The basic ZoneAlarm firewall is free. For $24.95, they offer the free firewall with Computer Associates' award winning Vet anti-virus protection. The ZoneAlarm Alarm Security Suite is their top end offering and costs $69.65. (I covered in a separate review. http://www.epinions.com/content_173783748228)
Recommend this product?
Here, I review their fourth firewall option, ZoneAlarm Pro 5.x.
Author's Note: Since the first year they released their firewall, the fine people at Zone Labs continue offering a free version. It's basic, but effective, with the added ability to quarantine suspicious email attachments. By offering this free software, those who otherwise would not--or could not--purchase a firewall can protect their computers. By limiting the spread of hacking, that's good for us all. Thank you, Zone Labs. You've gotten my vote for the Internet hero award.
And Yet Again
Reviewing the latest version of ZoneAlarm has become an annual event for me, and it's a pleasure to write about software I really like. How many years has it been? I can't say. I started using ZoneAlarm right after it was first released. I downloaded it as a freebie from ZDNET, and since then it has been on every computer I've owned.
What first intrigued me was its approach. True, like other firewall programs, it blocked detected intrusions, but its real value was putting your computer in the stealth mode. You're invisible to hackers as they bounce around the web looking for a computer with an open port. Your computer hears them when they "ping" you, but doesn't respond. You're nothing more than a black hole or an invisible ghost. A wraith. Specter. A Shade. How can a computer that doesn't exist be hacked?
In the "old days"--say ten years ago--no one thought of firewalls. Heck, many didn't run an anti-virus program. If you were careful with the source of your floppy disks, you didn't need it. Then Al Gore invented the Internet. Virus protection became a necessity because they floated across the ether like locusts. Files. Emails.
And then came the hackers with their trojans, intrusions and denial of service attacks. That's when firewalls became less of a novelty and more of a necessity.
Then, as surfers discarded their dial up modems for broadband, firewalls became a requirement. Broadband's blazing speed allowed hackers to zip into your hard drive and leave before you knew they were there. Viruses and trojans zinged across the web with increasing frequency, all trying for that millisecond of opportunity to find a home on your computer. Going online without virus and firewall protection is the cyber equivalent of unprotected sex.
When firewalls just protected your computer from direct intrusions, they were simple programs. In those days, hackers could only attack certain ports, and all the firewall program had to do was monitor and protect those ports. Today, it's a different ballgame. Hackers have more expertise. Like the anti-virus programs, firewalls have gotten larger and more intricate to better respond to the increased threat.
Simplified, there are two firewall approaches. The first intercepts inbound data and blocks it. The operator can override the protection, if they so desire, but it automatically defaults to the safest situation.
This approach was extended to cover computers already infected with trojans and spyware--which like to call home to their mother with your personal data. The firewall blocks attempts to send data out of your computer. Again, the operator can override the protection on a case by case basis when you want the data sent.
This method is active protection and is like sticking your chin out and inviting someone to hit you. The firewall is constantly slapping down attempted intrusions and unauthorized outbound data packets. ZoneAlarm also provides manual protection--a "panic button" to allow the operator to immediately block all net activity--inbound and outbound.
ZoneAlarm firewalls also offer passive protection--their first line of defense. Stealth. As I mentioned above, if hackers can't find your computer, they can't do their thing. I think knights in the Middle Ages first used this concept when they invented the chastity belt, then took the keys with them on the Crusades.
This is a good point to debunk a myth that has been floating around the web. There are those who preach that if you use a router to access the Internet, you don't need a firewall. What they say is partially correct. I've shut down my firewall, then accessed one of those sites that tests your computer vulnerability. They couldn't find my computer and rated me as "stealth" in all ports. So, since I'm using a router, I don't need a firewall
Wrong! What's your outbound protection? What happens if you download a trojan in an email or attached to a file on a disk--and your virus protection misses it? It can merrily send your personal data to its mother. Worse, it could reconfigure your computer to allow outside access. Firewalls are also needed protect your computer from sending unauthorized outbound data.
Another point. If you're using a router, you are no doubt on a LAN. When connected to other computers, your computer is only as safe was the weakest link in the LAN. That would be my son. He is forever sharing files and downloading suspicious "goodies" from his friends. Some trojans and viruses check for a LAN and immediately try to spread to the other computers. So you're using XP with its built in firewall? Here's a news flash. When connected to a LAN, XP considers every computer on that LAN as trusted.
Don't get me started on my opinion of XP's firewall!
A Horror Story
My friend Nate and I have something in common. He and I both have over two computers for every person in the household. Nate has three in his home office and runs them all simultaneously. One plays streaming music. Another is usually tied up in a game of Chess. He surfs on the third. His other two computers are elsewhere in his house, all connected by a LAN and accessing DSL through a router.
Nate is 85 going on 16. When it comes to computers, he will download anything and everything he can find that's the right price--free. He is the poster child for spyware and trojan recipients because he has a unique knack. Within minutes of installation, he can inadvertently disable his firewall and virus protection. That talent has resulted for frequent calls for help.
A few months ago, I visited to determine his latest problems. His P4 Pentium was blazing at a speed that would have made an old 286 proud. The first thing I noted was a large group of music files. Eminem. Ms. Spears. Bare Naked Ladies. Now Nate might have listened to rap and rock had he been born 400 years ago and Beethoven wrote it. Since the modern day Nate has never listened to anything but classical music, I knew he'd had a visitor.
So while I'm sitting there, all of a sudden the mouse cursor started to move. It opened the file explorer and searched through the directories. Had Nate's ZoneAlarm been functional, I would have right clicked the icon and selected "stop all Internet activity." Unfortunately, for reasons Nate could not explain, his ZoneAlarm no longer booted when he started his computer. In fact, all the icons to start it had been removed, as had those of his anti-virus program. Very strange indeed, but some trojans and viruses like to disable protection programs. The hackers had been busy. Anyway, I solved the immediate problem by turning off his modem.
Using an online scan, I removed several viruses and trojans. Then, when I checked for spyware, he set the world's record--as far as I know--with over 600 deleterious files. I updated his anti-virus program and arranged for it--as well as ZoneAlarm--to boot when he started his computer. (This process, which took two days, involved repeating the steps on each of his computers.)
I relate this to reemphasize that a firewall and anti-virus program--especially when using broadband--are a necessity, not just nice-to-have bells and whistles.
In the old days, ZoneAlarm came in two forms. There was the free version and the paid version. The main difference was use. If you certified you were using the program at home, it was free. If you had it loaded on a business computer, you had to pay.
It was basic firewall. The Stealth Mode was the main feature touted by the programmers, and that was enough to make it stand out. As the newer versions evolved, more features appeared. Perhaps the neatest one was a trace back capability. You got a read out of the intruder's IP address and, if you were interested, could use that on the Zone Labs website to find the name of the company/individual who owned that address. I took great delight when--after someone tried several times to access my machine--I could email their ISP suggesting they terminate the $#%^$#'s internet privileges.
About this time, I went to broadband. That, of course, led to sharing the DSL modem with all my various home computers. It was a new experience. Prior to that, each machine had a dial up modem, and the first one on line got the connection. With broadband, we--my wife, my son and I--could all surf together.
That produced a dire need for aspirin taken with a healthy--or unhealthy--amount of Scotch. Setting up the LAN by assigning individual IP addresses was a pain. Further, I had to configure various software applications--including ZoneAlarm--to recognize them. I found this a humbling experience.
In the subsequent years, ZoneAlarm has evolved to meet the increasing threats on the web, just like anti-virus software. Zone Labs has added a feature to check incoming email for suspicious attachments or files. The blocking programs improved. The control panel and options got better. Then came the Pro version.
The Pro Version--in the early days--was just the paid version of ZoneAlarm. As it evolved, however, some of the features that used to be available on the free version were discontinued and migrated to the premium program. That's not to say the free version was less effective. It's still a great firewall. The Pro version just offered a paid alternative for the home user who wanted a bit more.
The problem, as I've seen many people comment upon on the web, is that newer versions of good programs often become bloated. Programmers add features that are of doubtful benefit to the average user. Microsoft Word is a good example. It evolved from a solid, easy-to-use word processor to a behemoth with more features than I'll ever need--let alone understand. In ZoneAlarm's case, I disagree with those who claim it's bloated. There are Zone Alarm features I never use. I have other programs to do those tasks that better fit my personal needs.
But that's my--and your--option. There's there if you want to use them, and it's a simple matter of a click of a mouse button to turn then on or off.
So Whats New? How is ZoneAlarm Pro 5 Better?
When I upgraded to version 4x, I kept asking myself why I was doing it. The earlier versions did the job. What could they possibly add that would make the program better? Immediately, I saw a difference. The most striking addition was removing the time it took to configure ZoneAlarm for my LAN. After version 4, that's automatic. All you have to do is input the name of your network and select the level of security you want to apply to it.
ZoneAlarm 4 also added additional email checking. I'm not sure it does a better job than my virus protection, but "the more the merrier" where anti-virus and other protective programs are concerned! After version 4, ZoneAlarm will question mass emailing, should your email client try to do it. (So much for those viruses that mail themselves to everyone in your address book.)
Hacker ID is only available on the Pro and Suite Versions--and I love it. When ZoneAlarm blocks an intrusion, you can ask for more information. One tab describes the type of intrusion and the computers involved. Another tab makes suggestions on what you should do. Should you allow the intrusion or not? A third tab uses Whosis to look up the offending computer's IP address. This also includes the administrator responsible for the IP address, usually an ISP, or if the computer has a static IP, the offender's email address. See the possibilities here? ZoneAlarm Pro 5 improved the interface.
ZoneAlarm Pro--and the Suite--now takes it a step further and if it suspects someone is trying to hack you, Zone Labs sends an anonymous email to the offender's ISP.
ZoneAlarm Pro 4 and later has Password protection--a vault. This lies somewhere between Opera, which has a button to click that automatically inserts user name and password--but doesn't protect the data--to another program I use that keeps usernames and passwords encrypted sufficiently to require a Cray computer 20 years to decipher them. ZoneAlarm's vault is useful, but I don't use it, preferring the other program.
ZoneAlarm's Privacy and Email Features
It seems to me that everyone is now into ad blocking. Even Yahoo!, who makes money from the ads. What some don't realize is that some of those popups and ads contain a secret package you don't want to receive--spyware. In addition to blocking banners and tracking cookies--introduced in version 4--version five also give you the option to block MIMES and Java scripts.
ZoneAlarm offers several options for how to handle cookies, those text files that identify you to a website. Some cookies are good. You don't have to continually enter your user name and password when visiting a site as the cookies remember those for you. Other cookies are bad as they monitor your web activity. These are called tracking cookies and are known by a different name--spyware. There are other types of cookies called "third party." These are cookies inserted by someone who has no affiliation with the site you're visiting--except, perhaps--advertising. You don't need those.
ZoneAlarm lets you choose to allow all cookies or block all cookies. A third choice permits the "good" cookies I mentioned above, but blocks third person and tracking cookies. The problem with this is some sites won't load or only partially load. You can easily disable cookie protection and try again, but why? If a site wants to put spyware on my computer, I surf elsewhere.
ZoneAlarm also has an ad blocking function that blocks banner ads, pop-ups, pop-unders and animated ads. (Animated ads take a lot of bandwidth, slowing the speed pages load and are therefore bad.) As to the rest, we've all experienced the "joy" of pop-ups. What has impressed me about ZoneAlarm's program is it can differentiate between nuisance pop-ups and the ones necessary to what you're doing on a site.
As to the virus email protection, I have always run an anti-virus program that checks both incoming and outgoing mail, but I still enable ZoneAlarm's email protection. Why? Think of the anti-virus program as your seatbelt. ZoneAlarm is your airbag. It doesn't rely on definitions, just patterns. So, if your anti-virus program hasn't been updated to recognize a new virus, ZoneAlarm will catch the file and quarantine it. I like that! ZoneAlarm has got your back.
The bottom line here is that ZoneAlarm Pro has evolved to meet the threats present in the current web environment. It's true that they've expanded into areas not considered purely a firewall activity. Some have complained about this, but as I see it, Zone Labs has expanded the program to provide better protection.
A Tip of the Hat to Version 5
Okay, I screwed up. I'm one of those very private people who don't share squat. When ZoneAlarm Pro 4.0 asked me to share my program permissions, I didn't. ("Program permissions" either block a program's access to the web, force it to ask for your permission each time it tries to access, or you can set it to allow that program unrestricted access to the web.) Fortunately, I'm apparently in the minority and many of ZoneAlarm's thirty million users offered to help Zone Labs acquire a database. Consequently, when they released version 5, it had a function that would rival sliced bread as the world's greatest invention: Automatic Program configuration.
Okay. When ZoneAlarm 4 automatically configured my LAN, it cut down on my aspirin and Scotch purchases. This new feature, however, blew me away. The program seems to know what programs need net access. No more popup asking for permission for your browser to access the web. No more checking "remember this answer" to grant unrestricted access. My dog could use ZoneAlarm 5, and she's retarded. What a fantastic feature!
They took this a step further. Whenever there's a question about a program's web access, ZoneAlarm asks for your permission. You can check "remember my answer" if you don't wish to be bothered in the future, or treat it as a special situation. After that program has accessed the web a few times, the pop-up changes. The new one suggests the program is a frequent visitor to the web, so perhaps you should grant permanent approval. The pop-up even checks the "remember my answer" box for you.
Yes, I know there are those of us who flinch whenever someone says a program is automated, and ZoneAlarm has kept us in mind. I'm not sure I should even discuss the Expert Controls as I am decidedly not an expert. The Pro version and Suite--the premium software--allow users the opportunity to customize their firewall.
My son uses these controls to specify certain sites he wants to access his computer. ZoneAlarm would normally block these sites and probably for good reason. Consequently, I used the Expert Controls to remove my son's computer from my trusted list on the LAN.
