Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: ZAX / FF - concept vs. real world tests and reviews.

  1. #1
    lalittle Guest

    Default ZAX / FF - concept vs. real world tests and reviews.

    I already purchased ZAX, but I've still been reading over the reviews of this program, and
    I'm confused why the FF component of ZAX isn't
    giving
    ZAX an obvious advantage in test results.
    Theoretically, the FF component of ZAX
    should
    provide extra security
    that other mainstream security packages simply can't offer (at least not yet) since they
    don't
    have an equivalent to the ZAX FF feature.
    Not one of the reviews I've read, however, indicates
    any significant difference between the actual protection of ZAX vs one of the other
    high scoring
    suites.
    The reviews still tend to give ZAX very positive results and say that FF offers another level of protection
    that can be effective, but in the end they don't rate the actual ZAX security any better than other suites.
    In other words, in the tests they use to evaluate security software, the effectiveness of threat prevention appears to be very similar between these suites.
    Given my understanding of FF, this doesn't make sense to me.

    Other suites don't
    have the FF features, so how can they possibly offer a similar level of protection?
    Are the review sites simply not testing the threats that FF would be uniquely capable of stopping -- the threats that would get past a normal "firewall" like ZA or Norton, but not past FF?
    Thanks for any feedback or thoughts on this,
    Larry

    Operating System:Windows XP Pro
    Software Version:8.0
    Product Name:ZoneAlarm Extreme Security

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,290

    Default Re: ZAX / FF - concept vs. real world tests and reviews.

    Hi!The question is misleading, security tools have different features and protection mechanisms.Is it better X or Y? Probably not thethe right question to pose. Reputable security toolsALLprovide excellent protection.A better question would be: Which security tool I like best?And the only way toknow it is to try them andchoose the one you feel more comfortable with or that runs better on your machine.http://www.zonealarm.com/security/en...top-attack.htmCheers,Fax

    Message Edited by fax on 03-01-2009 10:21 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZAX / FF - concept vs. real world tests and reviews.


    <blockquote><hr>lalittle wrote:
    I already purchased ZAX, but I've still been reading over the reviews of this program, and
    I'm confused why the FF component of ZAX isn't
    giving
    ZAX an obvious advantage in test results.
    Theoretically, the FF component of ZAX
    should
    provide extra security
    that other mainstream security packages simply can't offer (at least not yet) since they
    don't
    have an equivalent to the ZAX FF feature.
    Not one of the reviews I've read, however, indicates
    any significant difference between the actual protection of ZAX vs one of the other
    high scoring
    suites.
    The reviews still tend to give ZAX very positive results and say that FF offers another level of protection
    that can be effective, but in the end they don't rate the actual ZAX security any better than other suites.
    In other words, in the tests they use to evaluate security software, the effectiveness of threat prevention appears to be very similar between these suites.
    Given my understanding of FF, this doesn't make sense to me.

    Other suites don't
    have the FF features, so how can they possibly offer a similar level of protection?
    Are the review sites simply not testing the threats that FF would be uniquely capable of stopping -- the threats that would get past a normal "firewall" like ZA or Norton, but not past FF?
    Thanks for any feedback or thoughts on this,
    Larry

    Operating System:
    Windows XP Pro
    Software Version:
    8.0
    Product Name:
    ZoneAlarm Extreme Security

    <hr></blockquote>

    My very own opinions of reviews falls within this dated and very old description:

    http://www.softpanorama.org/Malware/...s_reviews.html

    it was originally for the 'antivirus review', but this could easily be adapted for any security software product of today.

    There are many well known and not so well known review sites (and writers. bloggers and editors,etc) that are swayed solely by the advertising sponsors and dollars and other financial incentives (gifts, certain favors, more site clicks, freebies, promos, etc) as to whether a product receives a good or bad review. Not all sites and writers are involved with the monetary influence, but these facts are known.

    Oldsod.
    Best regards.
    oldsod

  4. #4
    lalittle Guest

    Default Re: ZAX / FF - concept vs. real world tests and reviews.

    Thank you guys for the feedback.
    I agree with the point your making, but I'm reticent to apply this to &quot;all&quot; review sites.
    Surely &quot;some&quot; of them are truly trying to make honest comparisons, and use testing methodologies that are accurate to real world situations.
    It's also important to note
    that the reviews I'm referring to above
    rate ZAX quite highly.
    My confusion comes from the fact that other suites rate comparably, which does not make sense to me given that they don't have a
    FF type of feature.
    Logic tells me that
    the FF &quot;should&quot; give ZAX a notable advantage over other suites that don't offer this type of feature.
    So how is it that other suites are so close in tests?
    Some of these sites use real world threats, and they apply the same threats to all the programs, so this isn't just a matter of picking and choosing the right tests to make certain software appear to be better.
    I'm absolutely not knocking ZA in ANY way -- I'm just honestly unclear about the situation,
    which basically doesn't make sense to me given everything I've read so far.
    I'm
    therefore interested in hearing feedback from the ZA community on this subject.
    I'm not sure if I'm simply over-estimating the
    strength of a FF-type of feature, or if other suites take care of the same threats in other ways, or if so far, FF's strengths just aren't being tested properly.
    Thanks again for the feedback,
    Larry


  5. #5
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZAX / FF - concept vs. real world tests and reviews.


    <blockquote><hr>lalittle wrote:
    Thank you guys for the feedback.
    I agree with the point your making, but I'm reticent to apply this to "all" review sites.
    Surely "some" of them are truly trying to make honest comparisons, and use testing methodologies that are accurate to real world situations.
    It's also important to note
    that the reviews I'm referring to above
    rate ZAX quite highly.
    My confusion comes from the fact that other suites rate comparably, which does not make sense to me given that they don't have a
    FF type of feature.
    Logic tells me that
    the FF "should" give ZAX a notable advantage over other suites that don't offer this type of feature.
    So how is it that other suites are so close in tests?
    Some of these sites use real world threats, and they apply the same threats to all the programs, so this isn't just a matter of picking and choosing the right tests to make certain software appear to be better.
    I'm absolutely not knocking ZA in ANY way -- I'm just honestly unclear about the situation,
    which basically doesn't make sense to me given everything I've read so far.
    I'm
    therefore interested in hearing feedback from the ZA community on this subject.
    I'm not sure if I'm simply over-estimating the
    strength of a FF-type of feature, or if other suites take care of the same threats in other ways, or if so far, FF's strengths just aren't being tested properly.
    Thanks again for the feedback,
    Larry


    <hr></blockquote>


    Hello Larry.

    Your question(s) are intelligent and polite and I might add correct.

    A traditional security suite (this would include the ZAISS as well) versus the ZA ForceField (ZAFF) and or the ZA Extreme (ZAX) could be compared in this manner.

    Breakdowns:

    The traditional secuity suites (using the term loosely since security suites have very much evolved over the last few years) usually include:
    - a firewall
    - a full time antivirus (often with spyware and adware and riskware detections/removal)
    - and perhaps a seperate/integrated spyware scanner
    - and maybe some phishing filtering to either block or alert of risk/bad sites and this could include a browser toolbar or it is operated from within the suite itself.
    - and perhaps some sort of HIPS to detect and stop unwanted files from being active
    The traditional security suite could include other features that could be added to this small breakdown. These could include various other features such as email protection, parental controls, system checks and software checks, web scanners, web content filtering by scanning the http traffic, browser protections, anti-troyan scanners, anti-rootkit scanners, and a list of many other features.

    But for myself, the 'traditional security suite' is still just a firewall and antivirus integrated into one software that provided both internet/networking control and accesses and detect worms, viruses and troyans. Without the extra layers or additions.
    But this personal comment is off topic and is neither here not there. These extra layers of security by the extras provided by the security suites above my own definition of traditional antivirus and firewall and just that - these are extra layers of protection and security.

    The ZAX or the ZAFF could be described:
    - ZAX includes the main points is the traditional security suite with the integration of the ZAFF (and a few extras) whereas the ZAFF is an extra stand alone product.
    And this brings us to the additions or extras such as:
    - a virutalized browser session (main point or main difference)
    - an added or increased phishing filtering above the usual site blocking of the ZAISS which does include email traffic not just for http and https traffic
    - a full time antispyware scanner during the browser session (I think this also does scan all downloads, but I could be incorrect or correct if I am wrong)

    Virtual browser is another layer of added security. I seriously doubt anyone would be foolish enough to use just the ZAFF as the sole security application on the computer and ignore the general traditional security and that by even by my own limited definition. It is the addition of the extra layer of the ZAFF along side of the security that would create the extra layer of security.

    I suppose then the main addition or focal point of this discussion is then the 'virtualized browser session' and what this means or implies.
    A virtualized browser is basically a browser seperate from the operating system. It is no longer attached or part of the system. A virtual browser session then is operating in a virtual container. And this browser sesssion as it is seperate and isolated can not affect the main system.

    Aside from the extra protection of the phishing filtering and the spyware scanner which should be honored when these alert the user, the virtual browser session is the main point.
    This would include isolation from both changes and installs (both wanted and unwanted) by both scripts and by code files.
    And these risks would include zero day attacks (which the phishing filters and the antivirus and antispyware scanners have no definitions for yet but will in several days or so), new and known iframe and cross site attacks, new exploits for the extra used by the browsers, javascript and java attacks, prevention of the installs of keyloggers and rootkits and so forth.

    I have seen a few of the articles you are referring to (and politely not directly mentioning), so I can comment on the described flaws and on the previous arguements from boths sides.
    First arguement is patched system versus an unpatched system.
    My own personal advice is always patch and update not just the operating system but all of the supported software as well.
    See http://forum.zonelabs.org/zonelabs/b...essage.id=5420 for a better description of my own advice I would give out to any user.
    But keep very much in mind this is not just my own personal advice, but is the common sense advice any security expert would give out and use. It is not my own creation but the creation or formation developed and used by many if not all security experts in the security field.
    Any security expert advising not to follow these tenets would be going against the grain of the security.

    One example is the malformed flash file installing a service (API) through a memory execution.
    No doubt even windows update has updates for the flash player to prevent this exploit.
    So does the using the latest flash player.
    The antivirus would detect the exploit both in the memory (some antiviruses do offer memory protection) and the execution of the file. The ZA firewall would detect the installation event for the services.
    What no DEP or hardware memory protection?
    The biggest issue is the manner in which windows is designed and is then flawed by the API - it allows for the API calls to be open and not closed. Still present in Vista 32, not just in XP.
    Firefox/Mozilla browsers offer buffer overflow protection for themselves to help prevent exploits from attacking them to attack the system. Opera and IE do not - but there there are no known attacks of this type for the Opera so this is again does not apply, whereas the IE use is more to be concerned about.

    Another is the '"E-mail worms would start spamming..'.
    What no antivirus scanner running full time to prevent and remove the worm(s) or a firewall to detect the new attempted internet connection(s) from the very onset?
    But this comment is really masking the real issue . It is a diversion from the main body of the arguement. I seriously doubt the email worm could actually install in the virtual browser. The email worm comment does not seem connected to the previous statements and there is no proof of the email worms installing. The email worm should be prevented from going directly in the system root or the temporary folders to start an installation by the virtual browser.

    "Even when ForceField warns people that they're about to download potentially malicious code, this may not stop them. A Microsoft security intelligence report released in May showed some incredulous behavior: 88 percent of users chose to ignore a warning about BearShare, a software bundler, and continued to download the file; 68 percent ignored a warning about adware ZangoSearch Assistant; and 23 percent ignored a warning about a Trojan downloader."

    True this is the nature of people. They ignore the advice or alerts of the security applications even for the ones they pay good money for.
    On the other hand people who do purchase the ZAX or the ZAFF should appear to be more concerned about security and perhaps these people are the ones who would actually belong into the category of "we listen to the security alerts and warning because we want to be protected". And not the category of "we ignore the warning".
    Who is there to say by a general statistic of 88% or 68% or 23% that this does describe the ZAX or ZAFF typical user? If this was a census of the actual ZAFF and ZAX users as to how or what they did, I could understand these stats and their validity. But wholesale statements not neccessarily related to the correct arguement are not always valid to the arguement.

    I suppose there are things such as iframe and cross site script exploits.
    You could block cross site scripts by not allowing javascripts in the browser, but this alone presents two problems. First problem is that not all cross site script exploits use javascripts and work through other means. Second problem is the general policy of 'turning off the javascripts for global browsing and allowing javascripts for ssfe sites' is still a risk if the safe site at the time does have a javascript exploit happening at that exact moment. So either the cross site script exploit is still not fully avoided by avoiding the javascripts or the presumeablely safe site is at risk.
    In this case I would assume the virtual browser session such as by the ZAFF or the ZAX to help provide the neccessary coverage and prevent the unwanted install or the attack and keep the user's private information (password, private or personal details, etc) safe and secure.

    My own summation?
    Keep updated and well patches, use the antivirus and firewall, and use the ZAFF for the missed extras or for the user who does not know which or what attacks.
    ZAFF is comparitively simple to use and it does work.
    But it was never intended to replace the antivirus and the firewall.
    It is an extra layer of security for the end user.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

  6. #6
    lalittle Guest

    Default Re: ZAX / FF - concept vs. real world tests and reviews.

    Oldsod,
    Thanks for taking the time to write such a detailed breakdown on this subject.
    This is the type of discussion I was hoping for.
    Note that I was never talking about FF alone -- I was always referring to the full ZAX suite which included FF on top of the &quot;normal&quot; suite of security features.
    I'm
    primarily interested in how the package as a whole performs since this is how I use it.
    I'm still interested in the specifics of each component, but in the end what matters is how well the system is protected overall.
    I believe I know of the review you referenced in your response (the one that attempted to test FF by using an unpatched system), and I was essentially &quot;not-counting&quot; this review since I
    didn't really agree
    with the approach of using such old versions of
    the OS and browser software in the tests.
    It's the other reviews (including the review that specifically &quot;countered&quot; the first review) that I find more interesting as well as more &quot;curious&quot; given that the addition of FF to ZAX didn't appear to really improve the performance ratings much.
    This is what went against my expectations, especially when the reviews themselves praised FF (or the FF component of ZAX)
    in general.
    In other words, a review will praise ZAX, and praise FF as an important &quot;layer&quot; in the overall protection, but the actual tests in the review will be about the same as they were with ZASS (without FF), as well as with a couple other suites from the major competitors.
    This is what
    doesn't add up to me.
    It seems like ZASS should match up relatively evenly with other current suites, but with the
    addition of FF in ZAX -- which the reviews themselves say works well --
    shouldn't the scales easily tip toward ZAX?
    I'm curious to see if some third party tests will eventually demonstrate
    this.
    Thanks again for taking the time to write such a detailed response with a lot of good information,
    Larry

  7. #7
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZAX / FF - concept vs. real world tests and reviews.


