Zone alarm anti virus version 7

Its negligible, but this time I don't think that not switching to the KAV 7 engine is ZA's fault. F-Secure, GDATA, eScan and basically every other AV using the KAV engine have not gotten the heuristics. It would be a bit implausible to think that all these companies have gotten lazy and not implemented the KAV 7 engine, so I would say Kaspersky is not yet providing these features to their partners in the SDK.

So what did others do about it? GDATA has other engines to cover the proactive protection bit (as well as that "OutbreakShield"). F-Secure decided to go ahead and make its own proactive protection (DeepGuard, which works real-time, and Gemini engine, which works on-demand as well as real-time).

eScan and ZA have done nothing yet. If Kaspersky has a change of heart and introduces these features of version 7 and 8 into the SDK then we'll see the additional detection passed on to ZA. But given how they have not released the 7.0 heuristics, it is doubtful that the 8.0 improvements will make it into the SDK.

For today, the difference in detection rate may be minimal. But heuristic engines are constantly improved; as newer versions and newer engines come out the difference is going to be bigger and bigger. AV-comparatives' retrospective testing also proved KAV 7's heuristics to be of good value.....

Due to all this, the situation is not looking good for ZA going into the future. But time will tell.

 

Im just reading the review at http://www.pcworld.com/article/id,129514-page,1/article.html

How does this happen? It is an old virus and should not rely on heuristics.

Sounds like checkpoint and other partners are getting a pretty raw deal.

 

This is not unique to ZA. Sometimes F-Secure also has been known to miss a few samples detected by KAV. This has more to do with the coding of the resident shield rather than the engine itself, and the way the detections are reported to the program.

 

za is being compared to f-secure now, hell no!

F-secure is more stable', has other engines and also deepguard

 

But F-Secure is indeed misreporting some KAV detections (though such occurences are VERY rare), I've taken that up with support, and have been working on it for more than a month now

 

true, but kaspersky misses things that fsecure detects.

Swings and roundabouts.

 

Well, ZA has its own antispyware and they are putting a lot of efforts on it as well as proactive protection (HIPS) + spysite blocking... so I am not sure ZA is just waiting and see...

Also ZA ForceField looks promising...

Cheers,
Fax

 

Thats pretty old review... main KAV engine in ZA now has quite radically changed.

Cheers,
Fax

 

Zonealarm has got ichecker but not iswift (other way round?) kaspersky 6 engine, f-secure at the moment 16 pounds for internet security differnece is around 0.4% lower than kav, tested in may 2007 (a bit old)

 

Actually, as firecat and i found out last year, zonealarm has kav's spyware and virus database, however, when detected with zonealarm (spyware) it comes up in the virus section, but zonealarm also has its own spyware engine, which comes up in the spyware place. Yes, the proactive thingy bobby is excellent, but they need to do a lot lot lots more in the spysite blocking. The most thourogh blocking is in my opinion m c a f e e s i t e a d v i s o r ZA, is indeed improving, i admit, my booting time used to be 30 minutes, but is now 20 minutes, but i would be pleased to see 7.5 come out since 7 has been out for long.
On the other hand, I absoulutely love forcefield!

Good luck to ZA!

 

I don't think the antivirus version has the zonealarm as. Does the Kaspersky engine detect spyware?

Is this your experience from trying both Chris? What do the additional scan engines add to F-secure?

Regarding Deepguard, Zonealarm also has a hips (that they call a os firewall for marketing purposes). Does this osfirewall not compare at all?

Also note the price difference. Not counting the recent thread about buying f-secure from the uk site, the three computer 1 year price for ZAAV is around 40 AUD where the three computer 1 year price for f-secure is 112 AUD!

That is a huge difference in price.

 

20 minutes! That's a pretty long boot. My guess is you're probably running a lot of extra stuff at startup, or you have a lot of drivers loading, and maybe there are some conflicts. Are you implying that ZoneAlarm has somehow caused your boot to take that long? If I were you I would uninstall ZA, do some boots without it, then reinstall and measure the difference.

