Daxdi now accepts payments with Bitcoin

Check Point ZoneAlarm Free Antivirus+ Review

If you have a firewall along with antivirus protection, your PC is pretty well protected.

A full security suite would add more security components, but the basic antivirus plus firewall is all some users want.

Check Point's ZoneAlarm Free Antivirus+ gives you antivirus and firewall, at no charge, and the antivirus is licensed from award-winner Kaspersky.

However, unlike the best free antivirus tools, ZoneAlarm puts limits on your antivirus protection.

During the quick install process, the product asks for your email, noting that it's needed so you can get product upgrades, tips, and guidelines.

But if you don't want to fill up your Inbox, you can skip that step.

Like Norton and others, ZoneAlarm downloads the latest antivirus signatures as part of the install process.

The product's main window has hardly changed in years.

Comparing today's edition with a screenshot from 2011, I still see the same relaxing color scheme of greys, greens, and blues, and it's still dominated by three big panels for three security areas.

The panel names change slightly—at present, they're called Antivirus, Firewall, and Mobility.

And the current product includes a logo for ZoneAlarm's owner, Check Point.

But the overall impression is dated.

As with many free products, this one is only free for personal use.

If you want to use it in a business setting, or if you want tech support, you'll have to purchase the Pro edition.

I will review that product separately.

No Help From Test Labs

Since ZoneAlarm licenses the antivirus technology that's used in Kaspersky Anti-Virus, you might assume it would inherit Kaspersky's results from independent lab tests.

But don't make that assumption.

The lab reports state very clearly that results apply only to the exact products listed.

Just because a company licenses a given antivirus engine doesn't prove that company uses the engine perfectly.

In addition, this product lacks some features of Kaspersky's antivirus.

In the antivirus settings dialog, a page titled Premium Protection list features that you don't get for free.

For example, ZoneAlarm doesn't offer real-time cloud-based protection, nor does it block Web threats.

Lab Tests Chart

I follow four testing labs that release regular reports: AV-Test Institute, AV-Comparatives, MRG-Effitas, and SE Labs.

All four test Kaspersky; none directly test ZoneAlarm.

Each lab uses its own style for reporting.

AV-Test offers numeric ratings in three categories, AV-Comparatives and SE Labs report certification levels, and MRG-Effitas is close to a pass/fail system.

Over the years, I've developed an algorithm to map all the results onto a 10-point scale and derive an aggregate score.

Kaspersky and Avira Antivirus top the list, with 9.8 points based on results from all four labs.

Only three labs included Bitdefender Antivirus Plus($29.99 for 3 devices / 1 year at Bitdefender) in their latest reports; SE Labs skipped it in the latest report.

But its score of 9.7 points is still quite good.

Decent Malware Protection

For years, I've found that while Kaspersky excels in the independent lab tests, it doesn't necessarily do well in my hands-on tests.

In that situation, I defer to the labs, with their massive testing resources.

With no test results for ZoneAlarm, my own tests take on more importance.

I keep a collection of malware samples so I can get first-hand experience of the way each product defends against them.

When I opened the folder containing my samples, ZoneAlarm immediately started deleting them.

For some low-risk samples—adware and such—it asked my permission first.

Within a minute, it eliminated over three-quarters of the samples.

On-access scanning in most antivirus products triggers on the slightest access.

Some wait until a file is about to execute.

ZoneAlarm's real-time malware protection defaults to scanning on any access, and the free edition locks in that default.

Those using the for-pay Pro edition can configure it to wait for execution.

There's also a smart mode that uses internal rules to decide when to scan.

I don't imagine many users exercise this power of choice.

I maintain a second set of samples that start off as identical copies of the main set.

For each sample, I change the name, tack on some zeroes to change the file size, and tweak a few non-executable bytes.

An antivirus that detects the original but misses my knockoff version may be too rigid in its analysis.

ZoneAlarm did well, detecting over 90 percent of the tweaked samples.

That's in stark contrast to Comodo Antivirus, which missed over 60 percent of the modified samples, including several ransomware attackers.

Launching the tweaked samples isn't usually part of my test, but I make an exception for ransomware.

