Is there really something wrong with Zone Alarm?

Discussion in 'other firewalls' started by Diver, Mar 5, 2005.

Thread Status:
Not open for further replies.
  1. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Lately there seems to be a fair amount of bashing or the personall firewall market leader, Zone Alarm. Is this really deserved. There seems to be a parallel with Norton Anti Virus, the market leading AV. Its a big target, so take a shot. Thre have been a lot of reports ofNAV not working. Is this going on with ZA in its present form?

    I have not used ZA in a while, except for brief tests. Many complain of bloat, but memory usage is about 15MB, which would put it in the midrange. The liteweights run about 5 to 7mb and several of the heavies (Kerio 4, Tiny 6) are over 20mb. I could never get Outpost to drop below 20mb, despite reports that it swaps out to 7mb.

    Thre is a lot of stuff in ZA that does not belong there, but it can be turned off. How much memory it takes is anyone's guess, but only one gui is needed to run everything.

    After looking at some of the links in other threads to various proof of concept baddies, it seems to test well and gets constant fixes and upgrades from its developers. The corporate parent, Check Point is definitely a class act. The initial version 5 mess-up seems to be in the past.

    So, ZA lovers and bashers, what is the real deal? If no one talks me out of it, I just might trial the beast.
     
  2. meneer

    meneer Registered Member

    Joined:
    Nov 27, 2002
    Posts:
    1,132
    Location:
    The Netherlands
    By all means, do.
    It's kind of a religiuos debate on what is best or not. I like OP and I don't care about the memory use, I don't see the relevance on my system, since the system tray is filled with other stuff that I don't use.
    I'm trying to setup the corporate version (integrity flex) and that's another beast. This is one system that you don't want to use at home.
     
  3. Jimbob1989

    Jimbob1989 Registered Member

    Joined:
    Oct 18, 2004
    Posts:
    2,529
    I've used it before and might go back to using it sometime. Its a reasonably robust firewalls but its pretty user friendly as well.

    Testing the product soudns like a very good idea and see if it suits your needs.

    Jimbob
     
  4. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I think it's basically a good firewall.. It does get some bashing due to version 5 problems and also the ever increasing "features". But the core firewall seems to be pretty good. Give it a try and see what you think. It's pretty simple, not much to play with like Jetico and others..
     
  5. Arup

    Arup Guest

    I would never bash Zone Alarm, comes with pretty good default rules and best interface for novices, in fact thats the only firewall I tell newbies to get. It consumes resources but is still lighter than Outpost.

    Norton is plain junk, why pay for it when Avast is free and is far better and less of a resource hog.
     
  6. steveUK

    steveUK Guest

    the free versions of ZA and Sygate often appear more secure in reviews than the free versions of Outpost and Kerio. Outpost being best in pro form.
     
  7. RAV

    RAV Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    70
  8. INTOXSICKATED

    INTOXSICKATED Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    485
    Location:
    Suburbia Hell
    i like zonealarm, however since version 4.5 it has not ran well on my comp. i would experience sluggish computer performance, problems with ftp, p2p, and yahoo messenger. i have made numerous posts in the zonealarm forums, and was able to get some of my problems resolved (kinda), but not all of them. i didn't even use allot of the "bells and whistles" za came with either. i will admit, my frustration with them has led to some bashing at times. :oops:

    ultimately all the reviews and recommendations become sort of pointless. they may be able to guide you in the right direction towards choosing, but remember that there is no firewall out there that everyone is perfectly happy with, and every program is going to have it's fair share of bashers. your final decision should eventually be whatever works for you and your computer set-up. i found my happiness with outpost pro 2.5 :D

    with most firewalls offering a free trial, it doesn't hurt to give them a try, see what you like, and don't worry about the bashers.
     
  9. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Based on the responses so far, I am beginning to think that ZA gets bashed for the bumps it hit in the road when version 5 came out.

    It is on my test box at the moment. What I have noticed is that expert rules are tricky. The need for a DNS rule threw me off and some applications do not require the same sort of rules they need with other firewalls.. Due to the amount of work involved, I expect to use them for only a few applications, mainly those requiring server access to work. It does have process termination protection, very cool.