For the record, I recently installed ZoneAlarm Antispyware (which excludes the AV) and my bootup time increased by about 20 seconds.

 

Unfortunately these features are only available in the XP version or not?

 

Hi!
no, most of what I have listed above is also in VISTA 32 (HIPS, own spyware engine...) not the spysite blocking or privacy control.... this is why I complement ZA with ForceField in VISTA... working well in combo.

Fax

 

Yes, it does.

Fax

 

No, m c a f e e works fine, only zonealarm and i clean my regestry and startup (msconfig every month)

 

So, in turn again zonealarm detects some spyware from the kaspersky engine and says it is a virus but spyware from its own database is catergorised into the spyware section. Whcih is ok, but not entirely accurate.

 

Uhm, ZA (Suite) has two engines... KAV and ZA AS.
Whatever is detected by KAV will be displayed under the virus tab together with the name of the detection, whatever is detected by ZA AS will be displayed under the spyware tab with related name.

I found this very useful to clearly distinguish if a file as been determined malware by one of another engine allowing to follow-up and troubleshoot accordingly.

If you are running ZA AV, you will not have a spyware tab and all will be logged under the generic 'virus' tab. Frome the name of the infection you will be clearly know if it is a trojan, worm, spyware, adware, riskware, etc.

Cheers,
Fax

 

Yes, i think you misunderstood what i was saying because i was trying to say all you said just now+my point that if its detected with kav, in the virus section even if it was spyware making it a little bit inaccurate. Meaning that kav's engine and zonealarms can be distinguished clearly but not the malware.

 

Uhm... Ok.
The name of the detection is usually revealing... KAV has clear names for malware, for example, if you take riskware:

You will get these detection name + a specific acronym/code for the variant

not-a-virus: AdWare
not-a-virus: Dialer
not-a-virus: Downloader
not-a-virus: Monitor
not-a-virus: PSWTool
not-a-virus: RemoteAdmin
not-a-virus: NetTool
not-a-virus: Client-P2P
not-a-virus: Client-SMTP
not-a-virus: AdTool
not-a-virus: FraudTool
...etc...

Not sure I understand your issue but I guess it may be confusing...

EDIT: and if you are confused with ZA you will be also confused with many other AV tools.
Usually they don't separate detection of viruses and detection of spyware in separate windows (e.g. KAV 6,7) you have to guess it from the detection name.

Cheers,
Fax

 

Is GDATA still using KAV? I thought they dropped it due to the lack of multithread capability (been added only in the latest version of the KAV SDK package).

Cheers,
Fax

 

Nope
Still using Kaspersky.
They dropped BD for Avast

 

Ah.. Ok thanks for the info Sjoeii!
Someone dropped KAV but I can't recall who

Cheers,
Fax

 

I don't see why it should be a problem. The AV scanner is working on-access and on demand, whilst the ZA scanner is demand only. Surely you'd know whether you'd done a demand scan with the AV or the AS scanner?

KAV isn't an AS scanner, so there are plenty of things it won't find. That is particularly so with installed adware etc. The ZA scanner is better at clearing up the 'traces' whilst the AV concentrates on the more dangerous spyware trojans, and preventing things from installing in the first place.

I can't quite recall the details, but I seem to remember KAV wouldn't find a rogue scanner on the basis that it could have been installed by the user; however KAV did find the trojan that dropped it. So you were protected from drive-bys, but not protected from your own folly. I expect the ZA scanner would find these kinds of installed items, and do a better job removing the panoply of Reg entries and ancillary files.

Riskware isn't spyware, indeed it isn't malware at all (not-a-virus means it's not malware) it's just an informational finding of a file that could have been installed legitimately or perhaps not; the scanner cannot tell what put the file there, it is up to you to check.

 

I just gave ZAAV a run but unfortunately it didn't work out too well. Start up took 10 mins (up from 3 mins with antivir and comodo 3). Must have been a conflict. I reverted back to an image.

What a pity though. I would have bought it if it ran smoothly. Maybe Vista bugs will be ironed out in later versions.