Technology Exploration Project – M591
Internet Security, Is it worth paying for?
Introduction
Due to its shear convenience and number of uses, the Internet has grown exponentially over the last few years. With virtually every business being connected to the internet in some form and now 61% of British households having internet access (National Statistics, 2007), security is becoming a major issue. Furthermore, 84% of these household connections are broadband (National Statistics, 2007), meaning that the pc is generally always connected when in use.
For businesses security has always been a major issue, but with the advent of such facilities as internet banking, the average user is now conscious of the dangers. Most people are aware of the various authentication and security tools out there, such as firewalls, anti-virus/spyware/adware utilities, but they are unaware of their workings and weaknesses. People assume that if their PC has a firewall, it is safe from hackers, or that a virus scanner will find and stop all viruses, but this is not the case.
As there is a vast market for enforcing internet security, there are unsurprisingly many different software solutions available to cater for all of the levels of protection required. The general assumption, as with any product, is that there is a direct correlation between price and effectiveness. This article aims to compare and analyse a freeware product, and its commercial and licensed equivalent. The software that is going under the microscope is
ZoneAlarm Firewall, and
ZoneAlarm Internet Security Suite (here on referred to as
ZoneAlarm ISS), both created by Check Point Software Technologies. The latter solution is the commercial version with added features, all of which will be explained later in this article.
The Products Explained
The back bone of both of the aforementioned products is the firewall, in fact this is the sole utility of the freeware version. A firewall is a piece of hardware or software (software in this case) which is designed to stop unwanted traffic entering or leaving a network. Unwanted traffic comes in many forms. A couple of examples are a hacker trying to access private data (credit card numbers, passwords, etc), or a spyware program trying to transmit data from a PC to a remote location.
There are a wide range of firewalls available.
ZoneAlarm was chosen for this article as it is one of the most popular open source firewalls available.
ZoneAlarm Firewall Features
Program Control
ZoneAlarm gives the user complete control over which programs may transmit and receive data over the Internet. This is a valuable tool as it allows the user to visibly see what is actually using the network. Although the firewall alone does not stop the installation of spyware and adware, it does allow the user to stop the suspect programs from transmitting or receiving any data. It also helps in detection of the malicious programs as
ZoneAlarm highlights any network activity.
Port Control
ZoneAlarm also allows the user to ‘open’ and ‘close’ all network ports. Every program on a system that utilizes a network does so via the use of ports. Ports split up a single IP address into many different sub-addresses. Examples are HTTP uses port 80 and FTP uses port 21. The vast majority of users only require a few ports to be enabled, however without any protection all ports default to open. Many viruses or hackers aim to connect to certain ports to gain access to a system.
ZoneAlarm allows the user to only enable the required ports, any data being sent to a closed port will not be received.
Instant Cut Off
ZoneAlarm also features and instant cut off feature. This is a single button that can be pressed which literally simulates pulling the plug on your internet connection. No data may be sent or received by the PC. This is a handy feature as it allows the user to immediately stop all network activity if they fear that they are currently victim to a malicious attack.
Access Attempt Alerts
Finally
ZoneAlarm not only blocks selected ports and programs from utilizing a network, but it also alerts the user of attempts to use the network. These notifications are in the form of small pop-up windows which inform the user of which port was attacked, or which program is trying to access the internet. Furthermore
ZoneAlarm also reveals the IP address which was sending data to the closed port, or the IP address which the denied program was trying to contact. This information can be highly valuable in deciphering if the access attempt was innocent, or malicious.
ZoneAlarm ISS Features
ZoneAlarm ISS includes all of the basic utilities and features mentioned above for the freeware firewall. However, as expected of a commercial version, it also boasts an array of additional tools. These are explained in brief below.
OSFirewall
The commercial version of
ZoneAlarm features an application level firewall, named OSFirewall (
ZoneAlarm, 2007). Conventional firewalls only control the flow of data to and from a PC, internal dataflow is not monitored. A basic example would be a locally stored malicious program that when ran, modified the operating system registry. OSFirewall would pick up on this and inform the user. They would then have the option to allow the modifications (if they were intended), or stop the modifications and highlight the program trying to carry them out.
Anti-Virus
An anti-virus utility is also included in
ZoneAlarm ISS. The anti-virus portion of the security suite is fairly self explanatory. The latest version of
ZoneAlarm ISS integrates the multi award winning Kaspersky anti-virus engine (PC World, 2006). This combined with hourly virus signature updates does make it stand out above most freeware and even commercial competition (
ZoneAlarm, 2007).
Anti-Spyware
Once again, anti-spyware is fairly self explanatory. The
ZoneAlarm ISS anti-spyware was initially relatively poor, allowing many spyware programs to be installed. However, in the recent releases it has been commended and received excellent reviews from such sites as cnet (CNET, 2007) and zdnet (ZDNet, 2007). The antispyware utility also includes a spy site blocker. This stops the user from accidently accessing or being re-directed to spyware distributer sites. It also prevents already installed spyware from sending out information (even if internet access is granted by the firewall) or updating itself (
ZoneAlarm, 2007).
