Results 1 to 7 of 7

Thread: SmartDefense advisor making decisions for me?

  1. #1
    infinitysoftware Guest

    Default SmartDefense advisor making decisions for me?

    Hi,

    I've used ZoneAlarm ISS for a number of years, without any problems until recently.

    I was infected by a link hijacker that also choked my bandwidth and prevented downloads of antispyware (automatically cancelling the download). I downloaded by other means and gave the machine a good scanning and all appears fine now. My question is this: I installed 3 different antispyware apps - Hitman Pro 3.5, SuperAntiSpyware and Malwarebytes. ZoneAlarm only asked my permission for internet access, device access, etc, on one of these. So, does this mean the others are on a database that Zonealarm considers 'safe' and automatically allows, because they appear in the program control table set to 'super' trust level. Will turning off SmartDefense Advisor meana I am ALWAYS asked at least once (that would be my preference)?

    Thanks all,

  2. #2
    infinitysoftware Guest

    Default Re: SmartDefense advisor making decisions for me?

    Sorry, I broke the cardinal rule of support posting and didn't give any system info, although I imagine the question is fairly abstract and should apply to all, the info might be pertinent to another problem I need to post shortly, so for completeness:

    XP SP3 on AMD Phenom II X2 545, 4GB RAM.
    ZA ISS 9.1.603.000
    Antispam 6.0.0.2383

    Internet Zone security is set to High
    Program Control set to Maximum
    SmartDefense Advisor was set to Auto. I've set this to off pre-empting this to be the solution.

  3. #3
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: SmartDefense advisor making decisions for me?

    Quote Originally Posted by infinitysoftware View Post
    So, does this mean the others are on a database that Zonealarm considers 'safe' and automatically allows, because they appear in the program control table set to 'super' trust level. Will turning off SmartDefense Advisor meana I am ALWAYS asked at least once (that would be my preference)?
    Yes, SmartDefense is designed to minimise unnecessary pop-up and will allow known good applications also to avoid potential misconfiguations from the side of the user. The same applies to known bad components that will be automatically denied running or access to the system.

    Turning off smartdefense will force ZA to ask everytime (unless you tick on remember this settings on the ZA pop-up).

    If you want full popping up behavior you will also need to UNcheck "Enable Microsoft Catalogue Utilization" under the options of ZA program control.

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  4. #4
    infinitysoftware Guest

    Default Re: SmartDefense advisor making decisions for me?

    I thought that would be the case, but it's always nice to hear it from someone else. I also hadn't spotted the Microsoft Catalgoue option, although I'll probably leave it.

    I'm still curious how I got infected; if the feature is driven by a trusted database it's pretty unlikely anything ZA allowed automatically was to blame...

    Thanks Fax,

  5. #5
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: SmartDefense advisor making decisions for me?

    Quote Originally Posted by infinitysoftware View Post
    I'm still curious how I got infected; if the feature is driven by a trusted database it's pretty unlikely anything ZA allowed automatically was to blame... Thanks Fax,
    You're welcome!

    No, not really possible. Trusted applications in ZA program list are manually checked (by ZA) before been added. You may have lover security on new install (first 21 days) of ZA where an auto learn is engaged and allows automatically all goods and unknown to the database.

    Infections of this kind are usually based on drive-by-download while visiting websites. Nowadays most of this (90%) comes from compromised legit websites. There are thousands of different variants trying to exploit known vulnerabilities of the OS or running software (and browser plug-in). Sometimes they play tricks to the user by displaying fake messages (pop-ups) of infections.

    See the link below on what to do ti improve your security:
    xyz was not detected. What I should do?

    Cheers,
    Fax
    Last edited by fax; August 3rd, 2010 at 05:18 AM.

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

  6. #6
    infinitysoftware Guest

    Default Re: SmartDefense advisor making decisions for me?

    Hi Fax,

    Thanks for the additional info.

    I'm a software engineer, which does not mean I'm not capable of clicking things dismissively or by accident! Although I certainly don't absently open email attachments or the like. But being in the trade I'm curious about the evolution of it, I assume they can't get away with buffer overuns in GIF files like the old days, but I imagine a variation on the theme or as you say a vulnerability in a browser extension or plugin. I guess they're always one step ahead!

  7. #7
    Join Date
    Nov 2004
    Location
    localhost
    Posts
    17,289

    Default Re: SmartDefense advisor making decisions for me?

    Quote Originally Posted by infinitysoftware View Post
    I guess they're always one step ahead!
    Yes, they are. A lot of money at stake. And its not anymore enough to "safe browsing" since legit websites are the target now.

    Personally I am running ZA Extreme with its virtualization active. It isolates the browser (IE and firefox) from the rest of the system. So I don't have to worry anymore of active content from web pages (activeX, scripts, etc).

    Cheers,
    Fax

    Click here for ZA Support
    Monday-Saturday 6am to 10pm Central time
    Closed Sundays and Holidays

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. SmartDefense Advisor?
    By gamemaster in forum General - Questions that don't fit any other category
    Replies: 10
    Last Post: July 1st, 2009, 05:33 PM
  2. SmartDefense Advisor
    By Charles_B in forum ZoneAlarm Installation
    Replies: 2
    Last Post: November 10th, 2008, 06:34 AM
  3. SmartDefense Advisor
    By aceh in forum General - Questions that don't fit any other category
    Replies: 1
    Last Post: February 17th, 2007, 03:40 PM
  4. SmartDefense advisor doesn't look right.
    By swmmng in forum Windows and ZoneAlarm Messages and Alerts
    Replies: 1
    Last Post: October 18th, 2006, 06:21 PM
  5. SmartDefense Advisor:
    By oldhippie in forum General - Questions that don't fit any other category
    Replies: 0
    Last Post: April 19th, 2006, 02:50 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •