New Zone Alarm w/AntiVirus.

[Michael P Gabriel]

I just received a marketing email today, 10/13/04, from Zone Alarm,
about their new program, (above), and I'm very interested, BUT...I
must be assured that it provides email protection for the NON-POP3 and
NON-SMTP email protocol.

My ISP, (wmconnect.com) does NOT provide via POP3 or SMTP email.
They use their own system, and provide their own email protection. I'm
not very secure with that so I went with Norton's. But, Norton
AntiVirus does not protect my incoming or outgoing email because it is
not pop3 or smtp.

I have been using Zone Alarm for quite a while and always
successfully, and I would like an antivirus program combined with the
firewall. The firewall on my WINXP was disabled by default, and I am
not using SP2.

Help???
Mike

 

[jch]

I just received a marketing email today, 10/13/04, from Zone Alarm,
about their new program, (above), and I'm very interested, BUT...I
must be assured that it provides email protection for the NON-POP3 and
NON-SMTP email protocol.

My ISP, (wmconnect.com) does NOT provide via POP3 or SMTP email.
They use their own system, and provide their own email protection. I'm
not very secure with that so I went with Norton's. But, Norton
AntiVirus does not protect my incoming or outgoing email because it is
not pop3 or smtp.

I have been using Zone Alarm for quite a while and always
successfully, and I would like an antivirus program combined with the
firewall. The firewall on my WINXP was disabled by default, and I am
not using SP2.

You'll have to pardon my responding without an answer here. I just wondered
why you were so concerned with security yet have not installed SP2 which
primarily addresses many security issues?

 

[Vanguardx]

I just received a marketing email today, 10/13/04, from Zone Alarm,
about their new program, (above), and I'm very interested, BUT...I
must be assured that it provides email protection for the NON-POP3 and
NON-SMTP email protocol.

My ISP, (wmconnect.com) does NOT provide via POP3 or SMTP email.
They use their own system, and provide their own email protection. I'm
not very secure with that so I went with Norton's. But, Norton
AntiVirus does not protect my incoming or outgoing email because it is
not pop3 or smtp.

I have been using Zone Alarm for quite a while and always
successfully, and I would like an antivirus program combined with the
firewall. The firewall on my WINXP was disabled by default, and I am
not using SP2.

Help???
Mike

E-mail scanning is a duplication of effort. It is a ploy to woo users
into thinking they have additional protection. However, that means
before any e-mail scanning was available then every user of e-mail was
susceptible to infections. That's not true. The on-demand scanner will
catch viruses when they are downloaded or when a file is created,
modified, or loaded. As long as you enable the anti-virus product's
on-demand scanner to monitor your system then you already have the
needed protection. E-mail scanning just duplicates that protection (and
can interfere with your e-mail operation while providing the redundant
protection).

I have Norton Internet Security which comes with Norton AntiVirus. I
disabled the e-mail scanning of NAV because it was superfluous, can
cause timeouts (despite a setting that is supposed to help reduce
timeout problems), adds more time for the download of messages, can
lockout e-mail receive and send (when ccApp.exe goes unresponsive), and
doesn't add anymore protection than does their on-demand scanner.

 

[optikl]

I have Norton Internet Security which comes with Norton AntiVirus. I
disabled the e-mail scanning of NAV because it was superfluous, can
cause timeouts (despite a setting that is supposed to help reduce
timeout problems), adds more time for the download of messages, can
lockout e-mail receive and send (when ccApp.exe goes unresponsive), and
doesn't add anymore protection than does their on-demand scanner.

I think you mean on access, not on demand. Yes?

 

[Vanguardx]

I think you mean on access, not on demand. Yes?

Yep, that should've been the on-access virus scanner (that checks when a
file gets created, modified, or loaded into memory to read or execute
it; i.e., it hooks in a file system filter driver). The on-demand
scanner is what you normally manually initiate to scan your files. The
on-demand virus scanners don't check the alternate data stream(s) of
files but the on-access scanner should catch it because that ADS would
have to get read to load its contents. Well, that's the theory as
related to me. Some AV users may only schedule or manually run
on-demand scans of their files and do not leave the on-access scanner
loaded and active because it slows their system's performance regarding
file I/O. So they are protected only as often as they happen to run a
scheduled or manual scan.

