True Vector
"According to the Zone Labs Web site, ZoneAlarm uses a patented technology called "True Vector". True Vector is the technology that ZoneAlarm uses to identify different types of network and Internet traffic. Once identified True Vector then decides what to do with the incoming or outgoing traffic. This is apparently the reason that ZoneAlarm is a free program. Zone Labs is hoping to make some income by selling licenses for the True Vector API. That is fine with me as long as they continue to provide this excellent product to the public for free or in the case of business users, a bargain basement price.
As far as what True Vector is and how it works, it appears to be a form of port watching software. It constantly scans your computer TCP/UDP ports for activity. If the activity falls into it’s "allowed" rule set, it does nothing. If on the other hand the activity does not fit into the rule set, it then alerts you and holds the application or whatever it is that is causing the incoming or outgoing network traffic until you make a decision as to whether you want to allow it or not. According to the Zone Lab’s white paper, True Vector has much more capability than what is built into ZoneAlarm. True Vector technology can also give you the ability to build intelligent Internet application that also have access control, bandwidth monitoring, statistics generation, version control, as well as firewall security."
netsecurity.about.com
minilog...from ZA FAQs
"Regular ZoneAlarm only *logs* certain types of alerts. The "Current Alerts" cache, on the other hand, maintains up to 500 alerts of all types, but doesn't show anything that is not an alert. There is overlap between what shows up in the "Current Alerts" cache, and what shows up in the log file, but not 100% agreement.
Basically, there are three types of alerts:
Firewall alerts - generated when ZoneAlarm blocks an inbound or outbound packet that is not part of an ongoing, permitted connection - and that has not been dealt with by the application control function of ZoneAlarm.
Security level alerts - generated when NetBIOS packets are blocked.
Lock violation alerts - generated when packets are blocked by the Internet Lock.
The log file only logs Firewall alerts (inbound and outbound), and instances of user-permitted Program access. Blocking of NetBIOS packets generates a Security Level alert, not a Firewall alert, and it is not recorded in the log file. If you haven't exceeded the 500-alert limit, you should see the NetBIOS alerts in the Current Alerts cache, however.
Some types of blocked packets do not generate alerts at all—for example, when an application is denied access to the Internet because ZoneAlarm is enforcing its permission settings, this is done silently."
tc |
