The best things in life are free, they say, but not all free things are the best. At PCMag we’re big fans of ZoneAlarm’s free firewall. The antivirus protection that Check Point added to create ZoneAlarm Free Antivirus + Firewall 2013 just doesn’t come up to the quality of the firewall component. It dilutes this security suite’s overall value.
The standalone firewall actually has a placeholder for antivirus protection, a panel that notes “Antivirus is available, but not installed.” Clicking the install button transforms your installation of ZoneAlarm Free Firewall 2013 into ZoneAlarm Free Antivirus + Firewall 2013. The other two panels, Firewall and Identity + Data, remain unchanged.
Trouble at the Start
The ZoneAlarm 2013 line has actually been out since late January, and I initially began this review in February. However, my malware removal test revealed an anomaly. ZoneAlarm licenses Kaspersky’s antivirus engine, so I expected the test results to either be the same as Kaspersky’s or perhaps a little better, given that Kaspersky Anti-Virus (2013) had been tested with the same samples months earlier.
In fact, ZoneAlarm’s results were significantly worse than Kaspersky’s, and the pattern of missed, removed, and partially-removed samples didn’t line up at all with Kaspersky. Check Point’s developers discovered a problem with their Kaspersky code, something they called a “bad drop.” I had to wait well over a month to continue the review, as they wanted to be extremely sure that everything was working correctly.
Trouble with Installation
Getting Kaspersky PURE 3.0 Total Security installed for testing a few weeks ago wasn’t too difficult. I did need to send logs to tech support in some cases, and I called on some of Kaspersky’s diagnostic and repair tools. Installing ZoneAlarm was quite a bit tougher, and it felt a bit odd to me that all the diagnostic and repair tools supplied by ZoneAlarm were totally Kaspersky-branded.
ZoneAlarm’s installer includes a quick check for active malware. If it finds problems, it launches a round of advanced disinfection before proceeding with installation. It went for advanced disinfection at install on six of the twelve malware-infested systems. Advanced disinfection can also kick in during a full scan; it did so on four of the other six systems. Kaspersky includes a task manager that can juggle multiple scans, automatically restarting a full scan at the point advanced disinfection interrupted it. That’s not a feature in ZoneAlarm, so I had to restart the full scan in such cases.
A number of the systems encountered problems that prevented installation or correct operation. Ransomware on one system wouldn’t let me install ZoneAlarm (or do anything else); the Kaspersky Rescue Disk solved that one. The Rescue Disk also wiped out malware on another system deleted ZoneAlarm before it could fully install.
One system repeatedly crashed due to partial malware removal. Malware on another system blocked ZoneAlarm’s ability to update antivirus definitions. Solving all the install problems required repeated use of Kaspersky’s AVZ Antiviral Toolkit and the Kaspersky Virus Removal Tool. The process of getting all the test systems scanned occupied most of a week, but eventually I managed it.
Less Effective Malware Removal
In my first round of testing, using the defective scanning engine, ZoneAlarm’s results weren’t remotely similar to the results of testing Kaspersky Internet Security (2013) with the same samples. This time around, ZoneAlarm’s results precisely matched the results from testing Kaspersky PURE for almost 90 percent of the samples—a good sign that the Kaspersky engine is now working correctly.
As for the samples where the two products performed differently, in every case ZoneAlarm was less successful than Kaspersky. This might be due to differences in the way the two companies handle installation problems, or the fact that Kaspersky runs a separate rootkit scan that doesn’t seem to be present in ZoneAlarm.
ZoneAlarm is the third product tested with my current malware collection. Kaspersky PURE detected 78 percent of these samples, avast! Internet Security 8 got 75 percent, and ZoneAlarm caught 67 percent. Score-wise, Kaspersky earned 6.0 points, avast! got 5.8, and ZoneAlarm got 5.3 points.
These results aren’t directly comparable with those of products tested using my previous malware collection, though there was a similar spread between scores for the previous editions of ZoneAlarm and Kaspersky PURE. The top score against that previous collection, 7.1 points, went to the cleanup-only Malwarebytes Anti-Malware 1.70. Norton Internet Security (2013), Webroot SecureAnywhere Complete 2013, and Comodo Internet Security Complete 2013 tied for second place with 6.6 points each. The free Comodo Internet Security Premium (2013) earned 6.2 points in this test, still quite a bit better than ZoneAlarm.
My current malware collection doesn’t include enough rootkits to merit breaking out a separate rootkit score. Instead, I’ve chosen to rate products on how easy it is to install them and run a full scan. A product that performs that task with next to no problems gets five stars. One that utterly fails to install or scan on one or more test systems earns a single star. ZoneAlarm did the job, but required days and days of back and forth with tech support, so it gets three stars.
For details on how I conduct my malware removal tests, see How We Test Malware Removal.
ZoneAlarm Free Antivirus + Firewall 2013 malware removal chart
So-So Malware Blocking
ZoneAlarm’s handling of real-time malware detection diverges more from Kaspersky’s than the on-demand malware scan. This became evident immediately when I tried to re-download my malware collection. Kaspersky blocked 74 percent of the test downloads at the URL level, refusing to even connect with the malicious link. ZoneAlarm blocked 57 percent, all of them during or immediately after the download.
When I opened a folder containing already-downloaded samples, both products wiped out quite a few of them on site; Kaspersky caught a couple that ZoneAlarm didn’t. When I launched those that survived the initial culling, Kaspersky did a better job preventing malware installation. The numbers tell the story. Kaspersky and avast! both detected 86 percent of the samples (but not the same 86 percent) and scored 8.5 points. ZoneAlarm detected 81 percent and scored 7.6 points.
