Zonealarm Forcefield News - not good

Discussion in 'sandboxing & virtualization' started by SourMilk, May 21, 2008.

Thread Status:
Not open for further replies.
  1. SourMilk

    SourMilk Registered Member

    Joined:
    Mar 31, 2006
    Posts:
    630
    Location:
    Hawaii
  2. interact

    interact Registered Member

    Joined:
    Nov 11, 2006
    Posts:
    121
    Location:
    Paris
  3. nosirrah

    nosirrah Malware Fighter

    Joined:
    Aug 25, 2006
    Posts:
    561
    Location:
    Cummington MA USA
    I wonder if it blocks the exploits that drop the outerinfo malware that advertises ZoneAlarm through a dropped desktop shortcut .

    I have been trying to get an answer on this for weeks and I am getting nowhere .

    http://www.castlecops.com/postt222121.html (for those with access) .

    http://64.233.169.104/search?q=cach...rinfoads.com/reficon&hl=en&ct=clnk&cd=1&gl=us

    That is the first case that I know of . The link at the top of that thread connects to a ZoneAlarm order page for me :

    http://ad.outerinfoads.com/reficon?bid=4047&pid=1600&oid=5&fid=99001281

    The icon file that the shortcut draws from is called ZoneAlarmIconUS.ico and there are many cases of it in HJT logs :

    http://www.google.com/search?hl=en&...=&as_occt=any&cr=&as_nlo=&as_nhi=&safe=images

    While researching malware for MBAM I have seen the ZoneAlarm desktop icon drop 3 times in the last 4 months so its not common .

    The question is why is outerinfo using malware to advertise ZoneAlarm ?

    If anyone knows more about this I would like to hear it .

    For those who do their own testing this sometimes drops from the xpre/xrun exploit drops .
     
  4. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Well, apparently the testing done at infoworld is questionable...;)

    http://www.thetechherald.com/article.php/200822/1083/Review-ZoneAlarm-ForceField

    Cheers,
    Fax
     
    Last edited: May 28, 2008
  5. Newby

    Newby Registered Member

    Joined:
    Jan 12, 2007
    Posts:
    153
    Hi,

    Would not the missed websites be harmless due to the virtualisation feature in Forcefield? So even when the block list failed you still would be protected?

    Cheers N
     
  6. jrmhng

    jrmhng Registered Member

    Joined:
    Nov 4, 2007
    Posts:
    1,268
    Location:
    Australia
    Interesting, but how does forcefield actually detect the malicious sites? Does it run it through the Kaspersky engine?
     
  7. CoolWebSearch

    CoolWebSearch Registered Member

    Joined:
    Sep 30, 2007
    Posts:
    1,216
    Yes, that's the whole point of this virtual browser. Even if ZA ForceField fails to block these malicious websites or malware-loading ZAFF's virutal browser would be/is infected, not your real computer.

    How do they do it?
    I don't know. But it's 100% effective.
     
  8. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    So over the years this expert has tried out a few sandbox type apps and found them ineffective eh?

    How long has it been since we last saw Greenborder and can anyone find any of this "experts" review of other sandbox type apps.
     
  9. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    As far as I understand its a combination of heuristic, blacklisting and signature based detections. But for the details we would need the input from CP/ZA developers... :)

    No KAV signature is involved at least I am not aware of...

    Cheers,
    Fax
     
  10. Killtek

    Killtek Registered Member

    Joined:
    Feb 22, 2007
    Posts:
    100
    Just use Artificial Dynamic's SafeSpace, the only virtualized/sandboxed browsing you'll ever need. And it's free.
     
  11. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
  12. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    Its explained in details in the article...
    Right or not different testing conditions resulted in completely different outcomes.

    Who is right... you have to see it in your context

    Cheers,
    Fax
     
    Last edited: May 29, 2008
  13. Pedro

    Pedro Registered Member

    Joined:
    Nov 2, 2006
    Posts:
    3,502
    We can only judge based on what they say. If you assume they're telling the truth, we can go on.
    The guy in your link argues a layered approach. This is not the test. The test is on Forcefield.

    Using an unpatched system to test software is common in Wilders as well. :)
     
  14. fax

    fax Registered Member

    Joined:
    May 30, 2005
    Posts:
    3,731
    Location:
    localhost
    IMO, this is actually a test better reflecting the reality (or at least my reality). ZAFF is not meant to replace an antivirus nor replacing lack of minimum system maintenance.

    If you do run by default a fully unpatched OS system and you are looking for a software protecting you than the test of infoworld could reflect better your conditions.

    My point is that more a test is near to your conditions more is relevant for your assessment.

    Cheers,
    Fax
     
    Last edited: May 30, 2008
Thread Status:
Not open for further replies.