Zone Alarm Triple Firewall Protection Question

Discussion in 'other firewalls' started by Wordward, Nov 16, 2007.

Thread Status:
Not open for further replies.
  1. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    Just wondering how Zone Alarms Triple Defense Firewall works to protect your PC? I read about what it is suppose to protect against on the CheckPoint website, but I was hoping someone could explain in more detail exactly what all the Triple Defense Firewall covers as far as protection for the end user. I also wonder if there is any need for using anything more than an AntiVirus with it, as it seems it works like a HIPS software as well. Thanks.
     
    Last edited: Nov 16, 2007
  2. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    On trying it,I asked my good self the same question.;)

    The impression was that in fact there is a HIPS type activity going on,possibly under the protection definition of "protecting your OS".

    If all the settings are set to high( as for example in DSA), the popups carry the same type of questions as DSA.

    Would think the most appropriate further HIPS would be Threatfire,not one of the others which would probably just duplicate whats already going on.

    bestest from the Coo:p
     
  3. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    I in fact use this firewall & think that for the average user it will provide adequate protection.
     
  4. Jon_T

    Jon_T Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    38
    Protection wise, how do you think it compares, to the new OA 2's HIPS, Process (Programs), and firewall combo?
     
  5. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    All I do know is that ZA is rated as one of the best:D

    Edit-one of the things that was liked was the brief learning period after which advanced settings could be applied.with good memory and lack of "noise"
     
    Last edited: Nov 16, 2007
  6. Woody777

    Woody777 Registered Member

    Joined:
    Aug 29, 2006
    Posts:
    484
    In my usage of Online Armor I think I like ZA better as it scans your processes on install & then advises you with HIPS like activity of new events. Since I used the free version I am not in a position to say if Online Armor Pay is a great deal better. It Might be. The Spyware component of ZA is lacking in Online Armor & ZA has host file protection & Spysite blocking built in. There is also a mailsafe component which can help protect your email from virus' if your AV fails to pick a virus up. A real possibility in my case since I use NOD32 which does not scan the secure connections that AT & T uses for their Email. It also has cookie protection which is lacking in Online Armor. I personally think that ZA is better but for all those people who really like Online Armor well they may know a lot more about the product than I do as my use was very limited. I think if you combined Za with BoClean also you would really well protected. In fact Some people in this forum use Threatfire with ZA with great effectiveness. You decide!
     
  7. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    Wordward,

    In answer to your query-

    Should think the triple protection is not a toothpaste after all but:

    Network,Program and Operating System Firewall

    "Network and Program Firewall
    Delivers proactive firewall protection with multiple layers of security that stop inbound, outbound, and program attacks while remaining completely invisible to hackers.
    Guards the network perimeter from inbound and outbound threats with the world's #1 firewall
    Prevents spyware and other malicious programs from sending your personal information across the Internet
    Full stealth mode to keep you concealed from anyone on the Internet
    Protects your programs from malware
    .
    Operating System Firewall (OSFirewall™) IMPROVED
    This additional layer of security prevents hard-to-remove spyware, including rootkits and kernel-level threats, from getting onto your PC and causing damage.
    Identify and filter over 100,000 applications for constant protection against threats
    Monitor program installation, registry changes and file access down to your PC's core
    Monitor additional program actions for more thorough protection
    Prevents malicious software from damaging files in your core Windows operating system"
    .

    Also it does have HIPS,which no doubt is also described above.

    "products like Comodo and ZoneAlarm Pro that are firewalls with HIPS. "
    (Tech Support Alert)
     
    Last edited: Nov 16, 2007
  8. Jon_T

    Jon_T Registered Member

    Joined:
    Sep 1, 2006
    Posts:
    38
    Hairy Coo:

    With ZA AS, did you look at how many processes are running and how much RAM they use?

    TIA
     
  9. Hairy Coo

    Hairy Coo Registered Member

    Joined:
    Oct 19, 2007
    Posts:
    1,486
    Location:
    Northern Beaches
    From memory there were two processes and the highest mem usage (it did vary)was about 38000k,a bit more than average.
     
  10. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    I read that before Hairy Coo, and and although I understand it, I guess I was just hoping for even more detailed information as to what it specifically covers in comparison to various other programs of this caliber. For example ProSecurity, SSM, Online Armor, and DSA. I'm thinking ultimately they all may offer about the same level of protection.
     
  11. Perman

    Perman Registered Member

    Joined:
    Nov 23, 2005
    Posts:
    2,160
    Hi,

    Comparing ZA's triple Firewall Protection with standalone HIPS such as ProSecurity and its alike may not result in an impartial information. Perhaps we should ask ourselves this: does ZA's triple-- provide us sufficient service without those pure HIPS ? If yes, then just brush them aside for now, if not , I guess it will not hurt to sprinkle few of those spices, adding more flavours. IMO, ZA AS is the easiest one in ZA group to work with. I can give you an earful if you ask me about other two; ZASS and ZA pro.
    Take care.
     
  12. Sportscubs1272

    Sportscubs1272 Registered Member

    Joined:
    Apr 9, 2007
    Posts:
    340
    The current ZA Antispyware edition seems to run smoothly compared to OA firewall. I don't have any BSOD's while using Antivir, Threatfire and Sandboxie with ZA. It is rated very good(8600 pts) at the matousec.com site. I believe you can manually stop any keylogger/malware if you use the kill control option. Some use this option to prevent the Antivir Classic (avnotify) nagware from popping up after an update.

    My main gripe is that they haven't had any new stuff since they introduced the Operating System Firewall (OSFirewall™) and the antispyware module. The ZoneAlarm ForceField Beta is another story! Too many memory hogging agents running around and bug crashes.
     
  13. TopperID

    TopperID Registered Member

    Joined:
    Oct 1, 2004
    Posts:
    1,527
    Location:
    London
    Triple FW just means protection from inward hack attempts (normal FW function), protection from attempts to send info out (normal software FW function) and the Operating System FW. It is the latter function that is of most interest here. It is a 'behaviour blocker', which is looking for suspicious activity on your system. This is quite different from the executition protection and control of a HIPS program like PG, SSM or ProSecurity. Though the results may be the same.

    To give an example, if you are using IE and go to a malicious site containing embedded code which attempts to exploit IE to run a .dll by invoking rundll32.exe, a HIPS prog would thwart this by preventing rundll32.exe from running without express permission. However ZA would thwart the attempt because IE has lower priviledges than rundll, and when a program with lower priviledges tries to spawn an app with higher priviledges it is prevented from doing so. All of this depends on configuration and how you answer pop-ups, but basically HIPS are looking for ANY prog running without express permission while ZA is looking for suspicious activity.

    Ther are many types of activity considered suspicious and the ZA help guide gives info on these. For the uninitiated, behaviour blocking is probably easier to handle than full execution control since this covers legitimate activity as well.
    All mailsafe does is quarantine any attachment with a predefined extension on the grounds it may be suspicious. It is up to you how you handle it then, but if you try and open it and your AV fails to pick up the worm, mailsafe won't help! Mailsafe is just drawing your attention to a potential risk and prevents thoughtless opening of attachments.
     
  14. 19monty64

    19monty64 Registered Member

    Joined:
    Apr 10, 2006
    Posts:
    1,302
    Location:
    Nunya, BZ
    So Wordward, it sounds as TF may would still be needed for real-time protection with ZAAS.
     
    Last edited: Nov 17, 2007
  15. Wordward

    Wordward Former Poster

    Joined:
    Jan 12, 2007
    Posts:
    707
    I hear you 19monty64, but from what I have read in regards to what all Zone Alarm Triple Defense Firewall is suppose to protect against, I'm still unclear if any other protection besides an AV is needed? Hopefully a little more help from some ZA users will clear things up for me.
     
Loading...
Thread Status:
Not open for further replies.