Check Point ZoneAlarm Internet Security Suite 7.0
At a Glance
Check Point's new ZoneAlarm Internet Security Suite 7.0 significantly improves on the 6.0 version we reviewed almost a year ago in our security suite roundup, "All-in-One Security." Parent company Check Point has replaced the mediocre CA antivirus engine that it licensed from CA with a much better one from Kaspersky Labs, and the result is a high-performance suite whose only weakness is its antiphishing protection.
Core components includes antivirus, antispyware, and antiadware protection, courtesy of the Kaspersky engine, as well as the house-developed network firewall and the OSFirewall, a supplemental layer of protection that detects and blocks suspicious changes (caused by malware) to key areas of the system.
In performance tests conducted by AV-Test.org, the Kaspersky engine performed well, detecting 98.3 percent of backdoor programs, 97 percent of bots, and 99 percent of Trojan horses thrown at it. It also spotted a solid 74 percent of adware samples. For its part, the OSFirewall detected a similarly solid 80 percent of network and e-mail worms based on their behavior alone, without benefit of a signature file to identify each one. The suite detected all pieces of malware that AV-Test.org hid within common compressed file formats, and the firewall blocked all attacks from inside and outside the PC. Also, AV-Test.org found that this version of the Kaspersky engine, which is responsible for updating the software's virus signatures, responded in less than 2 hours, on average, to newly discovered threats--an extremely fast response time.
The suite's on-access scanner did fail to detect the PP97M/Tristate.C macro virus, which targets Microsoft Office 97 and all later versions of Office that support VBA (Visual Basic for Applications). AV-Test.org reports that Kaspersky's own version of its virus engine did identify this threat, which suggests that the problem relates to Check Point's implementation of it. While most security companies rate this virus as a low-risk threat, ZoneAlarm's overlooking of it came as a surprise.
The ZoneAlarm suite is easy to use, with clear explanations of each decision you have to make, a big one being the level of security you want to establish. This year, the suite offers an Auto-learn mode. Though this mode initially lowers security to invoke fewer pop-up alerts, once it understands the applications it should trust, it cranks the security level back up for any activity it doesn't recognize. The Auto-learn mode was pleasantly quiet to begin with, but then the suite started popping up repeated alerts for legitimate application activity (such as my Trillian and Lotus Notes programs) that it should have recognized.
ZoneAlarm offers most of the usual suite extras. Its Privacy section selectively blocks Web site cookies, advertisements, and embedded objects and scripts. Its instant messaging security protects users of AOL, ICQ, MSN, and Yahoo services from bad links and attachments, though it added so many warnings to my outgoing IM messages that I turned it off. Spam protection, provided through MailFrontier, adds a configurable toolbar to Outlook and Outlook Express. Parental controls block sites included on Check Point blacklists along with unknown sites identified via effective dynamic analysis. The Vista version of this product is expected to arrive in the second quarter of 2007, and ZoneAlarm customers within the one-year subscription window will be able to upgrade to it for free.
Noticeably missing from the suite is an antiphishing toolbar--the suite lacks anything capable of instantly blocking known phishing sites. (You can download free tools such as McAfee's SiteAdvisor to warn you against suspect Web sites.) However, ZoneAlarm does provide other, less effective Web protection. The myVault tool prevents information--such as social security, credit card, and password digits--from leaving your PC, but it requires you enter the information (encrypted if you want) first. If you sign up for the free year of fraud protection, available through Intersections' credit protection services, you'll be notified if the service finds your financial information elsewhere on the Internet.
At $50 per PC per year (with support calls billed at an additional $3 per minute), the ZoneAlarm suite is priced on a par with other major suites. It performs well and is easy to use, though it could use better phishing protection.