Comodo's behavior-based detection should have averted the ransomware attacks; it failed.

When I launched the surviving regular, non-tweaked samples, the antivirus kicked in to prevent installation in most, but not all, cases.

ZoneAlarm detected 86 percent of the samples and earned 8.4 of 10 possible points, not quite up to Kaspersky's score of 8.5.

The differences all related to lower-risk items, so I assume Kaspersky's detection system changed its assessment of those few items in the six months since I tested it.

Others have done much better against this same malware collection.

Norton earned 9.7 points, for example, and Webroot SecureAnywhere AntiVirus($18.99 for 1-Device on 1-Year Plan at Webroot) managed a perfect 10.

Malware Blocking Chart

As noted, the free ZoneAlarm antivirus doesn't include Web-based protection, but it does check every file you download.

To test that feature, I attempted to open 100 malware-hosting URLs from a feed supplied by MRG-Effitas.

I determined that ZoneAlarm wiped out just 20 percent of the malware payloads, among the worst scores in this test.

However, an oddity caught my eye.

In an unusual number of cases, I'd find the download ended with the message, "This program couldn't be downloaded." On clicking Retry, I got a new message, "This program might have been moved or deleted." A little sleuthing revealed that each time this happened, a reference to the file showed up as the newest entry in a one of ZoneAlarm's log files, leaving me to conclude that ZoneAlarm silently blocked these downloads.

I have no idea why ZoneAlarm didn't pop up a notification to take credit for its good work, as it did for some other files, and I didn't get a clear explanation from my company contacts.

Including the files blocked silently brought ZoneAlarm's score up to 32 percent.

That's still sad, with only two recent products scoring lower.

Almost half made it to 90 percent or better.

Bitdefender and Trend Micro scored 99 percent, while Sophos Home Free and McAfee managed 97 percent.

See How We Test Security Software

Firewall Protection

The firewall built into Windows 10 does a fine job of foiling port scans and other web-based attacks.

It doesn't include the companion program control found in the few remaining third-party personal firewalls, but that's not important to everyone.

We're left unsure that you actually need a personal firewall.

But when it comes free with your free antivirus, it's a nice addition.

Like Comodo, ZoneAlarm makes its firewall available as a separate, free product.

Given that the price is the same goose egg as firewall plus antivirus, don't bother.

If you want ZoneAlarm for free, get the full package! Note that if you do install the standalone firewall, you can convert it to firewall with antivirus by clicking a button.

In the 90s, ZoneAlarm pioneered firewall protection as a must for consumers, not just businesses.

From its original red, orange, yellow, white, black, striped, spotted user interface the product evolved to a more sedate appearance in the modern edition.

ZoneAlarm remains effective at fending off network-based attacks.

I hit it with port scan tests and other Web-based attacks, and it kept them all at bay.

It put all the system's ports into stealth mode, meaning they wouldn't even be visible to an attack across the Internet.

ZoneAlarm pioneered the concept of hardening a firewall against direct attack.

I couldn't terminate its processes or interfere in any way with its Windows services; my attempt just hit an Access Denied message.

I could not find a way to turn it off by manipulating the Registry, either.

Intrusion prevention is a feature often associated with firewall technology, but it's not quite the same thing.

When I attacked my test system using 30-odd exploits generated by the CORE Impact penetration tool, ZoneAlarm didn't react at all.

The attacks didn't penetrate security, as the test system was fully patched.

Symantec doesn't bundle firewall protection into the standalone Symantec Norton AntiVirus Plus, but its exploit protection proved more effective than any competing products.

It actively blocked 85 percent of my exploit attacks at the network level, meaning they never made it to the test system.

Among recent products, only Kaspersky comes close, and it reserves exploit protection for its suite products.

From the start, ZoneAlarm has assigned different protection levels to different security zones.

In the Public Zone it cranks protection to the max, while in the Trusted Zone it relaxes its restrictions enough to allow things like file and printer sharing.

By default, it puts new insecure Wi-Fi networks in the Public Zone.

Application Control

Very early editions of ZoneAlarm used to rely on you, the user, to make network access decisions.

