Is spyware scanner in zone alarm pro a real time scanner?

Discussion in 'other anti-malware software' started by bollity, May 9, 2009.

Thread Status:
Not open for further replies.
  1. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    I want ask about the spyware protection in zonealarm pro , is it real time guard or just an on demand scanner ? and is it really effective ??
     
  2. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Hi!
    realtime guard of the ZA protection are the ZA OS firewall, Smartdefense (white and black listing remote database) and the http spysite blocking. You should run a proper antivirus tool on top of ZAPRO.

    Last time I saw a review of ZA products was on PC magazine.

    Fax
     
    Last edited: May 9, 2009
  3. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    you mean the spyware protection in it is not real time ? just on demand scanner ??
     
  4. Mongol

    Mongol Registered Member

    Joined:
    Jul 24, 2004
    Posts:
    1,581
    Location:
    Houston, TX
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    It is a real time scanner...
     
  5. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
  6. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    ZAP's spyware scanner is demand only, it has no realtime guard (realtime guards are for AVs, anti spyware scanners generally don't have that type of protection). As far as I can tell it is pretty good with low grade stuff, but I'm not so confident it could remove the difficult stuff; but of course the operating system FW would help prevent that from getting entrenched in the first place. Just be aware that, because of the way it works (intercepting suspicious behaviour), the OSFW will be more effective if you have configured the program control section tightly. In other words only allow a high trust level for important files that need it, don't give IE trust, for example, make it ask, because it could be exploited.
     
  7. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Ummm... this may sound like a really stupid question... but...

    Why would you run the OS Firewall AND Zone Alarm Pro o_O I thought it was better to run a single firewall on a system rather than multiple firewalls...

    Regards -
    -Bob
     
  8. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Not entirely correct, black/white list database is updated together with scanner definitions and spysite blocking. This is your real time guard. Of course if you turn OFF the ZA system forewall then the antispyware will become purely 'on demand'. :)

    We are talking about the ZA OS firewall not the machine firewall.

    Fax
     
    Last edited: May 10, 2009
  9. bollity

    bollity Registered Member

    Joined:
    May 9, 2009
    Posts:
    179
    Re: Is spyware scanner in zone alarm pro ar real time scanner?


    I didn't say anything about OS firewall. I just ask about the antispyware included in zonealarm pro.
     
  10. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Thanks for the clarification...

    Regards -
    -Bob
     
  11. vizhip

    vizhip Registered Member

    Joined:
    May 2, 2009
    Posts:
    83
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    I wasn't referring to your post... sorry... I should have used quote when I replied for further clarification myself...

    Regards -
    -Bob
     
  12. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    It is strictly correct to say that ZAP's spyware scanner has no realtime guard. A realtime guard will be examining files as they are opened, matching them against data base or heuristics, the spyware scanner in ZAP doesn't do that. Indeed most AS scanners don't do that; Counterspy does but you must switch that function off to avoid conflict with your AV.

    Maybe this is just semantics but I don't consider the spysite blocking etc to be part of the AS scanner, rather it is an additional item.

    It's worth pointing out that the most important anti-spyware protection offered by ZAP is the OS FW since this can help prevent malware being foisted on you in the first place. In the few tests/reviews I've seen in the past, it was the OSFW that impressed in its protection capabilities rather than the retrospective clean-up of the scanner.

    The scanner is most useful for picking up low grade things that do not register with the OSFW (such as cheapo adware you may let in bundled with an install of something else or tracking cookies etc), or just cleaning up stuff after the OSFW has done its business.
     
  13. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Hi!
    ZAPRO antispyware protection is built around three main modules.

    1. The scanner
    2. The ZA OS firewall
    3. The spysite blocking

    The realtime scan when opening file is performed by the ZA OS firewall. The file signature is compared to a remote white/black list, if found malicious is killed by the ZA Smartdefense. If not known by the database a pop-up will appear. The 'in the cloud protection' database is updated together with the spyware definitions.

    Strictly speaking ZAPRO has also realtime antispyware protection. If we ignore 2 and 3 then yes, ZAPRO has not realtime protection. :)

    Btw, same message. ZAPRO needs to be run with a good antivirus. It cannot protect the system alone.

    Cheers,
    Fax
    P.S. The above is also explained in the ZA antivirus/antispyware advanced options (prevention section)
     
    Last edited: May 11, 2009
  14. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,829
    Location:
    Last Breath Farm
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Hi Fax

    Your posts on this subject appear right on to me. But I am wondering what happens to ZAP's real-time anti-spyware protection if the OSFirewall is on but Anti-spyware is off?

    I believe that the correct answer is that the OSFirewall will not have access to the anti-spyware definitions.

    This then makes the anti-spyware ON/OFF setting the equivalent of the real-time protection switch... provided the user is running the OSFirewall.

    Does this sound correct to you? :)
     
  15. 12fw

    12fw Registered Member

    Joined:
    Sep 12, 2006
    Posts:
    111
    Location:
    Canada
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    The osfirewall files are not stored in the antispyware feature, so turning off the spyware scanner has no effect on the osfirewall feature or security for windows.

    Turning off the spyware feature will disable the spy site blocking security option, but then the spy site blocking should have been set seperately into the za firewall panel not integrated into the spyware scanner options. Just my opinion.

    Only strong reason to keep the spyware scanner on full time is to help it keep fully updated with the latest definitions.
     
  16. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Fax, correct me if I'm wrong but I do not believe this is how it works.

    Are you really saying the OS FW acts real time as a file is opened, scans it and then kills if it is malware! I think not.

    What happens is it acts as a behaviour blocker. If a file attempts a suspicious action, and smart defence doesn't recognise that as appropriate action for the file in question, you are given the opportunity to block that action.

    ZAP will not prevent the running of a file, because it will not be scanning it as it is opened, nor will it prevent the running of a file it has not seen before, because it does not have execution protection. It acts purely behaviourally depending on the trust levels given to each running file.

    If the file attempting an action is recognised as a spyware file I believe ZAP may try and stop it running, but of course it could be too late by then. If it had examined the file when it was being opened, which is what a realtime guard as normally understood would do, then the file would not be in a position to cause problems in the first place.
     
  17. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Hi!
    no, as far as I know OSfirewall reads the remote database (black/white list) indipendently from the ZA AS. So you need to turn OFF OSfirewall for turning off spyware protection.

    Hope this helps

    Fax
     
  18. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Yes, correct. OS FW will read the remote dabatase (black list) and kill the malware (same has applying - KILL - to trust level column of the ZA program control).

    The ZA OS firewall database constains both good programs (will automatically allow access and trust level permissions) and bad programs (will kill them).

    This will only work if you allow ZA to connect to the ZA remote database.

    Cheers,
    Fax
     
  19. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,069
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    'realtime guards are for AVs, anti spyware scanners generally don't have that type of protection'

    I know some that have real-time protection, like Counterspy, the Spy Sweeper, Spyware Doctor. :cautious:
    Not that I would recommend these programs, especially the latter two.
     
  20. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    That is true some do, but most don't. ZAP is one of the ones that doesn't, though Fax is strangely reluctant to acknowledge the fact.

    Since you claim that ZAP is somehow scanning files when they are opened, why would ZAP want to 'kill' a file? The file wouldn't be allowed to run in the first place if that were true so there would be no running malware to 'kill'.

    What actually happens is that when a file, which is already running (because it was not scanned when it was opened), wishes to perform an action ZAP considers suspicious, ZAP checks the credentials of the file with its data base of files (quite different from the spyware defs) in order to determine whether it should be allowed to carry out that action or not.

    This is a wholly different situation from a scanner (such as the one in ZAP's spyware section) using its definitions to scan files realtime as they are opened or moved. That is why I say ZAP's spyware sanner does not act realtime and does not have a realtime guard. This I think is the question the OP was asking.
     
  21. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,730
    Location:
    localhost
    Re: Is spyware scanner in zone alarm pro ar real time scanner?

    Wants to kill a file if this is black listed in the database, if it is white listed then will add appropiate permission if there is no information it will appear with '?'.

    Nope, certain files (executables, scr, etc.) are added to ZA program control indipendently from the action that is performed. This is why you will have a lot of junk in your ZA program control after sometimes (junk with all "?"). A program does not need to perform a suspicious behavior to be added to the list (and to be checked against the central database).

    Yes, the scanner is by definition on-demand. But as discussed already the ZA protection against spyware (the other components) are also real time.

    Hope this helps

    Cheers,
    Fax
     
Loading...
Thread Status:
Not open for further replies.