    <blockquote><hr>lalittle wrote:
    Oldsod,
    Thanks for taking the time to write such a detailed breakdown on this subject.
    This is the type of discussion I was hoping for.
    Note that I was never talking about FF alone -- I was always referring to the full ZAX suite which included FF on top of the "normal" suite of security features.
    I'm
    primarily interested in how the package as a whole performs since this is how I use it.
    I'm still interested in the specifics of each component, but in the end what matters is how well the system is protected overall.
    I believe I know of the review you referenced in your response (the one that attempted to test FF by using an unpatched system), and I was essentially "not-counting" this review since I
    didn't really agree
    with the approach of using such old versions of
    the OS and browser software in the tests.
    It's the other reviews (including the review that specifically "countered" the first review) that I find more interesting as well as more "curious" given that the addition of FF to ZAX didn't appear to really improve the performance ratings much.
    This is what went against my expectations, especially when the reviews themselves praised FF (or the FF component of ZAX)
    in general.
    In other words, a review will praise ZAX, and praise FF as an important "layer" in the overall protection, but the actual tests in the review will be about the same as they were with ZASS (without FF), as well as with a couple other suites from the major competitors.
    This is what
    doesn't add up to me.
    It seems like ZASS should match up relatively evenly with other current suites, but with the
    addition of FF in ZAX -- which the reviews themselves say works well --
    shouldn't the scales easily tip toward ZAX?
    I'm curious to see if some third party tests will eventually demonstrate
    this.
    Thanks again for taking the time to write such a detailed response with a lot of good information,
    Larry
    <hr></blockquote>


    Hi Larry

    The review which you referring to counter the review I had vaguely referred to, is bascially a rebuttal and does show the ZAFF as 100%. I could almost agree with you as to the dubious opinion of the extra benefit of the ZAFF declared from that rebuttal. But I think the addition of the phishing filtering to warn of the risk sites is a benefit to some users. The same extra benefit should apply to the spyware scanner.
    Still the rebuttal artcile by itself is not a complete test of the range of protection offered by the ZA.
    The rebuttal was fairly simple and straight forward.

    I can obtain the very same results with a completely locked-down and up-to-date Opera browser combined with Protowall fitted with a custom block list (includes APNIC, LACNIC, AFRINIC, bogons, etc and various malware, ad, spy and troyan sites all blocked) and Privoxy (fitted with sterns spam assassin file, camelon file, mvps file and an agnis file plus some of my own special action and filters). And a personal block list in the Zones of the ZoneAlarm firewall.
    But this setup which I use is not the setup normally used by the average user.
    And the basic security practises I do properly follow.
    I can and often have easily visited many worse sites than what was described with this personal arrangement and not get any malware.
    (Please note I do not use or have used either the ZAFF or the ZAX. I have played with various sandboxes and virtual application in the past, so I do a limited experience which to base my own statements. But my own personal perference is not to use either one of those types of virtual applications.)


    The scales should be definitely tipped towards the ZAX with the addition of the virtual browser. There are always certain zero day exploits that should in my opinion be stopped or avoided by the ZAFF and ZAX.
    I would not say it is entirely 100% foolproof or perfect, but on the overall, it should
    A proper and correct well- respected third party test should be done to clarify any questions or issues. Probably the best solution.

    I suppose as an alternative a virtual machine could be used where the entire operating system and user computer session is virtualized. But still the security applications should be used at the same time - for example is a password stealer or keylogger appeared, it could steal information and report it out , even though the entire computer will not have any permanent effect from these. But the information could be stolen and there could be severe damages. In this sense the virtual browser is supposedly superior as there would be no active keylogger or password. Thus the data and information is still secure. One advantage of the virtual browser over the virtual computer sesssion.

    Questions. Have you tried the ZAFF or the ZAX? What do you think of it in use and for the user experience? And what do you think it is missing or has as extra security features? Have you tried to test the security?

    Oldsod.
    Best regards.
    oldsod

  8. #8
    lalittle Guest

    Default Re: ZAX / FF - concept vs. real world tests and reviews.


    <blockquote><hr>Oldsod wrote:

    (Please note I do not use or have used either the ZAFF or the ZAX. I have played with various sandboxes and virtual application in the past, so I do a limited experience which to base my own statements. But my own personal perference is not to use either one of those types of virtual applications.)

    <hr></blockquote>I'm curious
    why you feel this way.
    What is it about the &quot;virtual application&quot; approach
    of FF that you don't like?
    You even said &quot;The scales should be definitely tipped towards the ZAX with the addition of the virtual browser,&quot; so what's the down-side?