This new program wants to connect to 12.34.56.78 on port 8080—allow or block? Uninformed users had no idea how to make a correct choice.

Later the company developed a now-huge online database of known programs, automatically assigning permissions for those known programs.

If you drill down to Application Control settings, you'll find a slider that sets a security level for application control, with stops for Off, Min, Auto, and Max.

At the default Auto level, ZoneAlarm screens some, but not all, programs.

I found that it quietly detected my hand-coded browser's attempt at Internet access, but automatically allowed it.

With the protection level cranked up to Max, attempted internet access causes the expected popup query, but it has other, less desirable effects.

This level also enables a behavior-based detection system that sees problems around every corner.

Yes, it reports on activities that malware might attempt, but these activities are also normal for valid programs.

When I tried to install and run 20 Daxdi utilities, only four sailed by with no warnings.

For another five, the installation went smoothly, but ZoneAlarm warned about activity by the program itself.

Another five had to battle from one to three warnings during installation, but then ran without further fuss.

For all the rest, ZoneAlarm raised a ruckus over both the installer and the program itself.

It gets worse.

One of the programs started to run, but then inexplicably stopped working.

Earlier I mentioned an obscure log revealing that ZoneAlarm secretly eliminated some malware downloads; I found the defunct program in that same log.

In addition, a background scan eliminated a harmless test program of mine.

Designed for testing password managers that handle application passwords, this program does nothing but request a username and password and report whether it accepted the password.

Behavior-based detection can be a good thing, but only when it uses intelligence to avoid flagging valid programs.

In the past, Comodo generated more and more alarming warnings than ZoneAlarm; the current Comodo products no longer do so.

ZoneAlarm needs to refrain from knee-jerk reporting of individual activities and develop an algorithm to look for patterns, patterns that match malware and don't match legitimate apps.

Identity and Data Protection

On the Mobility page, formerly called Identity & Data, you'll find just one item titled Identity Protection.

Clicking that lets you activate identity protection managed by ZoneAlarm partner Identity Guard.

Identity Guard, another ZoneAlarm partner, provides a free year of simple identity protection.

I didn't sign up for testing, because even though it's free, you must supply a credit card.

From the description, this service offers daily credit monitoring with one bureau, ID verification alerts, and account takeover alerts.

It also helps if you fall victim to identity theft.

This is nothing like the elaborate remediation promised with a subscription to Symantec Norton 360 with LifeLock Select.

But it is free, at least for the first year.

The Identity Lock feature offers a completely different type of protection for personal data.

You start by adding data to what it calls myVault.

ZoneAlarm stores 15 specific types of data, among them credit numbers, eBay passwords, and mother's maiden name.

There's also a catchall Other category.

To me, the inclusion of eBay password in the categories is an anachronism, showing this feature hasn't been updated in ages.

For each personal data item, you can choose whether to accept the default one-way encryption.

If you disable this feature, your stored data could itself become a security risk.

There's no reason you should disable it, and no reason for ZoneAlarm to offer the option.

Likewise, you'll want to leave checked the boxes that ask for protection on the Web and in email.

If you've set Identity Lock to high protection, it simply won't allow any of your vault data to be transmitted from your computer, unless it's going to a site that you've defined as trusted.

The private data gets replaced by asterisks.

At the medium setting, Identity Lock gives you a warning, and an option to abort transmission of the data.

Here's the big catch; Identity Lock doesn't work on HTTPS sites.

These days it's challenging to even find an unsecured HTTP site that also accepts data entry.

When I did manage to do so, and entered a phrase containing a personal data item, ZoneAlarm claimed to block it, and asterisks replaced the item in the browser.

But search results filled with the supposedly blocked term belied that claim.

This feature is useless.

A Fading Star

Back in the day, there was a lot more competition in the personal firewall realm, but the improvement of Windows Firewall has thinned the ranks to almost nothing.

Getting firewall protection in Check Point ZoneAlarm Free Antivirus+ is a nice extra, but it's not the prize that it once was.

The product's...

If you have a firewall along with antivirus protection, your PC is pretty well protected.

A full security suite would add more security components, but the basic antivirus plus firewall is all some users want.

