Results 1 to 10 of 10

Thread: How much "less secure" is the 21 day "Auto-learn" mode?

  1. #1
    lalittle Guest

    Default How much "less secure" is the 21 day "Auto-learn" mode?

    I am a little unclear on exactly how much less secure the 21 day "auto-learn" mode is.
    The documentations says it's "less secure," but it doesn't say anything about what potential security risks there
    might be
    from running in this mode.
    When in Auto-learn mode, will ZA potentially give permission to programs that would otherwise NOT be granted permission?
    Will it give permission to programs when it doesn't know what they are?
    I understand that the purpose of the Auto-learn period is to generate fewer alerts, but it seems like this can only come with a rather serious potential cost to security.
    It seems like the potential risk
    would be
    rather high since it could give permission to programs that shouldn't get it.
    If
    Auto-learn is essentially still "safe" for 21 days, why isn't it safe to run the system in this mode indefinitely?
    Couldn't a breech happen during this 3 week period?
    Thanks for any details on this,
    Larry

  2. #2
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Hi!21 dayauto mode will give automatic permission to known good programs, it will block known bad programs and it will allow the unknown programs(to the ZA database)to connect automatically.The latter is the 'less secure' part. If you get infected by a new malware not in the smartdefense database as well as not in theAV/ASsignaturethen it will allow the malware to connect out.This case is extremely unlikely but possible. Up to you to stop the autolearn and move program control to MAX. You will be receiving morepop-ups for every unknown program that tries to connect...Cheers,Fax

    Message Edited by fax on 11-28-2007 06:14 PM

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  3. #3
    forum_moderator Guest

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Also if you don't opt for auto learn mode besides the large increase in pop-ups you run the risk of denying certain applications and processes the correct access they need to function and thus will have many other issues with your system.If ZA thought it was a major security risk we would have never put this feature in our software.Forum Moderator

  4. #4
    lalittle Guest

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Thanks for the feedback here.
    The manual mentions the typical types of programs that are in the database, but games aren't mentioned as one of these types.
    Does ZA also recognize games in it's SmartDefense database?
    On this note, how does ZA actually match programs it comes accross
    to it's SmartDefense database?
    I assume it doesn't just look at the path and name since malware could easily copy the name and location of "trusted" files, so what does it actually look at to determine if a program asking for permission is actually the same program that's in it's database?
    Thanks,
    Larry

    Message Edited by lalittle on 11-28-2007 01:54 PM

  5. #5
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    "Thanks for the feedback here.

    The manual mentions the typical types of programs that are in the database, but games aren't mentioned as one of these types. Does ZA also recognize games in it's SmartDefense database?

    On this note, how does ZA actually match programs it comes accross to it's SmartDefense database? I assume it doesn't just look at the path and name since malware could easily copy the name and location of "trusted" files, so what does it actually look at to determine if a program asking for permission is actually the same program that's in it's database?

    Thanks,

    Larry"



    Your assumption is correct. It is not done just by file name and file location but checks are automatically performed by hash check sums (MDA and SHA). Bypassing the fw by file location or name alone will not work.

    Oldsod

    Message Edited by Oldsod on 11-28-2007 05:24 PM
    Best regards.
    oldsod

  6. #6
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Hi!
    Guru Fax

    Oldsod
    Best regards.
    oldsod

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Hi!hope you are fine...Here everything goes well apart from not having enough time to dedicate to the ZA community ... SIGH Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  8. #8
    Join Date
    Dec 2005
    Posts
    9,057

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Iam fine and well. Thank you very much. I hope the same for you.

    There will be time ahead in days to come. The forum is here always waiting for your great help and friendship.
    I hope you are making the best of things where you are.

    Best regards and best of luck, Oldsod
    Best regards.
    oldsod

  9. #9
    lalittle Guest

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Do either of you have any further information on my "game file" question -- i.e. the ZA documentation lists a bunch of "categories" of files that it has in it's database, but "games" are not one of these categories.
    Since games are one of the more common file types to require Internet access rights, including server rights, are they part of this database?
    If so, is ZA able to keep up with the rapid updates that sometimes
    takes place with games?
    With the older ZA, I was generally asked to confirm access rights every time I did an update of
    a game through Steam (i.e. I'd get the "changed program" alert.)
    Does ZL keep an eye on this sort of thing in order to make sure their database includes both the old AND new iterations of the files?
    Thanks,
    Larry

  10. #10
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,287

    Default Re: How much "less secure" is the 21 day "Auto-learn" mode?

    Hi!the list of items in the ZA central database is not published or not known. If you get asked by ZA that it means simply that its not in the database. If you are in AutoLearn than see my previous message. Some games executables are in the database but as you know games are updated very often and ZA database concentrates on bad entries and sytems files...Just be sure you keep your AV/AS updated while downloading updates and only download from known sources or frompublisher website.For the rest you can ask ZA technical support: www.zonelabs.com/tsform Cheers,Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •