ZoneAlarm Pro

Product: ZoneAlarm Pro Price: $39.95 ($10 off through Adware Report) Company Info: ZoneLabs Editor Rating: 4 stars Download ZoneAlarm Pro

Pros
+ Provides back up defense that complements anti-virus and anti-spyware tools
+ Blocks incoming probes and attacks
+ Stops outgoing communications from rogue programs
+ "Panic" button lets you stop all internet communication in case of attack

Cons
- Needs initial "training" period to learn about your computer
- Occasional pop-up alerts

ZoneAlarm Review

ZoneAlarm is the premier firewall solution for home and business computers. It provides a rock-solid backup defense against spyware, Trojans, and viruses, but it can slow down your PC a bit. If you maintain sensitive data on your PC, are worried about internet intrusion, data theft, or even data loss, you should probably be running this software.

After an initial break-in period, the ZoneAlarm firewall will silently protect your computer against continual break-in attempts and other intrusions that anti-virus and anti-spyware programs don’t catch.

While the high-end version of ZoneAlarm (“ZoneAlarm Security Suite”) comes with a variety of other tools (anti-virus, anti-spam) designed to secure your computer, their real strength lies in their firewall offering – we recommend the base level product only (ZoneAlarm Pro).

Note: Firewall products protect against different threats than anti-spyware and anti-virus programs, and you should always run a firewall in addition to those other types of security products. Click here for more information about firewalls.

Installation and Configuration

Installation was straightforward on our Windows XP test machine and took less than 5 minutes.

Configuration on the other hand, is a bit more complex. Fortunately, firewall products are far easier to configure than they used to be. When you first run the program, ZoneAlarm kicks off a "configuration wizard" that asks you a few questions and will automatically configure the program in an optimal manner for most systems.

Among the questions the wizard asks are:

1. Do you want to share your security settings with ZoneLabs? – Although in theory this will help ZoneLabs create better products, we prefer to save our bandwidth, so we choose “no”. If you’re on DSL or a LAN, clicking “yes” won’t hurt you any.
2. Automatically configure the program using standard settings (AlertAdvisor)? – For sanity’s sake, we highly recommend you choose “Automatic”. Otherwise, you’ll have to spend a lot more time manually configuring your installation.
3. Turn on ZoneLab’s Antivirus? – We’ve not had good results with ZoneAlarm’s built-in antivirus program, so we prefer to leave it off.
4. Use ZoneAlarm’s built-in spam filter? – ZoneLabs has embedded MailFrontier’s Matador product into ZoneAlarm to provide spam filtering. While this is an ok product, there are better ones out there, so again, we choose “no”. If you aren’t using an anti-spam program already though, you should pick “yes”.
5. Turn on IM Security? – Definitely select “yes”
6. Turn on Web-filtering? – if you aren’t worried about kids surfing the internet, you should probably leave this off. It can slow down your browser.
7. Turn on Privacy Control? – This is built-in to most browsers these days, so leave it off.
8. Turn on Cache Cleaner? – Your choice. This will free up space on your computer and possibly make your browser run faster. We selected “yes”.

After answering these questions and re-booting your PC, you’re done!

Usability

First, you should be aware that there are some occasional annoyances you are going to have to put up with when using a firewall product. Primarily, you will occasionally receive alert pop-ups that will require your attention, such as the following.

ZoneAlarm raises these alerts when an unidentified program running on your computer attempts to access the internet. If you recognize the program, then click “allow” and you won’t be bugged about it again. If you don’t recognize it, you might want to “deny” it until you figure out exactly what it is. The good news is that you’ll have to deal with most of these one time only.

Annoyances aside however, you’ll feel real good the first time you receive one of these pop-ups:

This is an alert that someone on the internet has just tried to hack or probe into your computer, and you’ll see them a lot until you click the “Don’t show this dialog again” checkbox. We see these alerts about once every 5 minutes on our Earthlink account. Once you click on the checkbox, ZoneAlarm will quietly protect you against these intrusion attempts. (As an aside, keep in mind that your anti-spyware product will not protect against these hacking attempts. That type of software is designed specifically to remove spyware and adware only. Firewalls go a long way towards preventing that software from ever getting on your computer in the first place).

One problem that we have with ZoneAlarm is that it frequently asks us if we want to enable ZoneAlarm’s anti-virus functionality. Despite the fact that we click the “Don’t show this message again” checkbox, we still get it nearly every time we reboot. Hopefully the next version will fix this problem.

There’s just one more thing you should become familiar with when using this software: the “dashboard”:

There are just a few things on this window you need to know:

• “In” and “Out” data meters on the left – you can completely ignore these.
• The big, red “Stop” button – if something has gone horribly awry on your computer and you think you’re under attack, click this button to cut off any and all internet access.
• The “padlock” – this will temporarily prevent data access between your computer and the internet. You can click it when you walk away from your computer (for the overly paranoid) or it will turn on automatically if you’re idle for 20 minutes or so. If you run automated processes on your computer (for instance, automatic updates), this can interfere with these programs so you might want to turn it off.
• A list of running programs (on the right) – again, you can ignore this as it’s not very helpful.
• “Trusted” and “Blocked” zones (in the middle) – clicking anywhere in this section will open up a window that allows you to add other computers to your trusted list. This is very useful if your PC is running on a home network, for instance.

That’s all there is to it. A few minutes of work and you have added a powerful layer of protection against internet threats to your computer.

Summary

ZoneLabs’ powerful firewall product, ZoneAlarm, is a nearly mandatory product for most computer users because it adds a powerful back-up defense system that complements your anti-virus and anti-spyware software. After a short “learning period”, the program will quietly protect your computer without so much as a peep … unless you come under attack, in which case the program will lock down your computer air-tight.

Price: $39.95 (with $10 discount from Adware Report)
Download ZoneAlarm Here

Firewalls: What They Are and Why You Need One

So you've heard about spyware and all the problems it can cause with your computer, and you're now doing something about it. That's a good start, but did you know that you're still exposed to hackers, trojans, and viruses that can steal your financial information, hijack your email, or even destroy your computer altogether?

Anti-spyware tools block only a few types of common PC invaders, such as spyware, adware, dialers, search hijackers, and so on. For complete security, you also need a firewall (you also need an anti-virus program, but that's the subject of another article).

You should be using a firewall product if...

• You regularly use wireless networks other than your own (ie: at a Starbucks or an airport)
• You are at risk of having someone spy on you (paranoid employer, ex-spouse)
• You have valuable or irreplaceable data on your computer (spreadsheets, legal documents, email, personal writing, etc)
• You want an extra layer of defense against spyware, Trojans, and viruses.

What Do Firewalls Do?

There are a variety of ways in which an attacker can detect and get into your computer. Spyware companies make use of some of these methods ("drive-by installs"), but they aren't the only ones trying to take advantage of you. Spammers have written programs that will hijack your computer and use it to send junk email. Trojans and worms are often spread via email, instant messenger, or other means. Jealous spouses or paranoid employers can even purchase off-the-shelf software to spy on your every online move. Anti-spyware tools don't do anything to prevent any of these kinds of invasions.

This is where the firewall comes in. It plugs the security holes that anti-spyware tools don't, preventing outside attackers from gaining access to your system in the first place. And if a malicious payload does somehow manage to get on your PC, the firewall will prevent it from communicating with the outside world, rendering it useless.

In short, a firewall stops any and all data transfer between your computer and the internet except for that which you specifically approve.

Sadly, only 10% of computer users have any type of firewall installed on their computer.

Doesn't Windows come with a firewall?

Windows XP SP2 does come with a personal firewall but it provides only a bare minimum level of protection (Windows 2000 users and earlier, you're completely unprotected and you need to get some type of firewall installed ASAP). The firewall that comes with your operating system blocks in-bound attacks only, but leaves you completely exposed to threats that originate on your computer. For instance, if an ex-spouse installs spy software on your computer, Windows personal firewall is completely useless.

This quote from David Berlind at CNet UK explains it nicely:

"Once a malicious payload gets in, your reliance to stop it shifts from the inbound firewall to something internal to your network or workstation -- like your antivirus or anti-spyware software. But, in the cat-and-mouse game of security solution developers vs. hackers, there are some pretty clever mice. And, as was demonstrated by at least one recent exploit of a vulnerability in Internet Explorer, there are certain exploits that anti-anything (virus, spyware, pop-ups, etc) products are powerless against. What's your last line of defence to keep one of these exploits from phoning home? Outbound blocking -- a feature that the Windows Firewall lacks."

If you think you're safe because you've downloaded the latest Windows update, think again. Hackers are faster than Microsoft, the maker of the world's most insecure software products, will ever be.

So How Do You Remain Protected?

