Has anyone ever had ZoneAlarm's Triple Defense Firewall block malware?

Discussion in 'other firewalls' started by Wordward, Feb 14, 2008.

Thread Status:
Not open for further replies.
  1. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Just curious if any ZoneAlarm Pro or Anti-spyware users have ever seen ZA in action by blocking any malware from getting into their PC? Thanks.
     
  2. dwax

    dwax Registered Member

    Joined:
    Oct 21, 2002
    Posts:
    57
    I have, A little like bubble pops up on the lower right side and told me it blocked part of a web site do to spyware.
     
  3. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I don't know about testing malware but you can test your firewall several ways. Download GRC leak test. PC Flank test. System Shutdown Simulator. All of which ZAAS passes.
     
  4. acr1965

    acr1965 Registered Member

    Joined:
    Oct 12, 2006
    Posts:
    4,954
    It stopped PCflank.com from loading. Not sure if it still does or not.
     
  5. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    ZA Triple defence firewall is a combination of:

    - HIPS in ZA OS firewall;
    - Central blacklist of known malware. If ZA Smartdefense is active, known malware executables/dll/drivers will be killed as soon as detected.
    - http address filtering. Spysite bocking. Web browser is prevented to connect to known spyware/malware sites.

    Never seen the blacklist smartdefense in action, but I have experienced often HIPS and spysite blocking (when testing malware). The latter seems quite effective since it does not require any user intervention. The HIPS function is dependent on user choice (allow or deny).

    Cheers,
    Fax
     
  6. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,191
    Hi, Fax.
    I need you to ask something. Does ZA Pro or ZAAS or any other ZA's product protect from:
    Trojan.SPY.Agent.IR.2, Trojan Agent.agv Test, Vundo spyware Test, Trojan.Clicker Delf.AJ.7 Test, Trojan Tibs.ALMX, XP Killer trojan test, Trojan KillAv.cf Test, Trojan KillAV.S.Srv Test, Trojan KillAV.DP Test, Delphi Trojan Test, LdPinch Trojan Test, Data stealing test, Trojan Downloader Small.ddt Test, PE 386 rootkit, Trojan LoadADV.gen Test, Backdoor SdBot.gm, Backdoor Agent.apf.2, Backdoor Bifrose.LW, Backdoor Hupigeon NC Test, Haxdoor Rootkit / Backdoor test, Haxdoor.GS.16, Worm Brontok Test, Worm Bagle.GL (rootkit) Test, Worm.VB.AS.21 Test,

    Keyloggers:
    Klogger, Keylogger FE, Keylogger P, Martin's Keylog, Perfect Keylogger, Family Keylogger , Zkeylog, Actual Spy, Elite Keylogger, Hook Keylogger 1, Keylogger Lite, Active Keylogger, Active X keylogger, Hook Demo, Keylogger Demo, Keylogger IJ, Trojan/SPY.small.CD, SilentLog, Invisible Keylogger (stealth), Keyghost B, Net Logger, Global Keylogger result,

    Rootkits:
    HackerDefender Rootkit, FUTo enhanced rootkit, Odysee rootkit (2 variants), Agony rootkit, Agony rootkit, Unreal.A rootkit, Phide rootkit, BadRootkit Demo, RKU Demo rootkit, Vanquish rootkit, AFX 2005 rootkit, Fhide rootkit, Rootkit.Win32.Agent.ea.2, Rootkit.Win32.Agent.cf, Rootkit.Win32.Agent.dh, Rootkit.Win32.Agent.q, Vundo/DNSChanger test, Goldun.MG.3 Rootkit Test, Rustock rootkit Tests (4 variants), Rustock rootkit Tests, Magic.Control / Hot-Tv Test, MsSync Rookit test,

    The rising threat : SSDT restorers, the 'HIPS/firewalls killers:
    Backdoor Agent.alm Test, Bifrost Backdoor:A custom server test, Rootkit Win32-Agent.fq Test, Trojan Small.emw Test, Rootkit Agent.ey Test (loader2.exe is a "brute force" HIPS killer), Rootkit.Agent.ez Test,

    I picked up this from the website where an tester tested each product (HIPS) against REAL MALWARE:
    http://membres.lycos.fr/nicmtests/Unhookers/unhooking_tests.htm

    All of these tests are copied also from:
    http://membres.lycos.fr/nicmtests/Dynamic-Security-agent-tests/DSA_index.htm
     
  7. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I will try when I get home. I have never had a problem getting ZAAS to pass any test. Remember ZA Free does not have the same protection level as the other versions. The OS Firewall is not available in the free edition.
     
  8. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,191
    Hi, Dieselman.
    First I don't know from where would you download these tests since there is no link (it's obvious since some of these malware are real, I'm still not sure if every malware sample is real)

    Second, even if you manage to somehow find these tests and download do it on Virtual Machine because they will seriously damage your PC if you fail these tests.

    Three:
    Ask Ragwing on Comodo's forums to send you through e-mail at least 2 malware tests that he managed test on virtual machine.
    And ask him from where did he pick up them?

    These tests are only for very experienced users and experts.
     
  9. Dieselman

    Dieselman Registered Member

    Joined:
    Jan 6, 2008
    Posts:
    795
    I have a 500 GIG external drive which I can use as a virtual drive. I will try it. Will not try it out on my new DELL WOW laptop. I am running ZAAS and NOD32 on that machine as well as my desktop.
     
  10. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,191
    Ok, please let me know what tests ZAAS passed and which tests it failed.
    Thanks.
     
  11. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,723
    Location:
    localhost
    Hi!
    Ehm well, really impossible to answer... you should test each of them. I guess you mean installing them and not protecting the machine after the infection. Right?

    I guess ZA HIPS, as other HIPS, are as good as the user using it. So, if you allow a driver to install then you are lost...

    In principle ZAAS HIPS should warn you about attempts to hijack processes, rootkit installation, blocking trojans connecting out, etc... NOTE: Program Control should be set to MAX protection (default after the first 20 days of use – due to auto-learn). Or for even more protection you can activate component controls in the advanced options of the ZA program control.

    I would be really curious to see the results against your list :D Although for a real life experiment you should test the ZASS (suite) unless you want to specifically test the HIPS in ZA.

    Cheers,
    Fax
     
  12. oldshep

    oldshep Registered Member

    Joined:
    Dec 19, 2006
    Posts:
    139
    Check out spycar.org (similar to eicar for AV).

    Oldshep
     
Loading...
Thread Status:
Not open for further replies.