More info on the new ZoneAlarm from the Langa newsletter
1) Reader Feedback (And More): The New ZoneAlarm
You may recall that last month ZoneLabs (the makers of the popular desktop firewall, ZoneAlarm) released a major new version: It added features to a product that had already grown far beyond basic firewall functions to include blocking of hostile email attachments, monitoring of the antivirus protection provided by third-party tools, protecting against the outbound activities of mass-mailing worms, popup blocking, ID protection, and more. With each new function, of course, the software package became larger and more complex.
The newest version adds still more features, including an "OS-level firewall" that attempts to prevent potentially hostile behavior by system-level software. Working in ways analogous to that of antivirus or antimalware tools, the new ZoneAlarm monitors for suspicious software behavior, but does so at a very low level, even trying to see which software components are opening threads and why. When it spots potentially dangerous actions, ZoneAlarm pops up a security dialog. You can block the suspicious action, allow it once, or allow it permanently; much the same as ZA has always let you control internet connection activity.
This "OS-level firewall" is potentially a very useful feature. Combined with ZA's normal firewall features, plus good antivirus/antimalware tools, and XP's own "System Restore" ( informationweek.com ) and "Data Execution Prevention," (see google.com ; #12 in langalist.com ; #11 in langalist.com ) , ZA's new features should help lock down a system against just about all normal attack vectors.
But--- you knew there had to be a "but," right?--- the new ZoneAlarm is the most complex ever. The previous versions in the 5.x series had been creeping up through the mid-5MB range; the new 6.x version jumps to almost 9MB. An even more complex and complete version (which adds things such as its own antivirus tool, identity theft/privacy protection, anti-phishing and spam blocking, IM security/web site filtering, and more) weighs in at 22MB.
ZA's growing complexity prompted me to write this in this newsletter ( langa.com ) when the new version first appeared:
My main concern with this and similar tools that are getting more and more complex is the possibility--- maybe even probability--- of negative interactions between different tools as each tries to carry out a similar function. Colloquially, we've referred to that as security tools "stepping on each other's toes."
As a result, I suggest waiting a bit when the new ZoneAlarm is offered (some users are getting the update notices right now...). The pre-update version is fine, and works well--- there's no urgent need to upgrade. Let other braver or risk-loving souls take the plunge, and watch for feedback. Once the new tool has been installed on a couple million systems (it won't take long) we'll *know* if there are problems with the new ZoneAlarm tool conflicting with, say, Norton or Sygate or AntiSpyWare or other tools. My guess is that some conflicts are almost inevitable; but I also think the folks at Zonelabs will get things fixed pretty fast. So, a few weeks or a month or two after release, the new ZA tools should be stable and ironed out enough to be fine.
As this is not a minor upgrade of the current ZA, but something far more complex, I *strongly* urge you not to jump in headfirst as soon as the new version is out. Let others see if the water's safe, and when it is, *then* dive in. <g>
OTOH, if you're an experienced user with a stable, well-backed-up system, and decide to take the plunge early, drop me a line and tell us what your experiences were. Please put "Zonealarm" in the email's subject line. Thanks!
Many of your fellow readers responded, and I've gathered a representative sampling; enough to give you a pretty good idea of their reported experiences. I've added my own experiences with ZA6, and then used that as a springboard for a wider discussion of the relative merits of all-in-one, complex software suites versus simple, focused, stand-alone tools. I also provide lists of both kinds of security tools, with live URLs so you can grab your own copies.
It's all available now, free, at informationweek.com .
There's a ton of hard-won info there, courtesy of your fellow readers--- check it out! |