Check Point's ZoneAlarm Free Antivirus+ gives you antivirus and firewall, at no charge, and the antivirus is licensed from award-winner Kaspersky.

However, unlike the best free antivirus tools, ZoneAlarm puts limits on your antivirus protection.

During the quick install process, the product asks for your email, noting that it's needed so you can get product upgrades, tips, and guidelines.

But if you don't want to fill up your Inbox, you can skip that step.

Like Norton and others, ZoneAlarm downloads the latest antivirus signatures as part of the install process.

The product's main window has hardly changed in years.

Comparing today's edition with a screenshot from 2011, I still see the same relaxing color scheme of greys, greens, and blues, and it's still dominated by three big panels for three security areas.

The panel names change slightly—at present, they're called Antivirus, Firewall, and Mobility.

And the current product includes a logo for ZoneAlarm's owner, Check Point.

But the overall impression is dated.

As with many free products, this one is only free for personal use.

If you want to use it in a business setting, or if you want tech support, you'll have to purchase the Pro edition.

I will review that product separately.

No Help From Test Labs

Since ZoneAlarm licenses the antivirus technology that's used in Kaspersky Anti-Virus, you might assume it would inherit Kaspersky's results from independent lab tests.

But don't make that assumption.

The lab reports state very clearly that results apply only to the exact products listed.

Just because a company licenses a given antivirus engine doesn't prove that company uses the engine perfectly.

In addition, this product lacks some features of Kaspersky's antivirus.

In the antivirus settings dialog, a page titled Premium Protection list features that you don't get for free.

For example, ZoneAlarm doesn't offer real-time cloud-based protection, nor does it block Web threats.

Lab Tests Chart

I follow four testing labs that release regular reports: AV-Test Institute, AV-Comparatives, MRG-Effitas, and SE Labs.

All four test Kaspersky; none directly test ZoneAlarm.

Each lab uses its own style for reporting.

AV-Test offers numeric ratings in three categories, AV-Comparatives and SE Labs report certification levels, and MRG-Effitas is close to a pass/fail system.

Over the years, I've developed an algorithm to map all the results onto a 10-point scale and derive an aggregate score.

Kaspersky and Avira Antivirus top the list, with 9.8 points based on results from all four labs.

Only three labs included Bitdefender Antivirus Plus($29.99 for 3 devices / 1 year at Bitdefender) in their latest reports; SE Labs skipped it in the latest report.

But its score of 9.7 points is still quite good.

Decent Malware Protection

For years, I've found that while Kaspersky excels in the independent lab tests, it doesn't necessarily do well in my hands-on tests.

In that situation, I defer to the labs, with their massive testing resources.

With no test results for ZoneAlarm, my own tests take on more importance.

I keep a collection of malware samples so I can get first-hand experience of the way each product defends against them.

When I opened the folder containing my samples, ZoneAlarm immediately started deleting them.

For some low-risk samples—adware and such—it asked my permission first.

Within a minute, it eliminated over three-quarters of the samples.

On-access scanning in most antivirus products triggers on the slightest access.

Some wait until a file is about to execute.

ZoneAlarm's real-time malware protection defaults to scanning on any access, and the free edition locks in that default.

Those using the for-pay Pro edition can configure it to wait for execution.

There's also a smart mode that uses internal rules to decide when to scan.

I don't imagine many users exercise this power of choice.

I maintain a second set of samples that start off as identical copies of the main set.

For each sample, I change the name, tack on some zeroes to change the file size, and tweak a few non-executable bytes.

An antivirus that detects the original but misses my knockoff version may be too rigid in its analysis.

ZoneAlarm did well, detecting over 90 percent of the tweaked samples.

That's in stark contrast to Comodo Antivirus, which missed over 60 percent of the modified samples, including several ransomware attackers.

Launching the tweaked samples isn't usually part of my test, but I make an exception for ransomware.

Comodo's behavior-based detection should have averted the ransomware attacks; it failed.

When I launched the surviving regular, non-tweaked samples, the antivirus kicked in to prevent installation in most, but not all, cases.

