upgrading from zaf to zap pros & cons

Hi Rickster,

Of course, as people might expect, I recommend the use of the commercial versions of Zone Alarm (ZAplus and ZAPro) because of the extra capabilities that they provide over the free product. As to the differences or pros and cons...

First up, I ought to note that there are a few pages at Zone Labs website that give high level overviews of the different products, though, being the site that sells the commercial versions, you'd expect these pages to highlight all the advantages of the pay versions.

As I see it, the basic differences are as follows:

Zone Alarm Free is a basic application firewall. It blocks unsolicited inbound connections (using the "stealth" concept so widely discussed in security forums), and it lets you either allow or block network access to a list of programs. It does have two main zones where you can set higher or lower security settings, the Internet Zone and Trusted Zone. But, within those zones, its configuration options are basically limited to a preset High, Medium or Low (off) range of settings. There is no ability to always block or allow a specific port or range of ports globally. And for program access, if you allow a program access out to a zone, it is completely allowed. If you block it, it's completely blocked.

There is the concept of "server rights" in the ZAF product, but again, if you allow a program to act as server in ZAF to a zone, it's all or nothing. No limit on ports or specific addresses. As for logging, this too is limited to an all, some, or none preset, with no ability to control things on a granular level.

Now all that isn't bad, but some people prefer to have a lot more control than that. In the overall firewall section, the ability to allow or block specific ports, regardless of program settings, may be desired. Or perhaps a config that "allows, but logs" is needed. (ZAF can't do that. It only logs what it blocks, and only if the slider is at the right level.)

For programs, perhaps it is desirable to allow access only on specific ports and to specific IP addresses or ranges, and perhaps you don't want these addresses in the Trusted Zone for general firewall purposes, but rather just for the one program.

These are the main differences between ZAF on the one hand and ZA+/ZAP on the other in so far as the options they share in common. However, ZA+/ZAP also include more options not at all addressed in ZAF. The most important may well be "Advanced Program Control" (which includes component level control). This not only monitors the components used by a program, and watches/alerts on changes and additions to these, but this same facility provides for the protections of "one program calling another program" to access the network on its behalf. ZAF doesn't have this capability. This is where most of the leaktest protections come from in ZA+/ZAP.

Next, ZA+/ZAP have "expert rules" both for global firewall settings and for application control. This is basically the ability to add rules based configs to the firewall and it is quite powerful. This was new in ZA+/ZAP 4.0 and has made ZA now a mix of application and rules based. You can see examples of these rules in threads in this forum section that I have posted.

This is where ZA+ differences end. ZApro continues by adding a Privacy tab that adds rather powerful controls for things like Ad blocking, cookie controls and "mobile code" control (ie. script, ActiveX and mime objects). And in a special version of ZAP, there is also a web content filtering feature.

There are a few more tools/modules in ZAP (and some also in ZAplus) that I didn't bother mentioning, like the E-Mail protections, cache cleaner, etc. They are somewhat minor as far as I'm concerned, though some people really like them.