Zone Labs ZoneAlarm Internet Security 5.5 review
Zone Labs suffered some poor publicity recently, with installation problems for those people who used ICS to share their network Internet connection plus issues with conflicts (as we saw with EZ Armor, which is based on an earlier version of ZoneAlarm). But there are no such issues with this release of ZoneAlarm, partially due to its use of a later version of the TrueVector firewall engine.
Once installed, the simple and familiar elegance of the integrated ZoneAlarm control panel enables less confident users to see what ZoneAlarm is doing to protect them on a ‘fire and forget’ basis, but crucially without isolating the more technically competent user in the process. This is a masterpiece of user interface design.
The Computer Associates’ anti-virus module remains effective, although we’re still waiting for IMAP4 email scanning to be supported. Web-content filtering is top-class, providing more than 30 configurable categories. An Automatic Program Configuration feature, similar to that in Norton Personal Firewall, scans Internet-facing apps and matches them to a database of more than 10,000 files. As a result, you get less of the ‘generic host process’ alerts.
When you do see an alert, AlertAdvisor can be called up using the More Info button. This employs a set of ‘Hacker ID’ utilities, essentially WHOIS linked to graphical IP mapping and an integrated event reporting feature. This is useful for finding out more detail about would-be hackers, especially the reporting of inbound event information for further analysis and escalation to the host ISP for action.
IMSecure continues to impress, protecting the user from IM spam (SPIM). Instant messages for the main players (including AIM, MSN, Trillian, Yahoo! and some smaller clients) are encrypted, but only if both users have either the Security Suite or IMSecure installed. An Information Vault encrypts and stores the personal data you want it to, and any subsequent entering of that information online prompts ZoneAlarm to ask if you want the destination URL added to your trusted sites list or blocked. This protection also extends to IM sessions where protected data is replaced by a series of asterisks in the conversation. Anything that helps to prevent key-loggers from grabbing your data is okay by us.
The new anti-spam measures look like Zone Labs really just couldn’t make up its mind what it wanted, or what would work best, so it decided to throw everything in the arsenal at the problem. Which means there’s the challenge/response approach, the collaborative blacklisting approach, the non-collaborative blacklisting approach and the message content-filtering approach.
If this sounds confusing, wait until you see the configuration options for each. If you like sliders you’ll be on cloud nine. If you just want to block as much spam as possible with the gentlest learning curve, forget it. Out of the box the detection rate was one of the worst in our tests, mainly because if an ‘approach’ didn’t need time to learn what is and isn’t spam, it was set to the bland middle ground by default. The end result was a lot of patently obvious spam slipping through, the only bonus of which being the false-positive rate was low from the get go. There’s no doubt that this is the most flexible spam filter of any we’ve tested here, it uses the technology of spam specialist MailFrontier, but it demands that you get down and dirty with it before you’ll see the real results.
This runs true elsewhere within the suite, which comes with several layers of configuration complexity that you can either dig through if you’re so inclined or leave as is with minimal tweaking if not.