Identity Theft
With e-comerce and e-banking becoming ever increasingly popular, identity theft is emerging as a serious issue.
ZoneAlarm ISS hosts numerous counters to identity theft, however most are only effective in the US.
Firstly,
ZoneAlarm ISS offers education tools to inform and teach the user about identity theft, and how to avoid it.
Secondly Zonealarm ISS monitors known stolen credit card lists from vendors and consumers. It then alerts the user if a match is found.
The other tools are available in the US only.
ZoneAlarm ISS can stop pre-approved credit card offers which contain sensitive financial data. This is done via the use of a credit industry service (
ZoneAlarm, 2007).
ZoneAlarm ISS also provides a low cost public records report. This can help alert the user of fraud, such as false DMV records (
ZoneAlarm, 2007). Finally
ZoneAlarm ISS offers personal phone help and counselling to its registered users. This phone service provides the users with advice and help in the case of identity theft (
ZoneAlarm, 2007).
Anti-Phishing/Spam
Phishing is a fraudulent technique that tricks an individual into sending personal and potentially valuable information to a ‘fake’ third party. An example of this is a person sending an email to someone, claiming to be their bank. The email requests the internet bank log on information saying that they need it for administration purposes. This is a fairly obvious example which would trick very few people, but there are highly complex phishing scams in operation involving near identical clone websites to official banks and organisations.
ZoneAlarm ISS scans received emails and warns against potential phishing related emails.
ZoneAlarm ISS also incorporates an anti email spam feature. This helps to remove the general advertisement related spam emails, but also cuts off some phishing emails before they are even received (
ZoneAlarm, 2007).
Wireless Networks
ZoneAlarm ISS instantly recognises any new wireless networks that the pc connects to. This ensures that the system is secure from the outset. It also remembers any previous wireless networks that the system has connected to, removing the task of re-configuring program and port access to old network connections (
ZoneAlarm, 2007).
Parental Control
The parental control facility allows certain websites to be completely blocked, even if accessed through a proxy server. This is of obvious use for parents blocking inappropriate sites from their children, but is also of use for companies stopping their employees from general ‘surfing’ of the web (
ZoneAlarm, 2007).
Instant Message Protection
ZoneAlarm ISS also includes Instant message protection. Many people use various instant message programs to communicate with other people over the internet.
ZoneAlarm ISS encrypts messages from the more common programs so that they cannot be easily monitored if intercepted by a third party. The programs which
ZoneAlarm ISS supports include Yahoo Messenger, Trillian, AOL Instant Messenger and ICQ (
ZoneAlarm, 2007).
Smart Defence
ZoneAlarm ISS finally incorporates a facility which has been named
SmartDefense.
SmartDefense ensures that
ZoneAlarm ISS is continually updated and configured to handle the latest most prominent threats (
ZoneAlarm, 2007).
Usability and Weakness have a Direct Correlation.
In the case of
ZoneAlarm and
ZoneAlarm ISS, as with many programs, there is a direct relationship between correct usage and effectiveness. Thankfully most of the additional features implemented in
ZoneAlarm ISS are self explanatory. For example the virus and spyware scanners are simple, one click applications. They do include further options and settings but even these can be understood and changed as required by the majority of computer users.
The firewall present in both
ZoneAlarm and
ZoneAlarm ISS is different however. If the firewall is incorrectly configured, it will not function as wanted. The firewall is extremely flexible with many features and options, unfortunately this in turn increases the complexity of usage and configuration. Checkpoint has attempted to resolve the complexity issue by creating a number of high level choices which in turn manage and automatically set up many smaller and complex options.
Firstly the firewall sets a network as one of two ‘zones’, trusted or internet. Networks which are defined as trusted are generally local networks, where the user can vouch for the other PCs which are connected to the network. Networks defined as internet are the opposite, whether it literally be the actual Internet connection, or simply a larger network which the user is unsure of. Each of these zones has further configuration options. Generally the trusted zones have slack security, more open ports and program access with fewer access attempt alerts. Whereas the internet zone will be the opposite. Once the user has set up the two zones as they wish, it enables them to add and configure new networks with only one input from the user, is the network trusted, or internet? This approach of high level questions managing many smaller options is a good idea. It enables less confident people to still set up a fairly secure firewall, while still allowing for precise configuration by people who have a greater knowledge of the software.
However, the firewall configuration process can still seem daunting to people who are less sure with the software or even computers as a whole. The results from the questionnaire confirm this, with 65% of people questioned finding the configuration of the firewall challenging. Even after it was initially configured, it still took most people at least a few hours to become sufficient in its use. This is likely because in the first few hours, the most questions get asked. If the user has chosen medium – High security, the firewall will ‘ask’ your permission each time a new program tries to access the internet. It remembers your choices so you can permanently enable internet access for set programs. This means you do not have to repeat your answers.