    <blockquote><hr>Questions. Have you tried the ZAFF or the ZAX? What do you think of it in use and for the user experience? And what do you think it is missing or has as extra security features? Have you tried to test the security?

    Oldsod.
    <hr></blockquote>I started using ZAX as soon as the official version was released.
    I never used FF before this.
    Based on my limited experience with it so far, I'd have to say I really
    like it.
    It installed painlessly, it doesn't seem to have any more
    impact on performance than ZASS 7 did for me, the user interaction aspects of it work well (layout, features, etc.), and I've had no real problems with it.
    I've seen a few features in other security programs that I would have liked to see in ZAX, like the ability to pause AV and Spyware scanning via a quick-access systray menu, but these are relatively minor issues.
    Assuming the FF component does what it says it does, it's great... but therein lies the issue -- I have no idea if or how well it's working since I don't know how to test it (and don't want to expose my system to any &quot;real&quot; threats.)
    This is why I've been reading the reviews, and what led to this discussion in the first place.
    The only &quot;issues&quot; I've seen so far are relatively minor.
    Two come to mind:
    The first one (which may not be a glitch but simply my inability to see the pattern yet)
    is with the behavior of the IE &quot;Privacy&quot; setting after ZAX is installed.
    The &quot;persistence&quot; of this setting is
    different depending on
    where I change it (i.e.
    from
    the browser
    menu vs. right clicking the
    desktop shortcut and going to &quot;Properties.&quot
    I have to play with this more.
    The second issue is with setting the AV/AS update time.
    I don't see any way to set the actual time I want updates to occur, which is a problem for me since I have to make sure that it does not update when I'm using certain apps.
    Other than these, it's been a real smooth experience for me.
    The only question is with the actual security performance.
    Thanks again for the helpful discussion,
    Larry

  9. #9
    Join Date
    Dec 2005
    Posts
    9,056

    Default Re: ZAX / FF - concept vs. real world tests and reviews.

    Larry.

    I suppose the downside is no support for the Opera (my browser of choice for many years).
    And my own past history of trying out so many things to see what they are like and how to fit things together for the best security - although in the end the final result is a harden windows, double routers with a seperate hardware firewall, ZA Pro, an antivirus and Protowall and Privoxy.. and Opera browser. Plus a lot of customizing, tricks and special fixes here and there.
    After following the beat of my own drum for so long , I find it hard to change the style and start over again. I have tried - started with a fresh windows from time to time and try different ways for security. But I always seem to fall back into the same pattern.

    The closest I got to the ZAFF is reading the user guide pdf.
    Just to get a slight feel of it.

    I suppose the actual security performance will show at sites where all facets of the sites are allowed for the browser. Where the user is the most vulnerable.
    And there happens to be some zero day iframe or XSS or banner attack stopped by the FF. Or maybe even some troyan hidden in a link or script file or phishing attempt or maybe a rogue download that is stopped. I think this is where the FF really shines for the user.

    As for the two performance issues you mention, sorry but not much help from here.
    Contacted the customer support and technical support and reported the two issues?
    The faster they know about it, the faster they can fix it and then you can see the fixes in the newer versions.

    Best regards.
    Oldsod.
    Best regards.
    oldsod

  10. #10
    lalittle Guest

    Default Re: ZAX / FF - concept vs. real world tests and reviews.

    Thanks Oldsod -- that makes sense.
    For anyone following this thread, if you know of some way of &quot;seeing&quot; Forcefield in action, please let me know.
    By this I mean some security test where turning FF on would block something that would
    NOT be blocked with FF off.
    I'm not doubting that FF works as advertised -- I'm simply
    interested in &quot;witnessing&quot; the added security that FF adds similar to the way you can witness port scan blocking or the Eircar virus being detected.
    It
    gives piece-of-mind to
    be able to actually see this stuff working.
    Thanks again,
    Larry

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •