ZoneAlarm Internet Security Suite: Cheap but Lackluster

Checkpoint ZoneAlarm Internet Security 2010 finished 12th in our 2010 roundup of security suites. At $40 (for three users as of 3/29/2010), it contains all the basic features–antivirus, antispam, firewall, antiphishing, and Internet security features–and some useful extras such as one year of credit bureau monitoring for ID theft. But it did a poor job in our tests for detecting brand-new malware threats.

The ZoneAlarm interface has a clean look that is one of the best among the suites we looked at. It’s generally easy to make configuration changes, though one thing we would have liked to have is the ability to turn off only JavaScript or ActiveX within the ForceField tool, which monitors for browser-based malware.

One feature, virtualization, emulates parts of the operating system so that an attacker using a browser might think they are successfully attacking your system, when in fact they are not and, like a sandbox, runs the code in isolation from the rest of your PC. This helps protect your PC’s operating system from attack, and it’s a feature we expect to become more common in the future.

ZoneAlarm did a reasonable job cleaning up active infections on a PC. It detected all test samples, and disabled 80 percent of infections. This is a decent showing, but it falls behind our top performers, which disabled over 90 percent of the malware samples. Although few of the suites we tested did a great job at all removing traces of malware, ZoneAlarm’s 13 percent removal rate was the lowest of the pack.

For rootkit detection and disinfection, ZoneAlarm performed respectably, detecting 87 percent of inactive rootkits, all of the active rootkits, and ultimately removing 87 percent of rootkits. Norton Internet Security, our top pick in this roundup, managed to detect and remove all rootkits–stealth malware often used to hide other infections.

ZoneAlarm’s software performed worse than any other suite we tested in using behavioral scanning (that is, detecting malware based solely on how it behaves on a PC). ZoneAlarm’s suite found only 13 percent of our test samples, and blocked just 7 percent; it was unable to completely remove any of the samples in this test. As this is a very good test for judging how well a suite can respond to brand-new malware threats, ZoneAlarm’s showing is problematic.

ZoneAlarm hopes to make up for this failing by using multiple firewalls, including one in the operating system kernel (the most essential part of the OS) that may effectively prevent rootkits and other malware from running. We didn’t directly test the effect of the multiple firewalls, but you should still keep ZoneAlarm’s poor behavioral scanning in mind. The suite detected 97 percent of samples using traditional signature-based malware detection, about average among the packages we tested. Our top performer detected 99.9 percent of samples.

Overall, the effect of the ZoneAlarm suite on the speed of our test system was about average. Our system with ZoneAlarm’s suite installed was relatively slow to boot up: 52.49 seconds, or 5.5 seconds slower than the average boot time. It was one of the better performers in our on-access scan test (which helps judge how quickly a suite will scan files for viruses when they are opened or saved), scanning 4.5GB of data in 3 minutes, 34 seconds. Our top performer completed the test in 2 minutes, 51 seconds. In our hands-on tests, we noticed no drag on the system once the suite was loaded and running.

As it stands, ZoneAlarm Internet Security’s lackluster behavioral detection performance makes it hard to recommend. If you’re a fan of ZoneAlarm’s products, you should pay the additional $10 for ZoneAlarm Extreme Security and get the added protection of an Internet browser sandbox that runs all browser applications in a protected environment. This, in addition to the excellent firewall resources, makes up for the poor performance in behavioral testing. Otherwise, you’ll be better served by going with a higher-ranked suite like those from Norton and Kaspersky.