Process Guard and Zone Alarm Program Control

Hi
I have the latest version of ProcessGuard together with the latest version of ZoneAlarm Security Suite on my XP Pro (SP2) machine, and I was just wondering if was better to switch Zone Alarm's Program Control off completely, together with OS Component Control, and allow Process Guard to take over completely? My computer sits behind a hardware firewall, so I really only want ZA for a backup software firewall. (I bought the whole suite 18 months ago when all I had was the option of a software firewall.)
So is ProcessGuard enough for total control over components and programs? Many thanks,
Gez

 

Gez, PG and ZASS OS Firewall are somewhat similar. By that I mean that there is some overlap in some of the protections provided by PG. Take a look in the ZASS help file, Index tab > enter Alerts > select OS Firewall and read about each alert level. NOTE: follow the links in each description to get more detail about what is covered by each level.

As for the ZASS Program Control, I would suggest that you leave it on. PG does not give you control over whether a program can or can not access the Internet. The Program Control in ZASS does.

I have ran both with no problems, but I am not running PG at this time. Not that there is anything wrong with it, I am exploring other security options right now.

HTH

 

Thank you Disciple. So control over outgoing network traffic is one reason to keep hold of ZASS Program Control. How far do you think one could go with ZASS without stepping on the toes of PG and causing conflicts? Do you think I could turn on the Advanced Program Control and Component Control features, for example? I'm curious to know which of the two programs kick in and at what point, and with two kernel level programs doing similar jobs I'm curious to know whether it could happen that one leaves it to the other and the other leaves it to the first and it ends up that neither of them kicks in! Just being paranoid you know!

 

i think that feature that overlaps with PG is the OSFirewall. PG doesnt quite cover Advanced Program Control and Component Control so leave them enabled.

 

The OS FW in ZASS and PG are doing different jobs, even if the outcome is sometimes the same.

Let me give one example that has happened to me - I've been hit (more than once!) by an exploit in a website that tried to force IE to launch Rundll.exe, which is a dangerous action, ZA pops up a warning because Rundll has high priviledges whilst IE has low priviledges (this is a default setting in ZA) whilst PG would give a popup if Rundll.exe is set to 'Permit once' (which is not a default setting in PG). In that specific example, with correct configuration, you are therefore doubly protected and get two chances to defeat the exploit; though the reason for the warning popup is entirely different in each case.

The whole way!

I run ZAP and PG together without conflicts or problems and the two together give formidable protection.

 

I get the feeling you have some confusion about what ZASS and its features and PG are primarily designed to do.

ZASS is first and foremost a firewall, and helps control what can connect to your computer. This is done by establishing Zones, Trusted (your computer, and or network) and Internet (anything that is outside of your computer, and or network). Through the Program Control section you control which Zone a program can access, Trusted/Internet. You also control whether a program can act as a server to receive connections, either from the Internet or the Trusted (a LAN) Zone. ¹Not getting to technical here, the Advanced Program Control feature gives you the ability to control whether a component of a program (i.e. a dll file for a program) is allowed Internet access. Another side feature of this is the ability to allow/deny interaction between different programs, usually via OLE/COM and to some extent DDE. But all of that is implemented with Internet access as the primary focus. The OS Firewall allows you decide if you want to allow a program to be able to do certain functions to other programs or even the computers OS components. Some of these are; modifying you startup directory or search defaults, one program terminating another, monitoring keyboard/mouse input, driver instillation, injection of code into another program, ... . These methods are used my malware and hackers who want to gain control of your computer or data.

PG gives you control over whether a program is allowed to run on your computer and what it is allowed to do in relation to your computer and other programs. Sounds a lot like the ZASS OS Firewall doesn't it, that is because they overlap is some areas. But they are differences between them, and each has its own strengths.

With that said:

I never had a conflict between the two, ²only alerts from both programs about the same thing. This is where the overlap comes into play.

Definitely. (see ¹ above)

As I said (see ² above) you end up with alerts from each program about the same thing. I never, did not receive an alert about something that I should have. It never hurts to be paranoid, especially when conflicting security apps can bring a system to its knees. Besides if there was a conflict between the two it would have been discussed here.

 

Thanks for your replies people -- they've resolved a bit of a muddle in my head!