ZoneLabs' ZoneAlarm (ZA) is a valuable personal firewall. The easy to understand interface makes it a great option for most Internet users. ZA allows simultaneous, but independent, settings for both Internet and LAN access rights. These rights are configured through the use of three predefined network settings. Also included for both network zones are user definable application rights. ZA also provides grantable server rights and supports user defined trusted IP addresses. The underlying firewall filter can filter both incoming and outgoing network packets.
ZA includes another useful feature dubbed MailSafe. MailSafe isolates and allows the user to delete Visual Basic Script (VBS) files found as email attachments. VBS files are the easiest way for malicious intruders to install backdoor applications. They are also used for data collection and file editing and deletion. While VBS was intended for legitimate purposes, this scripting language has become the programming interface of choice for illegal activities.
ZoneAlarm's logging engine is useful and efficient. For analysis of the activity data, ZA requires the user to connect to ZoneLabs' web site. While I personally trust ZoneLabs' privacy policies, many people object to this process. ZoneLabs could gather user information during this process, but this would constitute a direct violation of the company's privacy agreements.
A major drawback to ZA is the lack of advanced user controls. ZA also will not block all ICMP ping requests from un-trusted sources. In contrast, ZoneAlarm did block all other port scans employed with my battery of tests. It is rather odd that certain ICMP transfers are allowed, as this could be a security issue. The ICMP protocol is an integral part of most denial of service attacks. Another potential hazard is how the application rights process identifies programs. The detection system uses the application's file header data. Assuming a backdoor program was encoded with the same header information as a trusted application presents a large risk.
ZoneAlarm is an efficient and well-engineered personal firewall. Only minor issues exist with its security routines, but these problems could prove dangerous under the right conditions. ZoneLabs releases updates to ZA on a regular basis, so I would expect these issues to be addressed with a future version. While ZoneAlarm does offer a useful interface and the important MailSafe utility, I would still recommend Sygate's Personal Desktop as a superior alternative until the minor problems with ZA are corrected.
Events
IE 7
Firefox 2.0
