- Hides ports from hackers
- retains custom settings after upgrade
- slick interface is easy to use
- new expert rules for pros.
- No phone support
- cumbersome rule-making process.
The previous edition of ZoneAlarm Pro took some blows from ZDNet readers, who complained that the software caused system instability and blue screens of death. We think that version 4.0, which sells for $49.95 (~£30), will entice these disgruntled customers back into the fold. This firewall-cum-security suite -- it features the firewall, plus a few privacy tools and a pop-up ad killer, but no anti-virus program -- now sports expert-style rules that let advanced users fine-tune Internet access privileges, an outbound mail monitor that watches for suspicious activity that could indicate a worm, and a way to report Web intruders. ZoneAlarm Pro remains so easy to use that even a novice can manage it. Not all is rosy, however, as there's still no way to call the ZoneAlarm help desk. If you're already using ZoneAlarm Pro, upgrade only if you want access to the expert rules. Looking for your first firewall? ZoneAlarm does the trick, but only if you already have anti-virus software installed.
Setup & interface
Download the 4MB ZoneAlarm Pro, and within five minutes, you can have your guard up. Like earlier editions, ZoneAlarm Pro 4.0 walks you through the opening configuration with a straightforward wizard that asks for a few simple choices. Keep clicking the Next button to arm your computer with the default defences, which should be suitable for most users. Naturally, you can make additional changes at any time. Best of all, during installation you can also upgrade to 4.0 from previous versions of ZoneAlarm without losing your custom settings -- a skill that Symantec's Norton Internet Security (and the firewall it relies on, Norton Personal Firewall) still lacks. There are no major interface changes in 4.0; it sports the same glossy, no-frills look-and-feel as the last edition. The design looks an awful lot like Windows XP, with navigational tabs at the left that display detailed settings when you click them. You can even minimise the entire window to show only the Stop and Lock buttons, which disable protection and prevent any Internet connection, respectively. Overall, we love this look.
ZoneAlarm Pro's heart remains its personal firewall, a guardian that makes sure intruders can't get into your PC from the Internet. Version 4.0 also includes an email monitor that hunts for possible mass-mailing viruses and worms, a cookie manager, a pop-up and banner ad blocker, and an ActiveX and Java script defender. ZoneAlarm Pro configures itself to work with your default Internet browser during installation. The program stops any desktop program that tries to access the Internet, then displays an alert that asks if you want to authorise the connection. Click 'Yes' the first time, and you're set thereafter. New to version 4.0 are expert-level rules that define specific access and activity privileges for programs that need Internet access. These rules, which didn't exist in previous editions and may be reason enough to upgrade to version 4.0, are similar to those in Norton Personal Firewall, although they are more difficult to configure. Unfortunately, they still don't let you build rules that limit program access to specific ports or Internet protocols. Nor do we like the cumbersome process that requires you to choose options from pop-up lists while juggling multiple windows. ZoneAlarm has also added a new reporting tool. Previously, the Hacker ID function only tracked down the location (both the IP address and the geographic locale) of any intruders onto your system. (Don't worry; ZoneAlarm automatically masks your address as it traces any suspected hackers.) However, the new reporting tool allows Zone Labs to periodically collect these trace-back reports and pass them on to the offender's ISP. Cool. Other enhancements include a cache cleaner to wipe space-hogging temporary Internet files, browser histories, and cookies from your machine, plus an improved mail monitor that watches outbound mail for evidence of mass-mailing worm activity. (Previous versions already monitored inbound mail.) The latter isn't an anti-virus protector -- ZoneAlarm is still missing that important part of PC security strategy -- but it will shut down your email client if a virus or a worm tries to mass-mail copies of itself. For a complete security package, including antivirus protection, you should consider Norton Internet Security or McAfee Internet Security instead. On another note, a large number of users complained -- both on ZDNet and on the Zone Labs message forums -- that ZoneAlarm Pro 3.0 caused system crashes. According to Zone Labs, these problems stemmed from incompatibilities with various video drivers. We had good luck during our brief testing -- not a single glitch on three different systems running ZoneAlarm -- so we have high hopes that Zone Labs solved these problems in version 4.0.
We ran ZoneAlarm Pro 4.0 against Steve Gibson's ShieldsUp port tester. In stealth mode, our PC was invisible to the world, which is good. If hackers can't see your computer on the Internet, they can't get inside. ShieldsUp Port Probe Port 21-FTP Stealth Port 23-Telnet Stealth Port 25-SMTP Stealth Port 79-Finger Stealth Port 80-HTTP Stealth Port 110-POP3 Stealth Port 113-IDENT Stealth Port 135-RPC Stealth Port 139-NetBIOS Stealth Port 143-IMAP Stealth Port 443-HTTPS Stealth Port 445-MSFT DS Stealth Port 5000 UpnP Stealth LeakTest Stealth Passed To test ZoneAlarm Pro 4.0's firewall, we began with IP Agent, a free utility provided by ShieldsUp that determines the test machine's current IP address, and then contacts the ShieldsUp Web site to begin testing. Next, the Port Probe utility from ShieldsUp tested our system's defence against Internet port scanners. The test originates from the ShieldsUp server and attempts to establish standard TCP/IP (Internet) connections on a handful of commonly exploited Internet service ports on the test computer. Using ShieldsUp, each port gives one of the three following results: Stealth This result means that the probe was not able to find this particular port on your computer. This is the most secure result. Closed This shows that the probe was able to detect this particular port on your computer but that the connection was refused. Open This result means that the port is actively advertising its presence on the Internet. Port scanners will have no trouble finding it. More information on these tests and what the results mean can be found at ShieldsUp. More information about how we test firewalls can be found at CNET Labs.
Service & support
Zone Labs still doesn't get it: phone support is a must-have. If you have a problem with ZoneAlarm Pro, you won't be able to call the company. Instead, you can browse a brief online FAQ, send an email message, or rely on the kindness of strangers who host the forums accessed through Zone Labs' Web site. And the online help, which includes some of the program's well-known problems, is skimpy. We don't like the email form, either. For a prompt response, you have to type in your 20-letter product key code first -- and even then, Zone Labs only promises to respond in three to four business days. That's just not fast enough if you're sweating over something as important as your firewall. Our advice: try the forums.