    K-

    I know ZA is one of your time-to-time favorites. While not as accessable "under the hood" as rule based firewalls, thre is enough to play with.

    RAV-

    That link is to a very fine post, even if I am not looking for an integrated solution. There is no substitute for testing and objective analysis.
     
  10. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Well Diver, despite all of my "bashing". I would use the free version. I just do not intend to risk my $$, on a product that does not work properly when it is released. Well, o.k. nothing is perfect, I will cut them a little slack, BUT CheckPoint was way to slow in responding to the problems in version 5 and it took many updates in version 5 to get it even close to proper functioning.

    Why pay for things you are just going to turn off that makes no sense. :rolleyes: . There are other products that handle those jobs better. I have lost faith in the paid product.

    The biggest mistake Check Point made was dropping ZA Plus. :mad:

    You ask a good question and I hope I gave you an good answer.

    One final thing even with the free once it is on your system it can be difficult to get rid of. Not impossible and but difficult. ;)
     
  11. Mem

    Mem Guest

  12. RAV

    RAV Registered Member

    Joined:
    Jan 8, 2005
    Posts:
    70
    Funny thing about the bashing of the early version 5.x since I clearly remember the same discussions when 4.0 came out and now all you hear is that version 4.5 is so great. Version 5 worked for me without too many issues on 2 of my machines and now the latest rev. seems perfectly fine. They also offer a variety of flavors from free to full suite that should work for most people.
     
  13. mercurie

    mercurie A Friendly Creature

    Joined:
    Nov 28, 2003
    Posts:
    2,442
    Location:
    Sky over the Wilders Forest
    Mem,
    I did use this method. I am sure things would have been much worse had I not.

    RAV,
    All of version 4 worked fine on my machine. I admit there were reported problems but nothing like 5. I bought early version 4 from Circuit City retail box, and ended with update 5.5x and moved on from there. I also admit the real junk started to be added in version 4 like that "vault thing".
     
  14. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
  15. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    I have it up and running on my main box right now. Thanks for the tip on uninstalling. Things get changed around a lot here. One thing that takes a bit of getting used to is that it is not worth the trouble to set up tight rules for every little app that updates something by calling out to tcp port 80.

    There is definitely some extraneous stuff in ZA, but I suspect that the amount of memory that would be saved is not that much. Once you have the GUI and other supporting code, the additional features are probably not that large, and you do not have to use them. Its still lighter than all but the few rule driven firewalls known for their small memory footprint, and probably the most user friendly one on the market.

    I can definitely understand why if someone had a bad experience with a particular version they could sour on a product. The same thing happened to me with the disastrous initial release of NAV 2004. Even with reports of a major improvement in NAV 2005, it still makes me shudder. In another year Microsoft will probably have a desktop AV with massive sales and we will all be able to take pot shots at Bill for that.

    There are two firewalls that I have not really had a chance to look over carefully. They are Outpost and Tiny 6.x. I wand to learn these partially for the experience and also so that I will know what their users are talking about.

    PS: If you read the entire thread, you would have found that the phoning home thing was resolved. Properly set up, ZA does not phone home. Do you know your AV will now work if it does not phone home? Windows XP phones home more ways that I care to talk about. What do you think it sends to Check Point, your banking log on?
     
    Last edited: Mar 5, 2005
  16. flinchlock

    flinchlock Registered Member

    Joined:
    Jan 30, 2005
    Posts:
    554
    Location:
    Michigan
    P.S.S. I DID READ THE ENTIRE THREAD... out of the box, it does Phone Home. Per Corey Bridges of Zone Labs, you have to change some settings to stop that behavior... I do not trust that. And, as you said, "Properly set up, ZA does not phone home. That is apparently good enough for you, but not for me. Out of the box, all of that Phone Home crap should be OFF, and then ask to turn it on.

    Have a good day!
     
