Avast WEBforum
Other => General Topics => Topic started by: Eminem on February 04, 2009, 11:41:51 PM
-
No one will answer me on the zone alarm forum. Does zone alarm protect from trojans? I used to get alerts periodically from norton that said Bla Trojan Horse was blocked. However i have now uninstalled norton.
-
Strange that, hardly bods well for a product when you don't get answers.
I would say it depends on what version you have, the free version certainly won't as it doesn't have an AV, but why would you want an AV when you have avast to take care of that side.
The Norton you mentioned was probably a suite version with integrated firewall and anti-virus, so that is likely why it alerted in this way.
-
Hi again Eminem, just found this post after replying to the one about how to install Avast/will it run with ZA.
Any firewall, ZA included, should either automatically block or prompt for any unrecognized program, including a trojan, from connecting to the net from your PC. As such a firewall can be thought of as a safety net; it's the last line of defence from preventing these things from phoning home to download their nasty cargo, or send off your cc number etc.
You have previously used Norton. Didn't know that. As part of the procedure I've posted here http://forum.avast.com/index.php?topic=42316.msg354402#msg354402 (http://forum.avast.com/index.php?topic=42316.msg354402#msg354402) you should, before disconnecting from the net, download the Norton Removal Tool http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&ssfromlink=true&sprt_cid=1a13409b-29db-4397-a286-9dec49f8e252&seg=hho&ct=us&lg=en&docurl=20080828154508EN (http://www.symantec.com/norton/support/kb/web_view.jsp?wv_type=public_web&ssfromlink=true&sprt_cid=1a13409b-29db-4397-a286-9dec49f8e252&seg=hho&ct=us&lg=en&docurl=20080828154508EN) and run it just after running the AVG removal tool.
If there is a possibility of a trojan on your computer, definitely run the Avast boot scan when prompted during the install.
Additional programs that are (1) free (2) very good at general malware removal include MBAM and SAS. Consider installing one (or both) of these, updating, and scanning. They are demand scanners, ie: do not run in the background on boot.http://www.malwarebytes.org/mbam.php (http://www.malwarebytes.org/mbam.php)
http://www.superantispyware.com/download.html (http://www.superantispyware.com/download.html)
-
thank you so much everyone. This forum is a huge help and you get extremely fast answers :).
-
By the way Tarq i have Spyware S&D installed is it any good? And by the way it was norton internet security 2005.
-
Hello Eminem,
Please listen first and foremost to the Avast Forum Gurus as they are the experts.
Just thought I'd throw my two quid in for what it's worth.
I use Zone Alarm Pro which has the anti-spyware function built in. To be honest I am not really convinced of its value. I concur with the other posts that MBAM and SAS are the best products on the market.
I use MBAM as resident anti-spyware protection. Moreover Avast Pro and Zone Alarm are my anti-virus and firewall respectively. SAS I use on demand and usually scan once per week. Other posts on this board have noted the extremely long download times for SAS updates.
Spybot was once quite good. However in my experience it could not effectively remove a nasty trojan on a friend's computer.
Zone Alarm Security Suite has an anti-virus function which may more effectively protect against trojans. I can only say that I don't personally believe the anti-spyware function of Zone Alarm is robust enough to function as the sole program protecting your computer.
Hope that helps.
Avastfan1
-
Spybot is still under active development, there is a new version coming soon, I think, and the current version still has its uses. I keep it. MBAM and SAS are the current "rock stars", though. They are particularly good against a lot of the current rogue antivirus applications floating around.
-
thank you so much everyone. This forum is a huge help and you get extremely fast answers :).
You're welcome.
Nothing wrong with S&D, though SAS and MBAM I feel are better detection and removal wise (but the free versions of both are on-demand only) and there is a limited resident protection in S&D.
-
hey everyone i'm back and happy to report i installed Avast and it seems to be working great.
-
Hi Eminem,
Happy when you are happy,
polonus
-
Just a bit of orientation about the various products for frequently asked questions.
Security sort of looks like a (layered) sieve:
FW---->AV/AS/AM/----->HIPS---->BB or ? with each layer trying to correct the mistakes of the previous layer, and often involving the user in the decisions.
A firewall ( like Zone Alarm) is all about connections, and blocks incoming connections that are not specifically allowed, and alerts you and sometimes blocks outgoing connections you didn't request directly or indirectly. But these are just packets, not files that anyone can deal with. So they don't know anything about Trojans. But often have add-ons to do other functions.