The bottom line here is that ZoneAlarm can be automated enough to be an "install and forget it" program, or you can tailor it to your specific needs. So often software companies that automate their programs remove the ability to customize, thinking they're smarter than the user. In my case, it's probably true, but I do appreciate Zone Labs giving us the option of tailoring the product to specific needs.
Okay. There's a good and bad side to everything in life, so I should be able to tell you all that I've found wrong with ZoneAlarm. That, however, is a difficult task for me, impossible without really nit-picking.
I do worry about resources, since I'm frequently multitasking. ZoneAlarm uses a few more than I'd like, as I mentioned in my version 4 review, but since then I've had a chance to compare ZoneAlarm's resource usage with that of some of the competition. It didn't surprise me that ZoneAlarm uses fewer resources than the others do. ZoneAlarm does the job--better--with a much smaller program than those unnamed competitors whose initials fall into the middle of the alphabet.
I no longer complain about resource usage for either firewalls or anti-virus programs. When one considers the current threats on the web, both classes of programs have necessarily had to increase activity to counter them. The beauty of ZoneAlarm is it does a superb job while keeping resource use to the minimum required.
In an earlier review, I noted some installation problems. No more. That's because when asked whether I want to "upgrade" or do a "fresh" install of the new ZoneAlarm version, I always select "fresh" install. This does two things. First, it gets rid of old files on the ZoneAlarm Directory. Second, it cleans out my program permissions without me having to do it manually, deleting those programs I no longer use.
In the older version reviews, I'd caution that using "fresh install" would require some time to retrain the firewall program permissions. In version 5, this is automatic.
A minor point. ZoneAlarm installation drives me nuts. Most programs put you into a separate screen so you know the program is installing. ZoneAlarm, after the initial pup-up box, installs with no visible sign that it's doing its thing. It does the job and does it well, but for a minute or so, it leaves me wondering what's happening. A logo with an installation progress bar would be nice!
My router is ZoneAlarm capable, but I don't use that feature. To use it properly, I'd have to have ZoneAlarm Pro installed on each of the six computers. That is expensive. If I could install ZoneAlarm Pro on the router and use free versions on some--or all-of the computers, I might consider it. Then again, if I have firewalls on all of the computers, why do I need one on the router?
The ZoneAlarm Pro 5 version also comes with some adware protection. Not only does it block some adware--tracking cookies--but it offers an online scanner, similar to that being offered by Yahoo!. My view of adware scanners is there can never be too many. I use several because my primary one occasionally misses something.
That's the good news. The bad news is that to use the online ZoneAlarm scanner, you have to use Internet Explorer. Opera and Mozilla based browsers won't work because of a DirectX requirement.
Picking and Choosing
Zone Labs used to have agreements with several software companies and offered a few optional bundles with ZoneAlarm. For a small increased price--$10--you could opt for MailWasher, Anonymizer Private Surfing, or PestPatrol. This year, the offered bundles still include Anonymizer, but the other two programs have been replaced with Essential Net Tools and Steganos Security, a data encryption program.
Check Point Software, a company that is well known for industrial security applications, recently acquired zone Labs. Consequently, their applications are also offered on the Zone Labs site.
So what are the home user options? The Zone Labs site offers the free firewall. You can also opt for the free firewall with anti-virus protection. That costs $24.95. You can opt for the ZoneAlarm PRO version, with its additional protection features, for $49.95.
Or you can get the whole enchilada--the ZoneAlarm Security Suite--for $69.95. That includes the anti-virus protection, IM security and SPAM/Phishing protection.
One of my pet peeves is software without support. I never recommend software that has poor support, no matter how good the program might be. The Zone Labs support is superb. The program help files are good. Their knowledge bases are helpful, as are FAQ files, but there are times you need more. More, to me, is the ability to call or email and get an immediate response. Zone Labs provides that.
Worth the Price?
Each person has to make his or her own decision. The standard--free--version works well, and if you don't have a firewall, download it now! http://www.zonelabs.com/store/content/catalog/products/sku_list_za.jsp?lid=nav_za
For me, however, the free version lacks some whistles and bells I really like. Privacy Protection. Hacker ID. Increased email protection. Most of all, the basic version doesn't include that nifty automatic program to set up your LAN, and the equally nifty feature to automatically set up program access approvals.
If you want to consolidate a whole bunch of programs into one, the Pro version is for you. It comes with multiple license discounts if you intend to put it on several machines.
Or you could take it a step further and consider the Suite. The additional $20 adds software that would cost you a lot more than buying the programs individually.
No matter what version works for you, ZoneAlarm remains the best--in my opinion--firewall program available. I've tried several and none have matched it. So I just keep coming back to Zone Labs products and reviewing their most recent improvements.
And happy to be able to write about a really great product that just keeps getting better.
Read all comments (3)