Powerful Firewall Gets Personal
Driven by a simple, application-based security rule-set, ZoneAlarm keeps computer invaders at bay.
- By Chip Andrews
If your computer is connected to the Internet 24/7, do
you worry about intruders invading your machine? Well,
you should. ZoneAlarm 2.1.44, though, can help protect
your assets — it’s a powerful, personal, and free firewall
driven by a simple, application-based security rule-set.
Many personal firewalls force users to learn arcane port
configuration settings that must be tuned for each application.
But ZoneAlarm takes a different tack by allowing users
to make decisions about what services can access or be
accessed from the Internet. This way, users can set specific
security settings for every application that executes.
Here’s why this is an advantage: If a Trojan program
is executed on your workstation and attempts to send some
of your private documents to the attacker via the Internet,
you’ll instead be alerted that “Program X” is attempting
to access the Internet and the activity can be denied.
This type of “egress-filtering” is a powerful feature,
and it’s never been easier to implement. Rules can be
set for incoming and outgoing data on both a local intranet
and the Internet (which can be custom-configured for complex
In addition, ZoneAlarm includes a Stop button, which
ceases all network activity in an emergency. The program
also includes an email script attachment checker and an
alert log to observe failed attempts to access your machine.
|ZoneAlarm allows for individual protection
settings for each application you use.
After using ZoneAlarm for several weeks, I had only a
few minor complaints. Power users might be annoyed at
the seemingly endless stream of security dialogs each
time ZoneAlarm sees an application outside of its rule-set.
Also, serious security junkies will whine about the relatively
weak logging capabilities, inability to preconfigure authorized
applications, and sparse alerting options when break-in
Still, ZoneAlarm is an excellent personal firewall for
small-office and home use, and the price is definitely
right. Note that Zone Labs also recently released ZoneAlarm
Pro, a professional version that includes Network Address
Translation or NAT (for linking all of your computers
to the Internet via a single connection), more customizable
security levels, and password protection. Compared to
other popular firewall products, ZoneAlarm requires more
configuration and planning than Network ICE’s BlackICE
Defender, but significantly less than more comprehensive
utilities such as TINY Software’s WinRoute Pro. If, however,
you want a solid personal firewall that’s easy on the
wallet and powerful as all get out — ZoneAlarm might just
Chip Andrews, MCSE+I, MCDBA is a software security architect at (Clarus Corp.). Chip maintains the (sqlsecurity.com) Web site and speaks at security conferences on SQL Server security issues.