ZoneAlarm detected 86 percent of the samples and earned 8.4 of 10 possible points, not quite up to Kaspersky's score of 8.5.

The differences all related to lower-risk items, so I assume Kaspersky's detection system changed its assessment of those few items in the six months since I tested it.

Others have done much better against this same malware collection.

Norton earned 9.7 points, for example, and Webroot SecureAnywhere AntiVirus($18.99 for 1-Device on 1-Year Plan at Webroot) managed a perfect 10.

Malware Blocking Chart

As noted, the free ZoneAlarm antivirus doesn't include Web-based protection, but it does check every file you download.

To test that feature, I attempted to open 100 malware-hosting URLs from a feed supplied by MRG-Effitas.

I determined that ZoneAlarm wiped out just 20 percent of the malware payloads, among the worst scores in this test.

However, an oddity caught my eye.

In an unusual number of cases, I'd find the download ended with the message, "This program couldn't be downloaded." On clicking Retry, I got a new message, "This program might have been moved or deleted." A little sleuthing revealed that each time this happened, a reference to the file showed up as the newest entry in a one of ZoneAlarm's log files, leaving me to conclude that ZoneAlarm silently blocked these downloads.

I have no idea why ZoneAlarm didn't pop up a notification to take credit for its good work, as it did for some other files, and I didn't get a clear explanation from my company contacts.

Including the files blocked silently brought ZoneAlarm's score up to 32 percent.

That's still sad, with only two recent products scoring lower.

Almost half made it to 90 percent or better.

Bitdefender and Trend Micro scored 99 percent, while Sophos Home Free and McAfee managed 97 percent.

See How We Test Security Software

Firewall Protection

The firewall built into Windows 10 does a fine job of foiling port scans and other web-based attacks.

It doesn't include the companion program control found in the few remaining third-party personal firewalls, but that's not important to everyone.

We're left unsure that you actually need a personal firewall.

But when it comes free with your free antivirus, it's a nice addition.

Like Comodo, ZoneAlarm makes its firewall available as a separate, free product.

Given that the price is the same goose egg as firewall plus antivirus, don't bother.

If you want ZoneAlarm for free, get the full package! Note that if you do install the standalone firewall, you can convert it to firewall with antivirus by clicking a button.

In the 90s, ZoneAlarm pioneered firewall protection as a must for consumers, not just businesses.

From its original red, orange, yellow, white, black, striped, spotted user interface the product evolved to a more sedate appearance in the modern edition.

ZoneAlarm remains effective at fending off network-based attacks.

I hit it with port scan tests and other Web-based attacks, and it kept them all at bay.

It put all the system's ports into stealth mode, meaning they wouldn't even be visible to an attack across the Internet.

ZoneAlarm pioneered the concept of hardening a firewall against direct attack.

I couldn't terminate its processes or interfere in any way with its Windows services; my attempt just hit an Access Denied message.

I could not find a way to turn it off by manipulating the Registry, either.

Intrusion prevention is a feature often associated with firewall technology, but it's not quite the same thing.

When I attacked my test system using 30-odd exploits generated by the CORE Impact penetration tool, ZoneAlarm didn't react at all.

The attacks didn't penetrate security, as the test system was fully patched.

Symantec doesn't bundle firewall protection into the standalone Symantec Norton AntiVirus Plus, but its exploit protection proved more effective than any competing products.

It actively blocked 85 percent of my exploit attacks at the network level, meaning they never made it to the test system.

Among recent products, only Kaspersky comes close, and it reserves exploit protection for its suite products.

From the start, ZoneAlarm has assigned different protection levels to different security zones.

In the Public Zone it cranks protection to the max, while in the Trusted Zone it relaxes its restrictions enough to allow things like file and printer sharing.

By default, it puts new insecure Wi-Fi networks in the Public Zone.

Application Control

Very early editions of ZoneAlarm used to rely on you, the user, to make network access decisions.

This new program wants to connect to 12.34.56.78 on port 8080—allow or block? Uninformed users had no idea how to make a correct choice.

Later the company developed a now-huge online database of known programs, automatically assigning permissions for those known programs.

