Recently, The Tech Herald told you about a new tool from Check Point Software, ZoneAlarm ForceField. ForceField places a two-way bubble around the browser, offering protection from drive-by downloading, unwanted Malware, and other threats. However, yesterday reporter Roger Grimes of InfoWorld posted a review that left me with some questions.
Was the recent review of ForceField influenced by the dark side? (IMG:J.Anderson)
Roger is known, his reporting style is one that pulls no punches, and he is respected by many online. His recent review however, where he tested ZoneAlarm ForceField, left me wondering if the review was designed to fail. After all, when testing software, if you want it to fail or expect poor performance, you will get it no matter what tests are run. “To be frank, I've reviewed similar over-marketed and under-effective virtualized or "sandbox" security clients over the years…Unfortunately, although ForceField does offer some real improvements over the other products I've reviewed, it wasn't enough to stop Malware from infecting my test systems,” Grimes reported.
The test, which compromised ForceField’s protection in under a minute, took place on “unpatched versions of Windows XP Pro SP2 with Internet Explorer 6 and Firefox 2.0, with intentionally older versions of common browser add-ons.” Grimes said he did this, “to give malicious Web sites ample opportunity to infect the underlying operating system while giving ForceField the best chance of being the sole blocker.”
After installing ForceField with default settings, he went to several known websites to test. “I opened malicious links listed on [shadowserver.org] and [dshield.org], and found others by searching for Web sites with the string "killwow1.cn/g.js" in the source code.” The third link, according to his report, infected the system, as planned.
I say as planned here, because by his own admission, he tested ForceField on an unpatched operating system with outdated add-ons. The test was bound to fail, despite the offerings of ForceField or any security product, because it violates the general principal of security. Security must be layered, software must be updated; anyone, home user or business security officer, must remember no one product or service will fully protect you.
Roger Grimes is aware of basics of security, as is evident when he wrote, “ForceField is a good companion product to the ZoneAlarm Firewall. I tested the latest version of ZoneAlarm against the same malicious Web sites, and ForceField blocked more than the firewall component did on its own. By the same token, the firewall offered some protections that ForceField alone does not provide.”
Later he demonstrated that layered security and patched systems are inherently more secure when he adds, “More telling in the grand scheme of things, ForceField proved less effective than a fully patched version of Windows XP SP3 running Internet Explorer 7 and fully patched applications.”
Again, I was a little shocked when I read Rogers report on the software. Like he, I am a huge fan of ZoneAlarm and have been for years. The software has its pros and cons, like any other security software, but I remember in the late 90’s and early 2000-2001 when “ZA” was the king of free personal security. To some extents, it still is to this day.
The article and overall review of ForceField starts out negative, “To be frank, I've reviewed similar over-marketed and under-effective virtualized or "sandbox" security clients over the years…”
It also ends negative, “…I found ZoneAlarm ForceField to deliver slightly above average protection (due to the anti-Spyware and anti-Phishing detection capabilities)… but I'm still not convinced that any product of this type offers complete enough protection to be strongly recommended.”
Was the review doomed to fail to start with? No one will know for sure, but based on the article it appears so. Companies have to deal with negative views of their products; it is a way of life. Therefore, I emailed Check Point Software to ask their opinions.
“ZoneAlarm ForceField is an important addition to existing PC security solutions because it blocks Web attacks that desktop security suites miss. As a result, ZoneAlarm ForceField complements existing security solutions on the market to provide enhanced security. ForceField is not designed to be used as the only security product on a PC as tested by InfoWorld. That is like testing an anti-Spyware product alone and finding viruses still pass through.” -John Gable, director of product management, Check Point ZoneAlarm consumer division
Again, security has to be layered for it to work right. Starting a review with a negative opinion based on past examples of technology or just a poor opinion overall of the technology, is no way to test. Nor is it a fair test to security products to place them in a situation where security is already subpar at best. I was baffled when I read the article at first, because there was no way ForceField could have passed.
The thing that stood out for me was that there was no control. Testing on under patched software, which was the main point of the review, offers no control or central point of reference. Roger is a multi-lettered security professional, so I was confused as to why he would want to test on a platform he knew, in his professional experience, would fail no matter the level of security software installed. This just makes no sense, and then to later give a semi positive response when testing on an updated and secured platform, contradicted the earlier methods and practices used in his article.
Tech Herald will have a review of ZoneAlarm ForceField coming soon; it is scheduled in the lab for late May, or early June. The review will test Roger’s examples, both on a fully patched system, and one that is completely unpatched. The reasoning for testing on a under patched system will be an attempt to replicate the InfoWorld review. Otherwise, the bulk of the test will be factored on a patched system running Windows XP SP3 with IE 7 and Firefox 2.x.
You can read the original review here: http://tinyurl.com/3uxjnd . While I may not agree with the review, the respect I have for Roger Grimes has not diminished. I have been reading his articles and work since 2004, and will continue to do so.
Comment on this Story