ZoneAlarm, part of Check Point Software Technologies, is seeking to solve this problem by releasing a combined and integrated free home firewall and anti-virus product. It is an attempt to provide the multi-layered security normally found only on corporate servers.
The first layer is the firewall. It seeks to block illegitimate access to the computer. But firewalls cannot block everything, otherwise the user would not be able to use the internet.
The next layer is the anti-virus addition. It seeks to detect and neutralize malware that is ‘invited’ through the firewall as an email attachment or via an infected web download. But anti-virus cannot detect 0-day malware – the malware that has not been seen before – so infection remains a possibility. For this, ZoneAlarm offers several defenses.
Firstly, it includes a ‘phishing status’ bar to prevent the user from visiting known malicious sites that might harbor such malware; and it updates its knowledge of these by cloud-based crowd-sourcing. “As well as conventional, automated daily signature updates,” a spokesman told Infosecurity, “the product’s firewall includes Check Point’s DefenseNet, a cloud system that automatically collects real-time threat data from ZoneAlarm firewalls globally. Once a new threat has been verified, details about it are immediately shared with all users’ ZoneAlarm firewalls to nullify the threat.”
Some 0-day malware will always breach the perimeter. So secondly, and internally, the product includes an OS firewall, or ‘behavior’ monitor. It watches for, and tries to prevent, malicious activity within the computer itself. This is still not enough to guarantee security. The final layer is back to the perimeter firewall: it is two-way. If malware breaches all other defenses, its purpose is almost certainly to find and send back personal details such as passwords and credit card numbers. The ZoneAlarm firewall seeks to block outbound traffic, protecting the user even if it has failed to protect the computer.
Of course, adding anti-virus to a firewall is only as good as the anti-virus itself. ZoneAlarm is not an anti-virus company, so it is reasonable to assume that it has integrated another company’s AV engine. When asked, the ZoneAlarm spokesman simply told infosecurity, “ZoneAlarm is not publicly disclosing the vendors it is working with, but simply stating it hasn’t changed vendors.” The website says it works with Kaspersky Lab. Kaspersky was neither able to confirm nor deny that it is providing the anti-virus engine.
Either way, ZoneAlarm is claiming high performance for its anti-virus. In a recent test undertaken by AVTest.org, it scored a 99.42% detection rate against an average of 98.81% (Microsoft’s Security Essentials scored 96.9%). At the same time, it was 100% successful in blocking attacks from websites, where the average for some paid-for products was 94.5%.