The Price of Security
Is
ZoneAlarm ISS worth the £29.95 license fee? This question is difficult to work out, as the answer differs with varying scenarios. One must first ask “How valuable is the data stored on my PC?”. If the data is of any value, then some security measures should be taken. However, the question becomes even deeper as virtually all features implemented in
ZoneAlarm ISS, can be obtained by use of multiple freeware programs. Examples of these programs are AVG anti-virus, Spybot, Adaware and of course the
ZoneAlarm free firewall.
ZoneAlarm ISS does however generally out perform these freeware products as mentioned in the reviews listed earlier, and indeed the virus testing carried out for this article. The speed which viruses are detected is highly important. The chances are that most virus scanners will discover a virus when a full system scan is run. Real-time protection and discovery however greatly varies, and it is an important factor. If a virus manages to make it into the start up list of a computer, and is not discovered before the PC is rebooted or turned off, it will be executed the next time the PC starts up. The virus can then wreak havoc on the system, especially if the system lacks an application layer firewall such as OSFirewall.
The roughly £30 price tag gives the purchaser the license to use
ZoneAlarm ISS on three separate PCs for a year. This works out at £10 per pc a year, or under 3pence per pc, per day.
Benifits of an All in One Solution
Although most utilities embedded within
ZoneAlarm ISS can be obtained via freeware, the all-in-one solution has added benefits. To obtain anywhere near the functionality of
ZoneAlarm ISS, 4 separate programs are required. These consist of a firewall, an application level firewall, a virus scanner and a spyware/adware scanner. The additional resources required to run four separate programs simultaneously will be noticeable on slower systems.
ZoneAlarm ISS reduces memory overhead by sharing resources between its different utilities, which obviously will not happen with separate independent programs.
Setup is also far simpler for the all-in-one system of
ZoneAlarm ISS. Everything can be accessed from a central control panel. Management and administration is much easier, with all scan times, options and logs available from a single location.
A known saying fits well for
ZoneAlarm ISS, “The whole is far greater than the sum of its parts”.
Ideal Market for ZoneAlarm ISS
Although it is clearly visible that I have a bias toward
ZoneAlarm ISS, it is not for everyone. The advanced firewall and OSFirewall options only come into their own with a detailed configuration. The average PC user will not understand all of the options and consequences of enabling or disabling various filters. For the average user, a reasonable router firewall or
ZoneAlarm Free firewall combined with a freeware virus scanner will be sufficient.
In the case of valuable personal data, a home office, or small office,
ZoneAlarm ISS would be recommended so that all bases are covered. It is a relatively cheap and reliable security resource with many features.
For valuable business data, a higher level of security would be required. Data encryption and more complex and thorough authentication protocols should be used. This does not stop
ZoneAlarm ISS being effective when used in combination with these further security methods.
Conclusion
There are situations where freeware is sufficient and situations where a more in depth solution is required. Generally any business will require a licensed Internet security package as companies are bound by law to protect any personal data stored. Also a breach could cost the company financially.
The task in choosing between freeware and commercial products for the public is far more difficult. People are using their PC for more and more tasks. This means a wider range of data is being stored and transmitted over the internet. Without adequate protection they risk loss of potentially costly data. As the Questionnaire shows, people are aware of the dangers and generally try to protect them selves, however they are reluctant to part with money for Internet Security solutions. This may change in the future, in the 14 days which I have had
ZoneAlarm ISS installed, it has blocked nearly 27000 access attempts, 600 of which were high rated.
Reference List
Information has been sourced from the sites listed below.
Appendix
Virus Scan Tests
Promptness
The first test carried out was to detect the promptness of virus discovery. A well know virus was placed on a system. Instantly
ZoneAlarm ISS Anti-Virus found the virus and removed it. A leading freeware Virus Scanner, AVG, was also running at the time. As can be seen, AVG was running in the taskbar but failed to pick up on the virus. It did find the virus when a manual scan was run.
Accuracy
The second test carried out was based on accuracy. A file was created which included code similar to many Trojan horse viruses. The file was completely harmless and not a virus. AVG reported the file as a virus when the directory was opened. It continued to display warning messages throughout the experiment. Even after a manual scan,
ZoneAlarm ISS Anti-Virus correctly found the file to be clean.
Internet Security Questionnaires
The first questionnaire was handed out to 30 people. It was designed to discover people's general knowledge and their priorities when it comes to Internet security.
The second Questionnaire was handed out to 20 people. 18 people currently used or had tried
ZoneAlarm Free firewall, 2 people currently used
ZoneAlarm ISS. It was designed to find out their general feelings on the products.