You should seriously consider purchasing a commercial firewall product. A good product will provide the following:

* Make your computer invisible to hackers by default
* Allow you to share files and printers with people you trust
* Ensures only applications you trust can access the internet
* Prevents malicious programs from disabling the firewall
* Automatically locks down your PC if the firewall is compromised

Windows firewall does none of these things and unfortunately has given a lot of people a false sense of security.

What Firewall Programs Are Out There?

We've tried a few and have settled on ZoneAlarm. This is the firewall we run on all of our personal and company computers. ZoneAlarm is the market leader and sells the most effective firewall software available.

Download ZoneAlarm Pro Here

March Reviews Are Ready!

The latest round of anti-spyware tests have been completed! We added more new spyware to our testing computers, which makes for a very difficult test. It takes nearly 10 minutes to boot up our infected image, and downloading anti-spyware programs on each takes a long time because the spyware programs running in the background hog all of the bandwidth.

No big surprises in the rankings. Spyware Doctor moved up a notch, while Microsoft AntiSpyware made its debut at #4. We were a little amazed that StopZilla performed so poorly in our tests. Their site looks terrific and they have great marketing, so we expected more. It just proves you can't believe the hype.

Finally, if you have a product that you would like us to review, drop us a note here. We can't personally answer all of the email we receive (there's just way too much!), but we do read each and every one.

Yet More Misleading Marketing...

An otherwise excellent article at Insecure.Org which discusses the withdrawal of Webroot from COAST (Consortium of Anti-Spyware Technology Vendors), makes mention of a "survey" Castlecops' conducted which was presumably conducted to capture public opinion about the Aluria-WhenU debate.

If you haven't been following along, we've been somewhat critical of Castlecops and other spyware commentators for their alarmist stance that they've taken regarding Aluria's decision to de-list WhenU as a spyware company. Our view has been all along that if any company chooses to go legit, then the anti-spyware community should embrace them with open arms. Castlecops (and others) disagreed and remained critical of Aluria. Since then, we've seen Lavasoft and PestPatrol follow in Aluria's footsteps. We consider ourselves vindicated.

Are our criticisms of Castlecops unwarranted? Their hearts are in the right place, but our complaints stand. The above article irresponsibly mentions this sham of a survey conducted by Castlecops which had but a single question:

Do you trust Aluria's Spyware Eliminator after the WhenU Deal?

Yes - 14.00% (240 votes)
No - 86.00% (1474 votes)

Should you take the above survey at face value, you would be inclined to think that most people think rather poorly of Aluria (and now Lavasoft and PestPatrol) due to the de-listing. However, the above survey suffers from two errors which are well known to most marketers:

1. Leading Question - the above question leads respondents into clicking 'No' because of the way it is worded.

Example: "Do you trust John after he donated all that money to the orphans?" ... no, of course I don't! (I don't know why, but it's obvious I shouldn't. That lousy John.)

2. Sampling Error - the above survey was conducted on Castlecops, a site visited largely by tech-savvy security professionals. These are hardly mainstream computer users and no survey data collected on Castlecops should be used as an indicator of how ordinary people might feel about an issue.

To prove this point, we took a survey of our own to get a more accurate picture of how people really feel about this. We asked visitors to this site two questions:

1. Are you familiar with the fact that Aluria has delisted WhenU as a spyware company?
2. If the answer for the above question was yes, then do you trust Aluria's Spyware Eliminator after the WhenU Deal?

Note that we left the wording on the leading question the same in order to isolate the effect of the sampling error. Our readers tend to be very mainstream computer users (they self-report only an average level of knowledge about spyware) between the ages of 35 and 50.

Our results

Overall, 46.6% of our readers stated that they didn't trust Aluria. The other 53.4% stated that they did (in other words, the delisting of WhenU was not seen as a breach of trust).

We then divided up the survey respondents by those who had some familiarity with the WhenU delisting vs. those who hadn't. Only 19.4% of our readers knew about WhenU delisting. A full 80.6% had never heard of it.

Of those who had heard of the delisting, a whopping 72.7% stated that they still trusted Aluria. 27.3% said that they no longer trusted Aluria.

Of those who had not heard of the delisting, only 41.7% said they did still trusted Aluria, while 58.3% stated they no longer trusted them.

What did we learn from this?

First, the Castlecops survey was not an accurate reflection of how mainstream computer users truly feel about the WhenU delisting. Their survey result reflected a far more paranoid population of security professionals.