  17. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    When I did experiment with the expert rules some time ago, I found them very strange and a little buggy. I created some rules and somehow got my internet connetion blocked. So I deleted the rules, but never regained my connection. I had to reinstall ZA to fix things. I'd say their rules implementation is very odd and quirky based on what I've seen. But perhaps I need to try it again, now that I have a little more experience with rules.
    I think that's a fair conclusion.

    My only complaint about ZA is that they tried to add too many "features" to the Pro versions from 4.5 onward. Most of that stuff I don't need. I absolutely hate the AV monitoring feature. IMO it doesn't belong in a straight firewall product. They're obviously trying to sell you on the Suite with that. When I do run ZA, I use a vintage copy of ZA Plus 4.0.146. That's my favorite. :)

    I just may have to try out one of the new 5.5.x Pro versions though, just to check out the rules again. I do have a license so I might as well use it at least part time.
     
    Last edited: Mar 5, 2005
  18. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Exactly.. That's why I prefer Plus 4.0. Just the firewall and component control and rules.
     
  19. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Unfortunately that's not the way it usually works. I don't know of any software that asks you if you want it to phone home first. It's always turned on out of the box..
     
  20. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    Outpost phones home and provides its registration information so that the publisher can check it against a list of blacklisted serials. This can be turned off. ZA does nothing that sneaky.

    Some of the phoning home done by XP can not be turned off. It must be blocked by a firewall or, in some cases, by a host file entry.
     
  21. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    I don't think that's unreasonable on Outpost's part. Given how easy it is these days to grab a serial off a cracks/serials site, I'd say that's pretty smart of them. :) I suppose however that many would consider that a violation of their privacy.. I don't know. I can sympathize with the developer though.. It's too easy to steal software. If I wanted to, I could find serials for almost any firewall out there today. And that's not fair to the developers.
     
  22. Michael_aust

    Michael_aust Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    101
    Location:
    Lancashire (UK)
    The free version of zonealarm was the first firewall i used, until just before christmas I was using it and hadnt tried any others. Then I tried out sygate free version and prefered it more. I like its back trace feature thing. I only have limited experiance using the zone alarm security suite my unckle bought it and i set it up. I dont know what it is but the virus scanner it doesnt seem to have many options its like a few options and scan nothing else. I persopnaly have never experiance any problems that I have noticed with zone alarm except when Icused to use p2p networks and even if i let it connect i could download from them that was the only problem, but every version of ZA i've used had the same problem.
     
  23. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Diver, which version are you testing? Free or Pro? 5.5.x or earlier?
     
  24. Diver

    Diver Registered Member

    Joined:
    Feb 6, 2005
    Posts:
    1,444
    Location:
    Deep Underwater
    K-

    The serial check thingie is mainly used by smaller publishers. I suppose you don't have to buy it if you do not like it, and it can be turned off by not checking for updates with Outpost. However, this genuine windows advantage thing is something else. The validation is not permanent. You have to keep running the darn app (OK it is voluntary for now, but soon to be mandatory.)

    On the ZA expert rules, I have found all of the tutorials to be confusing. It took me several hours last night to get the hang of it. Each aplication must ahave a DNS rule and a terminating block rule. If you are having trouble start with very broad rules and narrow them down.

    One thing that really faked me out was that IE needs access to UDP on a randon port betweek 1024 and 5000 or it will not run. No other firewall that I have ever used needed a UDP rule. Mail clients may need a rule to connect to the antivirus mail proxy port. Lots of weird stuff.
     
  25. Kerodo

    Kerodo Registered Member

    Joined:
    Oct 5, 2004
    Posts:
    7,779
    Yes! I also noticed that IE used what appeared to be random ports and it drove me crazy trying to figure it out for a while. No other firewall seemed to need this, so why did ZA work this way?

    The expert rules are indeed confusing at first. I too realized that you need a DNS rule for each app as well as a final block all rule. Pretty weird and inconvenient.

    I'm sitting here trying to figure out if I should give that 602 Lan Suite a try. My curiosity always gets the better of me too. Damn... :D
     
Thread Status:
Not open for further replies.