ZoneAlarm Antivirus & Firewall PDF Print E-mail

ZoneAlarm AntivirusZoneAlarm is a powerful antivirus software program and one of the top 20 leading paid products in the industry. Its scanning engine is supplied by Kaspersky and this is one of the main reasons it is so effective. And it also includes a firewall that blocks all forms of malware (malicious software) threats.

ZoneAlarm has been the gold standard in free personal firewalls for many years. Budget-minded users combine it with a free antivirus to create an ad hoc security suite. With the release of ZoneAlarm Free Antivirus + Firewall (free), you can get antivirus and firewall protection in one free security suite, along with effective phishing protection and free online backup.

Key Features

Advanced Download Protection - This feature analyses browser downloads in three ways so that no malware infection gets to your PC.

Unified Scan Engine -This feature performs superior detection and removal of malware threats such as Trojans, viruses, spyware, worms, bots and others.

Two-Way Firewall - Its firewall blocks out hackers by making your computer invisible online and blocking intrusions.

Anti-phishing - This feature blocks dodgy websites that purport to be genuine sites that you're familiar with, like your bank.

ZoneAlarm Antivirus has been tested and certified by two leading test labs. Both Virus Bulletin and West Coast Labs show that it's effective against many threats and employs some of the latest technology when providing protection. But no tests appear for ZoneAlarm among other test labs like AV-Test and ICSA and this is one of the reasons it still lags behind many other antivirus software programs.

Compared to other antivirus software programs, ZoneAlarm Antivirus is missing many features like a laptop mode and gamer mode. These features are essential to many users and without them, it is missing out on a large percentage of the antivirus market.

ZoneAlarm Antivirus

Effective Firewall

Naturally this product's firewall protection is exactly the same as that of ZoneAlarm Free Firewall (free, 4.5 stars). Check Point will continue to make the standalone firewall available for those who prefer a different antivirus.

ZoneAlarm passed all port scan tests and other Web-based attack tests. It doesn't attempt to identify attacks on system vulnerabilities at the network level, but none of the exploits I tried managed to crack the test system's security. And as always I couldn't find any way to break down the firewall's protection programmatically, the way a targeted malicious program might do.

Early versions of ZoneAlarm effectively put the user in charge of controlling which programs can access the Internet. When a program tried to connect for the first time, the firewall asked the user whether to allow or deny it, this time or always. Modern firewalls, including ZoneAlarm, automatically configure permissions for known good programs identified through a huge online database. If it does confront you with a popup query, pay attention, as the program in question may well be a problem.

Antivirus Lab Results

Checking the independent labs for ZoneAlarm results is a bit confusing. Virus Bulletin is the only lab that regularly tests ZoneAlarm. Even then, over the past four years ZoneAlarm has participated in just five VB100 tests and passed four of them.

Why this lack of love? Because the antivirus component in ZoneAlarm is licensed from another well-known security company, so most of the labs simply test the original. Check Point officially does not identify its antivirus partner, but you will find dozens of DLLs and other support files whose digital signature, copyright notice, and internal company name point to Kaspersky Lab. Coincidence? You decide.

Installation Ups and Downs

ZoneAlarm's installer gets right to business with a quick install option that configures all settings with default values. Do keep your eyes open; if you don't opt out you'll find that you've changed your browser's home page and default search to ZoneAlarm.

The installer runs a quick scan for active malware. If it finds threats, it runs a pre-install scan, reboots, and starts the installation again. That's a smart way to avoid having the installer derailed by malware. Half of my malware-infested test systems got this treatment.

Despite the pre-install scan, installation failed on three test systems. On advice from tech support I ran the Kaspersky Virus Removal Tool—there's Kaspersky popping up again! After KVRT one of the problem systems was fixed. For the other two, tech support recommended scanning with the Kaspersky Rescue Disk.

ZoneAlarm still wouldn't install after the rescue disk's cleanup. With a commercial product tech support would most likely have escalated the situation, perhaps arranging for a support agent to clean up the system using remote control. Since this is a free product, that wasn't an option. ZoneAlarm simply failed to install on two of twelve test systems.

ZoneAlarm Antivirus

Rocky Malware Removal

When ZoneAlarm's antivirus scan encounters a threat, it almost always treats the problem immediately. Occasionally it marked low-risk threats as "Action required," meaning I had to give permission to treat the threat. A few needed a reboot for full cleanup.

On more than half of the test systems ZoneAlarm kicked the cleanup process to the next level. A big popup window announced the need for advanced disinfection, with a warning not to use the computer during this process. In every case I let it perform the advanced disinfection and then, after the required reboot, launched a full scan. That turned out to be important, as the full scan frequently found items not removed by advanced disinfection.

One test system announced the need for advanced disinfection during the full scan, so I allowed it and started another full scan. Yet again it requested advanced disinfection. After going around four times I denied the advanced disinfection and let the full scan finish. I can't imagine this runaround would inspire confidence in the average user. Overall ZoneAlarm detected 71 percent of the threats.

Impressive Malware Blocking

For my malware blocking test I attempt to install the same collection of malware samples on a clean test system. ZoneAlarm wiped out almost three quarters of the samples as soon as I opened the sample folder. It detected almost all of the rest during the install process, with a 95 percent detection rate overall. Its score of 9.3 points for malware blocking overall is definitely impressive, as is its perfect 10 of 10 points for rootkit blocking.

A few quirks mar this product's swing at perfection. When I attempted to download the same collection of threats, ZoneAlarm handled each download and either gave the program a safety rating or asked for permission to run an advanced analysis. That seemed like a good thing.

The problem is, in over half of the cases the download protection module disagreed with the on-access antivirus. Again and again I saw "Advanced Download Protection has determined this file is safe" while the antivirus identified the same file as malware. In one case, the regular download protection module displayed a big green "safe" notice for a file that on-access protection had wiped out on sight in the previous test. I don't have a lot of confidence in advanced download protection. ZoneAlarm also includes behavior-based malware identification, but I never saw it kick in for any of my malware samples.

Powerful Phishing Protection

Phishing sites try to steal your passwords for bank websites and other sensitive sites. These frauds look just like the real site, and may even redirect you to the real site after you log in. Phishing is a cross-platform attack on the user, not the browser or the PC. ZoneAlarm's toolbar proved especially effective at identifying these sneaky sites.

Boot Time Slowdown

This stripped-down suite had a lower-than-average impact in most of my performance tests. A script that fully loads 100 Web sites took just 6 percent longer under ZoneAlarm's protection than with no suite at all; the average among current suites is 23 percent. Another script that moves and copies a large collection of file between drives took 8 percent longer, while the average is 13 percent. And a script that zips and unzips the same collection of files ran 11 percent longer with ZoneAlarm watching, compared to the average of 17 percent.

I was surprised, then, to find that ZoneAlarm lengthened my test system's boot time by 60 percent, significantly more than any other current product. Results were consistent across 100 test runs. Boot time here refers to the time elapsed from the start of the boot process (as reported by Windows) until the system is ready for use. I define ready as meaning CPU usage is under 5 percent for 10 seconds in a row.

Most users spend a lot more time surfing the Web and working with files than rebooting the PC, so ZoneAlarm's impact won't make a big difference.

Conclusion - A Good, Free Choice

ZoneAlarm's free firewall has outlived many competitors. It's the gold standard for free personal firewall protection. The antivirus protection that takes ZoneAlarm Free Antivirus + Firewall into the security suite realm doesn't quite measure up to that standard. On the other hand, its phishing protection is among the best.

If you need a free security suite, this is definitely a good choice. Just be prepared for the possibility that you'll need additional help with initial installation on a malware-infested system.

Overall, ZoneAlarm antivirus is a decent software security program but there are many better ones out there. It has the award-winning Kaspersky scanning engine, however, downloading Kaspersky antivirus itself will provide more protection for your PC. So ZoneAlarm still has a way to go, to catch up with other antivirus products.