An AV/AS/AM, like Avast!, deals with the content of the connection, after it has been converted to files. It uses known virus/spyware/malware signatures and generic signatures (information on what the malware file might look like), along with algorithmic analysis of the malware and comparison to known threats. Very effective, but sometimes not up to the last minute or hour threat. Gives the most definite warning for malware:big "this is malware dummy" type popups. Some use heuristics, which are external rules of thumb about what a virus/spyware/malware might look like-variable results, but attempt to fill the time gap between virus discovery and virus characterization. So a modern AV/AS like Avast! should alert you to most Trojans and the like. Programs like SAS and MBAM add some specialized analysis capability for other classes of malware, but I don't use them online. Free versions are great for confirmation and removal if necessary, though.
A HIPS (often associated with a firewall) deals with the files when they try to execute, looks for things that a normal unknown executable might not do, and alerts you so you can decide whether the action makes sense in the context of what you are actually doing. So if a program executes another program or tries to access the disk, you can decide whether that makes sense. And if a Trojan is too new and different to be alerted by an AV/AS/AM, is another layer to try to stop it early.
Behavior blockers and the like (Threatfire, Prevx Edge, ...) try to extend the HIPS idea to sequences of actions-IAW if an executable starts installing things you don't know about, maybe you should block it. :) In a sense, you are the BB for a HIPS, based on looking at the sequence of events, along with your knowledge of what you are doing at the time. A lot of current research is going into automating this.
Another tool that is invaluable as a last resort or otherwise is an imaging program. I use Acronis, but there are others. They provide a complete image of your disk, and the tools to extract from it or replace it if you are infected so badly that other removals are ineffective.
So welcome to Avast!, a key player in the layered protection of your computer. :)
-
hey everyone i'm back and happy to report i installed Avast and it seems to be working great.
Good news, we're happy too ;D
-
with avast installed instead of avg i have even noticed an increase in my computers start up speed. I don't know if its related or not but its great =D.
-
also if you guys don't recommend zone alarm free whats a better free firewall?
-
Many comment on this type of thing after switching to avast and also snappier overall system performance too. So I think it could well be related ;D
-
ok
-
also if you guys don't recommend zone alarm free whats a better free firewall?
I don't know if there is anything wrong with Zone Alarm, if it works OK, keep it.
I use PCTools Firewall. Easy to use, seems to work well. Don't know if it's better that ZA, though. (Nor do I know if it's worse. ;D It does the job.)
Some others, perhaps more knowledgeable, tend to use Comodo and/or Online Armour, which have a HIPS component. That takes a little learning about, but they are considered good firewalls.
-
Hi Eminem and Tarq57,
Well congrats to you for having a firewall installed, because in the analysis of the HJT logfile txts here in the "virus and worms"-section we often find that it has become sort of a fashion with the younger generation to go onto the World Wide Web without the inward and outward protection of a software firewall solution (and even without the protection of a resident av solution).
Recently ZA came out with these versions of its free software:
ZoneAlarm version:8.0.065.000
TrueVector version:8.0.065.000
Driver version:8.0.065.000
If it works for you, and it does not weigh too heavy on the old cycles, why not keep with it.
Sometimes experienced users switch good software firewalls (only use one at a time), so one period on ZA, another period on Comodo, having a connection monitor running under it, and Wireshark to analyse, also an occasional glance in the reports of EventLog Explorer will give you a hunch as what to look for connection wise.
Combining a software firewall (or a hardware router one) with the Network and Webshield services of avast, going online for normal online activities with limited user rights (only using full admin rights when you cannot do without these, updating, downloading new software, configuration, etc.) and checking all your third party software for the latest updates and security patches through Secunia PSI tool will make your computer experience a far more secure one.
This goes hand in hand with in-browser protection like disabling scripts with NoScript extension and using real-time link checking to stay away from places where one is likely to be digitally "clubbed over the head", but to-day this could also be at the best of websites, so keep your visors up you anti malware knights,
Stay safe and secure,
polonus
-
i think comodo firewall or zone alarm free + spybot s&d + avast + mcafee site advisor + comodo trust connect sound a good combo too
-
My wife uses Zone Alarm Free and is happy with it (along with Avast!) and has so far been well protected. When I switched to Vista, I was using Zone Alarm also, but the early Vista version was quite slow so I switched to the Vista firewall, then Comodo 3 when it came out. Comodo was very good, although sometimes a bit complex, so when they switched to the Suite route I moved to Online Armor. So the current Zone Alarm Free, Comodo, and Online Armor Free are all very popular with Avast! users, as well as a variety of others. Even the paid ones have free trials, so see which one feels most comfortable to you. As Tarq57 said, if you like Zone Alarm, keep it-at least until you feel the urge to try something new. ;)
-
thaanks everyone.