Page 1 of 3 123 LastLast
Results 1 to 10 of 27

Thread: Program Control Problem

  1. #1

    Default Program Control Problem

    I use ZA Security Suite with Vista Ultimate on Dell desktop PC. My ZASS is:
    ZoneAlarm Security Suite version:7.1.248.000
    TrueVector version:7.1.248.000
    Driver version:7.1.248.000
    Anti-virus engine version:3
    Anti-virus signature DAT file version:951606287
    Anti-spyware engine version:5.0.189.0
    Anti-spyware signature DAT file version:01.200805.3945
    AntiSpam version:5.0.0.8843
    For Program Control I have:Program Control=MaximumSmartDefense Advisor=ManualAutomatic Lock=Off
    I have only a small number of programs configured to automatically allow internet access and only "Host Process for Windows Services" and one of the ZA ForceField programs (ISWLDR.dat) configured to
    automatically allow server access to the internet.
    I have recently noticed (there is a green dot against the program) that some programs that are configured to ask for permission to access the internet are accessing the internet without having asked for permission (examples would be Microsoft Windows Search Filter Host & Microsoft Windows Search Protocol Host). Presumably they are doing this by using a program that does have automatic permission - perhaps they are using Host Process for Windows Services?. If this is the mechanism I do not understand how ZA protects against this mechanism being misused by rogue program.

    Is there some built in ZA protection that I have missed regarding the misuse of trusted programs by untrusted programs??

    I do note that there is a setting "enable Advanced Program control" that would seem to overcome this issue but it is perplexing that the default ZA setting is without this facility enabled. Is there some built in ZA protection that I have missed regarding the misuse of trusted programs by untrusted programs??

    I
    did try
    activating "enable Advanced Program Control". However
    this
    generated a large number of alerts which
    was very tiresome and
    annoying. Also the DefenseAdvisor information for these alerts (labelled as part of the advanced settings)
    was clearly questionable eg it recommended "Deny" for various ZA ForceField programs!!. Because of this I have reverted to the default setting of not enabling Advanced Program Control.

    I am now left with the worrying issue of the misuse of trusted programs by untrusted programs to gain unauthorised access to the internet.



    Any advice around this topic would be much appreciated.

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Program Control Problem

    Hi!before been able to make customised control of your programs you will need to learn very well all the features of ZA as well as all the features of your OS.Blocking programs without knowing the consecuencies will clearly cause you issues in the long run.You should start with the principle that you should trust your security tools and give them the access they ask for. The same apply to OS files.Otherwise better to change your security tools and move to another OS.If you do not trust your system files nor your security tools than you will need to have a trial and error approach were you block files and actions.But if you do so, you have take into consideration that some functions or features of the respective programs will stop to work.From experience this is going to take a long time and the results(security wise) will belimited at best.Untrusted programs cannot use trusted programs unless given permission by the user. This is already the default behaviour of ZA without the need of changing any setting.For the rest you will need to look into MICROSOFT site (KB) the different functions of OS files/drivers/executablesCheers,FaxBy the way, green dot does not necessarily mean they are accessing the internet.... may be they are simply running or access your system (localhost)

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3

    Default Re: Program Control Problem

    I understand what you say about trust or change and I agree as a generalisation. Howevever on the other hand no system is perfect. I use ZA DefenseAdvisor to guide my manual decisions, on the other hand I cannot see any point in giving permissions to a program to use the internet when I know that it won't be be that is triggering this wish to access the internet. At the end this seems to me a matter of personal choice.
    Howevever I must take issue with one of your comments:
    <blockquote><hr>fax wrote:

    Untrusted programs cannot use trusted programs unless given permission by the user. This is already the default behaviour of ZA without the need of changing any setting.
    By the way, green dot does not necessarily mean they are accessing the internet.... may be they are simply running or access your system (localhost)

    <hr></blockquote>According to ZA Technical support green dot means that program is accessing the internet. Hence from my observation
    that some programs that are configured to ask for permission to access the internet are accessing the internet (there is a green dot against the program)without having asked for permission would mean that untrusted programs
    CAN use trusted programs
    without being
    given permission by the user.

    If the default behaviour of ZA is that &quot;Untrusted programs cannot use trusted programs unless given permission by the user&quot; what is the purpose of the option
    to enable
    Advanced Program Control
    (Program Control-Main-Custom-Program Control). According to the User Guide (v 7.1) enabling Advanced Program Contol &quot;prevents trusted programs from being used by untrusted programs to circumvent outbound protection&quot;. BUT the default setting is for this
    NOT to be enanabled. Surely there would be no need for Advanced program control if, as you state:
    &quot;Untrusted programs cannot use trusted programs unless given permission by the user. This is already the default behaviour of ZA without the need of changing any setting&quot;

    I would be grateful for your comments.

  4. #4

    Default Re: Program Control Problem

    Sorry Fax, I have just noted that the User Guide states that if Program Control is set to Max then &quot;Advanced Program Control and Application Interaction Control are enabled&quot;.
    However 2 queries:
    If I go to Program Control-Main-Custom-Program Control there are no ticks in the boxes to enable either Advanced Program Control or Application Interaction Control - is this OK??
    If I put a tick in the box to enable Advanced Program Control I then start to get a lot more alerts which are labelled &quot;Advanced Program&quot;. Why should I get additional alerts if this option was already enabled (bt seeting Program Control to Max)?? These extra alerts stopped when I removed the tick from the box.
    Thanks again for your help.

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Program Control Problem


    <BLOCKQUOTE><HR>dogdog wrote:
    According to ZA Technical support green dot means that program is accessing the internet. Hence from my observationthat some programs that are configured to ask for permission to access the internet are accessing the internet (there is a green dot against the program)without having asked for permission would mean that untrusted programsCAN use trusted programswithout beinggiven permission by the user.
    <HR></BLOCKQUOTE>Nope, green dot can mean that a program is running, listening to ports or accessing to the localhost (127.0.0.1)... not necessarily the Internet.What do you mean by untrusted programs? What you mention in your message are not untrusted programs.. they are parts of your OS.If you start to assume even your OS is unstrusted then better to move to another OS that you trust.Of course, you are free to modify access to programs but if you do not well what you are doing then your system may not work correctly.Again read well the ZA manual to understand how to control programs in your system.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #6
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Program Control Problem

    Hi!Program set to MAX will NOT enable Advanced program control and application interaction control.You need to tick on them...Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  7. #7

    Default Re: Program Control Problem


    <blockquote><hr>fax wrote:
    Hi!Program set to MAX will NOT enable Advanced program control and application interaction control.You need to tick on them...
    Cheers,Fax
    <hr></blockquote>
    Not what it says in the User Guide (P65)
    or in Help (Setting the Program Control Level)??? But based on getting the extra alerts when I ticked the bax I would suspect that you are right and the User Guide is wrong!!!
    BUT you also said:
    &quot;Untrusted programs cannot use trusted programs unless given permission by the user.This is already the default behaviour of ZA without the need of changing any setting.&quot;
    If this is the case what extra does Advanced Program Control do?? Why is such an option required if the activity is already prevented by default??
    Is there any reference to this default behaviour in the user guide??

  8. #8
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Program Control Problem


    <BLOCKQUOTE><HR>dogdog wrote:

    <BLOCKQUOTE>If this is the case what extra does Advanced Program Control do?? Why is such an option required if the activity is already prevented by default??</BLOCKQUOTE>
    <HR></BLOCKQUOTE>Its a more granular control for both main program and all components running or neededby the main program.Never used myself... not sure what it will add up... apart from understanding all components called uponby themain program.Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  9. #9

    Default Re: Program Control Problem

    Do you agree that User Guide must be wrong about automatically enabling Advanced Program Control if Program Control is set to Max??
    Can you point me to any reference in user guide (or elsewhere) to: &quot;Untrusted programs cannot use trusted programs unless given permission by the user.This is already the default behaviour of ZA without the need of changing any setting.&quot;??
    Thanks again for your help.

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,286

    Default Re: Program Control Problem


    <BLOCKQUOTE><HR>dogdog wrote:
    Do you agree that User Guide must be wrong about automatically enabling Advanced Program Control if Program Control is set to Max??<HR></BLOCKQUOTE>Yes. This was changed in recent version of ZA.
    <BLOCKQUOTE><HR>dogdog wrote:
    Can you point me to any reference in user guide (or elsewhere) to: "Untrusted programs cannot use trusted programs unless given permission by the user. This is already the default behaviour of ZA without the need of changing any setting."??
    <HR></BLOCKQUOTE>This is the bases for any program control system... may be its not written exactly like this in the manual By the way, if you use 7.1 then the manual is here:http://download.zonelabs.com/bin/med...ser_manual.pdfCheers,Fax

    Message Edited by fax on 05-25-2008 01:21 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Page 1 of 3 123 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •