- Review Date: 11/15/2011
- Bottom line:
With the 2012 edition, ZoneAlarm Free Firewall gets the same new look as the related antivirus and security suite products. Other than that, not much has changed. Its protection remains excellent.
Automatically configures network permissions for most programs using SmartDefense Advisor. Protects against attack by hackers. Can't be disabled by malware. Blocks access to phishing sites. Includes online backup and identity protection.
Does not detect or report Web-based exploits. Toolbar includes many features not related to the product's purpose.
Earlier this year Check Point's ZoneAlarm antivirus and security suite got a total makeover, a completely new look after years of wearing the same face. Now ZoneAlarm Free Firewall 2012 (free, direct) has received the same treatment. Don't worry; only its appearance has changed. Under the hood it's the same powerful free firewall as ever.
As Bari Abdul, vice president of consumer sales at Check Point Software Technologies, observed, "More than 200 million people today use free antivirus software, but they lack a strong two-way firewall, leaving their PCs vulnerable to online attacks." Check Point advises all users of free antivirus products to install the free ZoneAlarm firewall for added security.
Like ZoneAlarm Antivirus + Firewall 2012 ($59.95 direct for three licenses, 3 stars) and ZoneAlarm Extreme Security 2012 ($79.95 direct for three licenses, 4 stars), the free ZoneAlarm firewall now presents the user with three panel-sized buttons representing protection for identity and data, computer, and Internet. Each button changes color if there's a problem; clicking the button brings up detailed status information and access to configuration.
The free ZoneAlarm visually includes all the features of the more advanced products. They're simply grayed out, with a link that offers an opportunity to upgrade to a paid product.
ZoneAlarm pioneered the now-common feature of organizing networks into different security zones with different settings. WiFi hotspots and other potentially risky networks go in the public zone, while your own home or business network typically goes in the trusted zone. By default ZoneAlarm automatically puts unsecured wireless networks into the public zone. For other newly discovered networks it asks the user to choose.
Not surprisingly, ZoneAlarm passed all of my port scan tests and other Web-based attacks. With all ports in stealth mode the computer simply isn't visible to outside attackers.
Another now-common feature pioneered by ZoneAlarm is firewall self-defense. As always, I couldn't find any way to disable the firewall using techniques that could be incorporated into malicious code. In particular I couldn't terminate its processes nor could I find any way to stop or disable its essential services.
Some firewalls actively detect and prevent Web-based attacks on system vulnerabilities. The firewall in Norton Internet Security 2012 ($69.99 direct for three licenses, 4.5 stars) is especially good at this. In my most recent test it blocked every single exploit that I generated using the Core IMPACT penetration tool, and identified most of them by name.
Active blocking of exploits isn't a feature you'll find in ZoneAlarm. None of the exploits actually managed to penetrate system security, but ZoneAlarm didn't take notice of them.
The earliest personal firewalls were infamous for bombarding the user with a hail of incomprehensible popup queries. Should this program be allowed to open port 25? Should that program be permitted to act as a server? Most users adapted by allowing all access, thus defeating the purpose of program control.
ZoneAlarm's SmartDefense Advisor checks all programs against a massive online database and automatically configures firewall permissions for those it recognizes. As a result, popup queries are quite rare. If you see one, pay attention. It's probably important.
Norton also uses a massive database to automatically configure permissions for most programs, but it goes a step further. Rather than ask the user about unknown programs, it closely watches their behavior and makes its own decision whether to allow or block network access.
Malware writers sometimes attempt to evade the simpler program control found in ZoneAlarm by injecting code into trusted programs, or pretending to be a trusted program. ZoneAlarm specifically blocks all attempts to manipulate Internet Explorer, which balks many of these techniques. It's also pretty good at seeing through other attempts to hide from program control.
I ran a dozen leak test programs to test this feature. These programs use the same techniques found in malware, but lack a malicious payload. ZoneAlarm detected all but three of them.
Phishing Web sites try to steal your important login credentials by masquerading as PayPal, eBay, your bank, or other sensitive sites. A given phishing page may only exist for a day or two, so products that rely strictly on matching URLs against a list will miss the very newest ones. Like Norton, ZoneAlarm includes both list-based phishing detection and heuristic detection. In testing, it scored better than average, but nowhere near as accurate as Norton.
Out of 100 very new phishing URLs, ZoneAlarm's detection rate was 38 percent lower than Norton's but 18 percent better than that of Internet Explorer 8's SmartScreen Filter. Since nearly 70 percent of recently tested products don't even score as well as Internet Explorer alone, ZoneAlarm's performance is decent. However, its predecessor ZoneAlarm Free Firewall 9.2 (Free, 4.5 stars) managed to come in just 6 percentage points behind Norton. Perhaps the phishers have gotten smarter?
The article How We Test Antiphishing explains exactly how I derive these scores.
Significant Bonus Features
As with the previous edition, the free firewall comes with freebies of its own. For example, you can activate 2GB of free online backup hosted by iDrive and access it through the ZoneAlarm toolbar. Do note that you can get this same offer directly from iDrive without going through ZoneAlarm.
Another toolbar button links to the impressive ZoneAlarm Identity Protection Center. This page offers information on how to prevent, identify, and recover from identity theft. In addition, you can activate a free one-year. This is a better deal than you can get directly from Identity Guard. They offer a much shorter trial that automatically converts to a paid subscription if you don't opt out. Going through ZoneAlarm you simply get a notification when your year is up asking if you want to opt in to continued protection.
The toolbar, supplied by ZoneAlarm partner Conduit, is extremely flexible. You can add a weather report, Internet radio, new mail notification, and more. Literally thousands of additional free apps are available directly from Conduit, though few of them have any connection with security.
Still Our Top Choice
ZoneAlarm Free Firewall 2012 offers much the same protection as the previous version, but in a streamlined and attractive new user interface. If your PC is only protected by antivirus, you should install this firewall right away. ZoneAlarm Free Firewall 2012 new look is backed up by the same great protection that impressed us last time around; it remains PCMag's Editors' Choice for personal firewalls.