Second, most people who had heard of the delisting (and presumably had formed their own opinion about it) felt that it was not something that breached their trust in the company. On the other hand, those who had no prior knowledge of it indicated that they no longer trusted Aluria. This is what we would expect to see from a leading question such as the one in the Castlecops survey.

So are the mainstream users right or are the security professionals? One could argue that the security professionals, by virtue of their expertise, have a more informed opinion and thus should be listened to. We agree with that, and so we sliced our data one last time. Among the respondents to our surveys who claimed to have "above average" to "expert" knowledge about spyware, 58.3% still trusted Aluria.

Microsoft's security strategy is still lacking despite new IE, Gartner says

Call us skeptical, but Microsoft has had security as it's "#1 priority" for over two years ago and if anything, Windows has become even less secure. Case in point: entire software industries (anti-spyware, anti-virus, firewall) have come about to address Microsoft's gaping security holes. Past experience has proven that independent companies do a much better job than Microsoft at sealing the cracks in their own software.

From IT Manager's Journal

Saturday February 19, 2005 (05:06 PM GMT)

Bill Gates put Microsoft's security strategy front and center this week, announcing a new version of Internet Explorer, free antispyware and an antivirus service, but his vision does not look far enough ahead, a Gartner analyst said.

Neil MacDonald, a research director at Gartner, said Microsoft's security announcements were a missed opportunity.

At the RSA Conference in San Francisco, Gates said Microsoft will release IE 7.0, which continues the hardening of IE 6 with XP Service Pack (SP) 2, in beta in mid-2005. IE 7.0 will not be available for Windows 2000 users.

Microsoft Probes Spyware System Attack

More entertainment in the spyware industry: Microsoft now recommends you purchase an anti-virus program to fix the security holes in their own security products.

REDMOND, Wash. Feb 10, 2005 — Microsoft Corp. is investigating a malicious program that attempts to turn off the company's newly released anti-spyware software for Windows computers.

Stephen Toulouse, a Microsoft security program manager, said the program, known as "Bankash-A Trojan," could attempt to disable or delete the spyware removal tool and suppress warning messages. It also may try to steal online banking passwords or other personal information by tracking a user's keystrokes.

To be attacked, Toulouse said a user would have to be fooled into opening an e-mail attachment that would then start the malicious program. He said the company had not seen any evidence so far that the program is widespread.

Toulouse said Redmond-based Microsoft was recommending that users who believe they might be infected use antivirus software, such as products made by Symantec Corp. or McAfee Inc., to try to remove it.

From ABCNews

Breaking News: Trojan attacks Microsoft's anti-spyware

Virus writers have created a malicious program that can disable Microsoft's new anti-spyware application, security experts warned on Wednesday.

AdwareReport Comment: Microsoft has made themselves a lot of enemies over the years and despite their latest attempt to resolve their nagging security problems through the purchase of Giant AntiSpyware, all they have succeeded at doing is making themselves a bigger target. One of the biggest problems that spyware programmers face in trying to defeat anti-spyware tools are the wide variety of tools available out there. Microsoft has inadvertently shot itself in the foot by trying to mass-market one.

By Dan Ilett ZDNet (UK) February 9, 2005, 9:54 AM PT

Antivirus experts, who are calling the Trojan "Bankash-A," say it is the first piece of malicious software to attack Windows AntiSpyware, which is still in beta.

"This appears to be the first attempt yet by any piece of malware to disable Microsoft AntiSpyware," Graham Cluley, a senior technology consultant at Sophos, said in a statement. "As Microsoft's product creeps out of beta and is adopted more by the home user market, we can expect to see more attempts by Trojan horses, viruses and worms to undermine its effectiveness."

Windows AntiSpyware, built using technology from Microsoft's acquisition of Giant Company Software, is designed to protect Windows PCs from spyware--software that is installed on computers without their owners' knowledge. Typically, spyware generates pop-up ads or keeps track of people's Web surfing.

Like many other Trojans, Bankash attempts to steal passwords and online banking details from Windows users, Sophos said in an advisory. The program targets users of U.K. online banks such as Barclays, Cahoot, Halifax, HSBC, Lloyds TSB, Nationwide, NatWest and Smile.

Sophos called the Trojan "Bankash" because it attacks banking customers and installs a file called ASH.DLL onto a victim's hard drive.

Microsoft's British press office was awaiting comment from the company's U.S. headquarters at the time of writing.

Dan Ilett of ZDNet UK reported from London.