?hl=en&...=&as_occt=any&cr=&as_nlo=&as_nhi=&safe=images

While researching malware for MBAM I have seen the ZoneAlarm desktop icon drop 3 times in the last 4 months so its not common .

The question is why is outerinfo using malware to advertise ZoneAlarm ?

If anyone knows more about this I would like to hear it .

For those who do their own testing this sometimes drops from the xpre/xrun exploit drops .

 

Well, apparently the testing done at infoworld is questionable...

http://www.thetechherald.com/article.php/200822/1083/Review-ZoneAlarm-ForceField

Cheers,
Fax

 

Hi,

Would not the missed websites be harmless due to the virtualisation feature in Forcefield? So even when the block list failed you still would be protected?

Cheers N

 

Interesting, but how does forcefield actually detect the malicious sites? Does it run it through the Kaspersky engine?

 

Yes, that's the whole point of this virtual browser. Even if ZA ForceField fails to block these malicious websites or malware-loading ZAFF's virutal browser would be/is infected, not your real computer.

How do they do it?
I don't know. But it's 100% effective.

 

So over the years this expert has tried out a few sandbox type apps and found them ineffective eh?

How long has it been since we last saw Greenborder and can anyone find any of this "experts" review of other sandbox type apps.

 

As far as I understand its a combination of heuristic, blacklisting and signature based detections. But for the details we would need the input from CP/ZA developers...

No KAV signature is involved at least I am not aware of...

Cheers,
Fax

 

Just use Artificial Dynamic's SafeSpace, the only virtualized/sandboxed browsing you'll ever need. And it's free.

 

I can't really see why.
It's unpatched so he could test ZA, not the patches..

 

Its explained in details in the article...
Right or not different testing conditions resulted in completely different outcomes.

Who is right... you have to see it in your context

Cheers,
Fax

 

We can only judge based on what they say. If you assume they're telling the truth, we can go on.
The guy in your link argues a layered approach. This is not the test. The test is on Forcefield.

Using an unpatched system to test software is common in Wilders as well.

 

IMO, this is actually a test better reflecting the reality (or at least my reality). ZAFF is not meant to replace an antivirus nor replacing lack of minimum system maintenance.

If you do run by default a fully unpatched OS system and you are looking for a software protecting you than the test of infoworld could reflect better your conditions.

My point is that more a test is near to your conditions more is relevant for your assessment.

Cheers,
Fax