I am becoming tired of those who claim that, by running a firewall, their computers are unhackable. This is one serious misconception that must be cleared. While Zone Alarm is a decent firewall, it too is vulnerable to attacks against a system. However, it will block amateur and unsophisticated attacks upon a system. Therefore, for the average home user, Zone Alarm is more than adequate.

Zone Alarm, however, should not be considered for a business (and neither should its more advanced sibling Zone Alarm Pro). Hackers who attack businesses usually do not get discouraged easily by a firewall. I would never depend on Zone Alarm to protect a computer that contains business-critical data.

I’ll begin by describing the features that make Zone Alarm appealing to the average home user.

First of all, it is free for home users. Almost everybody loves free software (with the exception of those who have a money spending problem). It should be noted that while Zone Alarm is a free download, it is not a second-rate program in any way.

Second, Zone Alarm logs attacks upon a system. This alone should be reason for anybody to get a firewall. In fact, attack logging is a must when analyzing security breaches. Without it, you would never know if someone tried to hack you.

Third, Zone Alarm allows you to set specific permissions for every program that tries to access the Internet or Network. This way, you can give programs such as Napster server privileges, while denying it to programs that would never need it. Furthermore, you can deny ANY Internet access to specified programs. For example, if Solitaire ever requests Internet privileges, you should be sure to deny it, because Microsoft Solitaire does not have any communication protocols, unless it was trojaned (in which case you should run an antivirus scanner to check your computer for viruses).

Fourth, and finally, Zone Alarm has an Internet lock, which will stop all Internet access to and from the computer. However, one can configure this lock so that some important programs can pass through. While this is a neat feature, I wonder why people just don’t pull the plug to stop all Internet access.

Now I’ll say why I wouldn’t use Zone Alarm for business-related security.

I’ll describe a typical situation. Hacker John Doe wants to hack into an online entrepreneur’s computer to steal some Excel files containing credit card and customer information. First of all, he finds the computer’s IP address, which shouldn’t be too difficult if he’s skilled at social engineering (a hacker’s term for tricking the user to give out information). Once he has acquired the IP address, he runs various port scans and perhaps even Nmap against the computer. He finds out that his requests are blocked, so he assumes they’re running a firewall.

At this point, amateur hackers would stop. However, truly determined ones would continue. A good attack against Zone Alarm is to flood its logging bank. The firewall’s logging it limited to 500 counted hits, after which it stops counting and just continues logging. In my tests, after a sufficient number of hits pass the 500 mark, Zone Alarm will lock up and die. So the hacker begins to run a distributed DoS (denial of service) attack against the IP, and soon and surely enough, Zone Alarm crashes, leaving the computer vulnerable to attack (unless it crashes with the computer).

That situation should be enough to make a business wary of using Zone Alarm and Zone Alarm Pro, both of which are affected. While this can be fixed with a simple bug fix, what if you are not patched? Furthermore, this is just one of possibly many bugs that can be exploited to shutdown Zone Alarm.

Another problem with Zone Alarm is that it is just as secure as it is setup. Human error is usually the main point where any type of security fails. For example, if the computer has been trojaned, and the user inadvertently grants Internet access to the trojan, then all is lost. Hackers have learned to disguise program names to make such an occurrence commonplace. In addition, hackers can trojan computer programs already on the computer, making such attacks harder to notice. And trojaning itself is a simple matter: all one needs to do is open a malicious file or email, or even perhaps just visit a well coded website.

For businesses, I would recommend a solid-state firewall (aka, a machine devoted to firewall tasks). There are plenty out there for every type of connection, and some routers even function as them. For home built firewalls, I suggest that you run an OpenBSD computer with ipfw. These are advanced techniques, but will provide more coverage then Zone Alarm.

Recommended: No