 

[madmax]

E-mail scanning is a duplication of effort. It is a ploy to woo users
into thinking they have additional protection. However, that means
before any e-mail scanning was available then every user of e-mail was
susceptible to infections. That's not true. The on-demand scanner will
catch viruses when they are downloaded or when a file is created,
modified, or loaded. As long as you enable the anti-virus product's
on-demand scanner to monitor your system then you already have the
needed protection. E-mail scanning just duplicates that protection (and
can interfere with your e-mail operation while providing the redundant
protection).

I have Norton Internet Security which comes with Norton AntiVirus. I
disabled the e-mail scanning of NAV because it was superfluous, can
cause timeouts (despite a setting that is supposed to help reduce
timeout problems), adds more time for the download of messages, can
lockout e-mail receive and send (when ccApp.exe goes unresponsive), and
doesn't add anymore protection than does their on-demand scanner.

I thought the idea was to catch malware as soon as possible,not after it
has started.I have had no timeout problems,system
slowdowns,lockouts,ect(33 running processes at this time).Perhaps it is
the product you choose to use(NAV).
-max

--
To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
Virus cleaning +fixes see: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)

 

[Vanguardx]

I thought the idea was to catch malware as soon as possible,not after
it has started.I have had no timeout problems,system
slowdowns,lockouts,ect(33 running processes at this time).Perhaps it
is the product you choose to use(NAV).
-max

So you think those e-mail remain in some ethereal medium that doesn't
reside on your computer? They still have to get saved into a file.
Voila, detection via the on-access scanner! The message store gets
updated with the infected e-mail, that means the file has to get
modified, and the on-access scanner catches the infection (instead of
the e-mail scanner). The BHO provided by NAV for scanning HTTP download
traffic and the e-mail scanner don't have some huge isolated memory
buffer to store the traffic separate of the file system on disk. What,
you thought the e-mail scanner would actually consume 10GB of memory
(which doesn't exist, even with virtual memory) for a 10GB file download
to scan it before allowing the file to get saved into a disk file?

Even Symantec recognizes the duplicity of an e-mail scanner. Read their
article at http://snipurl.com/9r8s. Users tend to forget that
"attachments" to e-mail are just encoded portions WITHIN the e-mail.
There is no separate file sitting somewhere ethereal outside the file
used for the e-mail message store. The attachment is just a section of
the body of the e-mail containing the text-encoded content of some file
that got inserted into the message body. The e-mail program will still
have to save the local copy of the message and that means the content of
the message still has to go through the file system filtering driver
employed by the anti-virus' on-access scanner. Also, if you ever
extract (i.e., decode) the "attachment" in the e-mail message then it
again goes to another file. If the on-access scanner for an anti-virus
product cannot detect an infection due to an e-mail updating its message
store then their on-access scanner is worthless and that's not an
anti-virus product that you want to use.

If you want duplicity by adding more layers then go ahead but recognize
that you add more overhead, slow response with added interrogation of
traffic, can cause timeouts, and the multiple layers are as easily
punched together as just is one layer (since penetration that works
against one layer will succeed against the other layers). It's like
thinking multiple software firewalls (on the same host) provide better
protection then using a better single software firewall.

 

[optikl]

I thought the idea was to catch malware as soon as possible,not after it
has started.I have had no timeout problems,system
slowdowns,lockouts,ect(33 running processes at this time).Perhaps it is
the product you choose to use(NAV).
-max

There is almost always an ongoing debate on most of the AV product
forums I scan, surrounding email scanning. The most common line seems to
be those who use it and have no problems talk it up. Those who have used
it and experienced problems think it's either redundant or useless.

But to the issue of when it's best to catch malware, everyone will agree
it's better to be proactive. The debate is over the best method. Those
who detest on-access scanning (including the on access scanning of
email) rely more on a safe computing *process*, which deals with
handling attachments in a very proscribed way.

 

[Lars-Erik Østerud]

Michael P Gabriel skrev:

I have been using Zone Alarm for quite a while and always
successfully, and I would like an antivirus program combined with the
firewall. The firewall on my WINXP was disabled by default, and I am

I use avast! together with ZA. Also free, and works really nice.

From version 5 of ZA there were some problems, but I think I
found a fix for that. avast! has a really good mail-scanner too

 

[madmax]

So you think those e-mail remain in some ethereal medium that doesn't
reside on your computer? They still have to get saved into a file.
Voila, detection via the on-access scanner! The message store gets
updated with the infected e-mail, that means the file has to get
modified, and the on-access scanner catches the infection (instead of
the e-mail scanner). The BHO provided by NAV for scanning HTTP download
traffic and the e-mail scanner don't have some huge isolated memory
buffer to store the traffic separate of the file system on disk. What,
you thought the e-mail scanner would actually consume 10GB of memory
(which doesn't exist, even with virtual memory) for a 10GB file download
to scan it before allowing the file to get saved into a disk file?

Even Symantec recognizes the duplicity of an e-mail scanner. Read their
article at http://snipurl.com/9r8s. Users tend to forget that
"attachments" to e-mail are just encoded portions WITHIN the e-mail.
There is no separate file sitting somewhere ethereal outside the file
used for the e-mail message store. The attachment is just a section of
the body of the e-mail containing the text-encoded content of some file
that got inserted into the message body. The e-mail program will still
have to save the local copy of the message and that means the content of
the message still has to go through the file system filtering driver
employed by the anti-virus' on-access scanner. Also, if you ever
extract (i.e., decode) the "attachment" in the e-mail message then it
again goes to another file. If the on-access scanner for an anti-virus
product cannot detect an infection due to an e-mail updating its message
store then their on-access scanner is worthless and that's not an
anti-virus product that you want to use.

If you want duplicity by adding more layers then go ahead but recognize
that you add more overhead, slow response with added interrogation of
traffic, can cause timeouts, and the multiple layers are as easily
punched together as just is one layer (since penetration that works
against one layer will succeed against the other layers). It's like
thinking multiple software firewalls (on the same host) provide better
protection then using a better single software firewall.

I don't mind using a few more resources to scan them before they are
displayed in my e-mail program.I have read that some malware are started
by just opening them-correct me if I am mistaken.About the"punching",I
use a couple of programs together-by different companies - AV, Spam
blocker,anti-spyware.Also use another on-demand AV to scan downloaded
files. About the firewall,I have noticed that the firewall that I
use(Sygate)seems to load after my desktop loads.I read that windows
firewall loads before the desktop,giving protection earlier in the
startup process.So I have enabled both.Am I correct?
-max

--
To help you stay safe see: http://www.geocities.com/maxpro4u/madmax.html
Virus cleaning +fixes see: http://www.geocities.com/maxpro4u/TechPros
Change nomail.afraid.org to neo.rr.com so you can reply by e-mail
(nomail.afraid.org has been set up specifically for
use in Usenet. Feel free to use it yourself.)

 

[Vanguardx]

I don't mind using a few more resources to scan them before they are
displayed in my e-mail program.I have read that some malware are
started by just opening them-correct me if I am mistaken.About
the"punching",I use a couple of programs together-by different
companies - AV, Spam blocker,anti-spyware.Also use another on-demand
AV to scan downloaded files. About the firewall,I have noticed that
the firewall that I use(Sygate)seems to load after my desktop loads.I
read that windows firewall loads before the desktop,giving protection
earlier in the startup process.So I have enabled both.Am I correct?
-max

Whether spyware can run just because you "open" an e-mail depends on how
you have your e-mail client configured. If using OE or Outlook, be sure
to be using the Restricted Sites security zone (and that it is set to
its High level). That eliminates scripts, ActiveX controls, and other
possible nasties from running. Since the e-mail client will require
that you save the attachment and then you have to separately start it
(i.e., there were 2 prompts before you could run it), anything in an
attachment that you ran was your fault. If you get an attachment from
someone you don't know, you could always send them an e-mail asking
about it (the spammer won't be getting your reply). Even if from a
known friend but it was unsolicited, then ask them about it. None of
the anti-virus products are 100% effective so your actions can help
overcome their deficiencies. None of the security zones under Windows
will block linked images so web bugs (used for tracking) are still
usable. The HTML-Modify plug-in to SpamPal eliminates linked images.
Windows XP SP-2 added an option to OE that lets you block linked images.
Reading in plain-text mode eliminates linked images altogether.

The Sygate firewall has an option to block all communications until
after it loads fully. So like the Windows Firewall, it will not leave
open a window of opportunity for invasion during Windows startup.
However, I believe that is an option available only in the Pro (paid)
version.