If you drill down to Application Control settings, you'll find a slider that sets a security level for application control, with stops for Off, Min, Auto, and Max.

At the default Auto level, ZoneAlarm screens some, but not all, programs.

I found that it quietly detected my hand-coded browser's attempt at Internet access, but automatically allowed it.

With the protection level cranked up to Max, attempted internet access causes the expected popup query, but it has other, less desirable effects.

This level also enables a behavior-based detection system that sees problems around every corner.

Yes, it reports on activities that malware might attempt, but these activities are also normal for valid programs.

When I tried to install and run 20 Daxdi utilities, only four sailed by with no warnings.

For another five, the installation went smoothly, but ZoneAlarm warned about activity by the program itself.

Another five had to battle from one to three warnings during installation, but then ran without further fuss.

For all the rest, ZoneAlarm raised a ruckus over both the installer and the program itself.

It gets worse.

One of the programs started to run, but then inexplicably stopped working.

Earlier I mentioned an obscure log revealing that ZoneAlarm secretly eliminated some malware downloads; I found the defunct program in that same log.

In addition, a background scan eliminated a harmless test program of mine.

Designed for testing password managers that handle application passwords, this program does nothing but request a username and password and report whether it accepted the password.

Behavior-based detection can be a good thing, but only when it uses intelligence to avoid flagging valid programs.

In the past, Comodo generated more and more alarming warnings than ZoneAlarm; the current Comodo products no longer do so.

ZoneAlarm needs to refrain from knee-jerk reporting of individual activities and develop an algorithm to look for patterns, patterns that match malware and don't match legitimate apps.

Identity and Data Protection

On the Mobility page, formerly called Identity & Data, you'll find just one item titled Identity Protection.

Clicking that lets you activate identity protection managed by ZoneAlarm partner Identity Guard.

Identity Guard, another ZoneAlarm partner, provides a free year of simple identity protection.

I didn't sign up for testing, because even though it's free, you must supply a credit card.

From the description, this service offers daily credit monitoring with one bureau, ID verification alerts, and account takeover alerts.

It also helps if you fall victim to identity theft.

This is nothing like the elaborate remediation promised with a subscription to Symantec Norton 360 with LifeLock Select.

But it is free, at least for the first year.

The Identity Lock feature offers a completely different type of protection for personal data.

You start by adding data to what it calls myVault.

ZoneAlarm stores 15 specific types of data, among them credit numbers, eBay passwords, and mother's maiden name.

There's also a catchall Other category.

To me, the inclusion of eBay password in the categories is an anachronism, showing this feature hasn't been updated in ages.

For each personal data item, you can choose whether to accept the default one-way encryption.

If you disable this feature, your stored data could itself become a security risk.

There's no reason you should disable it, and no reason for ZoneAlarm to offer the option.

Likewise, you'll want to leave checked the boxes that ask for protection on the Web and in email.

If you've set Identity Lock to high protection, it simply won't allow any of your vault data to be transmitted from your computer, unless it's going to a site that you've defined as trusted.

The private data gets replaced by asterisks.

At the medium setting, Identity Lock gives you a warning, and an option to abort transmission of the data.

Here's the big catch; Identity Lock doesn't work on HTTPS sites.

These days it's challenging to even find an unsecured HTTP site that also accepts data entry.

When I did manage to do so, and entered a phrase containing a personal data item, ZoneAlarm claimed to block it, and asterisks replaced the item in the browser.

But search results filled with the supposedly blocked term belied that claim.

This feature is useless.

A Fading Star

Back in the day, there was a lot more competition in the personal firewall realm, but the improvement of Windows Firewall has thinned the ranks to almost nothing.

Getting firewall protection in Check Point ZoneAlarm Free Antivirus+ is a nice extra, but it's not the prize that it once was.

The product's...

PakaPuka

pakapuka.com Cookies

At pakapuka.com we use cookies (technical and profile cookies, both our own and third-party) to provide you with a better online experience and to send you personalized online commercial messages according to your preferences. If you select continue or access any content on our website without customizing your choices, you agree to the use of cookies.

For more information about our cookie policy and how to reject cookies

access here.

Preferences

Continue