None of these products came close to the top scores among those tested with my previous malware collection. Webroot detected 100 percent of the samples and scored 9.9, SecureIT Plus (2013) detected 97 percent and scored 9.7 points, and ten other products (including Comodo) earned scores higher than 9.0 points. I’ll have a clearer idea once more products have had a go at the current samples, but ZoneAlarm’s showing doesn’t look so great.
To learn how I go about running a malware blocking test, please see How We Test Malware Blocking.
ZoneAlarm Free Antivirus + Firewall 2013 malware blocking chart
Sparse Lab Results
Given that the antivirus protection is licensed, not built by Check Point, it’s perhaps unsurprising that most of the antivirus labs don’t include it in their testing. Virus Bulletin has tested ZoneAlarm Extreme Security 2012 a few times over the past years; it achieved VB100 certification four out of five times.
German antivirus lab AV-Test is the only lab I follow that actually tests ZoneAlarm Free Antivirus + Firewall. In the last two tests, ZoneAlarm earned 13.5 and 14.5 out of 18 possible points. With 11 points needed for certification, those are decent scores, but others do even better. Bitdefender Internet Security 2013 is the current champion in this test, with 17 points.
The chart below summarizes recent lab tests; to learn more about these tests, please read How We Interpret Antivirus Lab Tests
ZoneAlarm Free Antivirus + Firewall 2013 lab tests chart
Everything else in this product is exactly the same as ZoneAlarm Free Firewall 2013. I’ll summarize here; for full details, do please read that review.
ZoneAlarm was a pioneer of firewall protection, offering it for free well before most users even understood the concept of a firewall. It was also one of the first personal firewalls to get “hardened” against attack. I’ve found no way that a malicious coder could write malware that would break ZoneAlarm’s protection.
In addition to effectively protecting your system from outside attack, ZoneAlarm’s firewall manages Internet and network access permissions for a vast number of known programs using the company’s SmartDefense Advisor database. In testing, it did a good job detecting attempts to evade or subvert program control. While it doesn’t actively block exploit attacks the way some high-end commercial firewalls do, the standalone ZoneAlarm firewall is our Editor’s choice for free firewall protection.
The OSFirewall feature watches all running applications and warns if it detects suspicious activities. Behavior-based detection features like this one often yield false positives—valid programs identified as suspicious—and OSFirewall is no exception. It popped up at least one warning for about 80 percent of the older PCMag utilities I used for testing. You’ll have to make your own security decision if ZoneAlarm pops up a warning while you’re installing a new program.
Same Phishing Protection
ZoneAlarm’s Site Check marks up links in search results with red, yellow, or green icons, identifying them as dangerous, iffy, or safe. You can drill down to find out just why a site was marked red or yellow. In addition, if you try to navigate to a fraudulent (phishing) website it overlays a big warning advising you to stay away.
I tested ZoneAlarm with very new real-world phishing sites and found that its detection rate came in 47 percentage points below Norton’s and 16 percent below Internet Explorer 8′s SmartScreen Filter. You’ll want to leave your browser’s built-in phishing protection turned on. The article How We Test Antiphishing explains exactly how I locate and identify brand-new phishing sites for this test.
ZoneAlarm Free Antivirus + Firewall 2013 antiphishing chart
Other Shared Features
There are quite a few other features shared between this antivirus and the standalone firewall. Both offer a year of “Good Start” credit protection from Identity Guard, a button that invokes your browser’s privacy mode, and 5GB of online backup hosted by IDrive. New this year, both will check your Facebook account and report on any privacy issues.
Powered by partner Abine, the Do Not Track Me toolbar button warns you about advertising links on the current Web page as well as other links that could be used to track your browsing habits. With one quick click you can set ZoneAlarm to prevent this type of tracking. Advertisers can choose to ignore the industry-standard Do Not Track header, but ZoneAlarm actively prevents tracking.
Some Effect on Performance
One reason to choose a small-scale security suit like ZoneAlarm is to avoid the performance drag that some users associate with huge, feature-laden suites. However, in my performance tests ZoneAlarm averaged the same impact as the much more extensive Kaspersky PURE.
My boot time test identifies when the computer is ready for use by checking for ten seconds in a row with CPU usage below five percent, then subtracts the time the boot process started (as reported by Windows). This test took 37 percent longer with ZoneAlarm installed than with no suite at all, a bigger slowdown than most current products. Webroot, SecureIT, McAfee Internet Security 2013, and a few others had no measureable effect on this test.
The ZoneAlarm toolbar checks each website you visit to ensure it’s safe, but this checking won’t slow your browsing experience. My browser test measures the time required to fully load 100 websites with and without a security suite installed. Averaging multiple runs, I found this test took 10 percent longer with ZoneAlarm active, well below the current average of 17 percent.
On-access malware scanning can slow day-to-day file management operations. My file move/copy test times a script that moves and copies many large files between drives. This test took 18 percent longer with ZoneAlarm watching, a bit below the current average of 23 percent. Another script that zips and unzips that same collection of files took 18 percent longer, just a tad above average.
The fact that ZoneAlarm slows the boot process a bit shouldn’t be a big problem given that you probably reboot no more than once per day. For full details on how I test security suite performance, see How We Test Security Suites for Performance.
ZoneAlarm Free Antivirus + Firewall 2013 performance chart
Build Your Own
As noted, the standalone ZoneAlarm Free Firewall 2013 is our Editors’ Choice for free firewall protection. However, the antivirus protection added to create ZoneAlarm Free Antivirus + Firewall 2013 just doesn’t come up to the firewall in quality. I’d suggest enhancing your firewall protection by adding AVG Anti-Virus FREE 2013 instead. It’s our Editors Choice for free antivirus, and it scores much better than ZoneAlarm in PCMag’s tests and in independent lab tests.
|OS Compatibility||Windows Vista, Windows XP, Windows 7|
Copyright © 2012 Ziff Davis, Inc