Force Field gets a new review. How do you think it did? (IMG:J.Anderson)
In this review, I’m going to cover ZoneAlarm ForceField. Recently, I wrote an opinion on the review published by InfoWorld in which they covered ZoneAlarm ForceField. I disagreed with the overall review and the methods used. With that said, I tested ForceField for myself. Here are my results.
ForceField was first released as a public beta last September. The program virtualizes only those parts of the user’s operating system that interact with the Internet. The virtualization technology in ForceField forms a bubble of sorts around the browser so that all unknown or unwanted changes from silent installs, better-known as drive-by downloads, are made to a virtualized file system and disappear completely once the user is finished surfing.
This Test of ForceField is designed to mirror the tests performed by InfoWorld. However, there is one catch; the systems that are going to be tested are all fully patched.
There was much thought placed into how this review of ZoneAlarm ForceField was to be conducted. The InfoWorld test used systems that were lacking with regard to current updates and operating system patches. This defeats the general rule of best practice with regard to security. As such, the Tech Herald review of ZoneAlarm ForceField will not mirror the InfoWorld testing environment as originally stated in the opinion article. This test is performed with the following settings and installed applications.
Windows XP SP3 (Completely patched w/ Internet Explorer 7)
1024MB RAM Dual Core Pentium @ 3.40 GHz
Adobe Reader 8
AVG Free 8.0
Open Office Portable
Install of ForceField was straight to the point. Other than picking out where to install the software, there were no settings or options to configure. Once installed, you are asked to register the software or start your free trial. After that, the browser is launched and you are shown a website, which explains how to read the ForceField display. (ForceField currently works with both Internet Explorer and Firefox.)
There are four buttons in the ForceField display; the master control button, which is marked by the ForceField logo, Protection Activity, Site Status, and Private Browser. Briefly, here is a rundown of what they do.
Master Control - This button, as seen in the image, offers quick access to the program's settings, Web-links (ForceField and ZoneAlarm Online), and help.
The settings section allows control over updates, confirmation control, and startup. The advanced settings tab will offer various functions including what levels of web protection you want, and if you want to enable or disable virtualization.
(Note: It is wise to leave all of the advanced options enabled if you want full protection out of the software. Also, virtualization is the key to ForceField, disabling this will make the reasoning behind the program moot.)
Protection Activity – Gives you an overview of what you have been protected from on the current website. If you hold your mouse over the button, it offers an at-a-glance look at the protection information as well.
Site Status – Offers information on the site. It will tell you if the site is malicious, as well as offer other information such as how long the site has been around. Holding a mouse over this icon will offer basic information.
Private Browser – This button will offer single click access to a single browser where nothing is logged. When using this option, the ForceField bar turns a lovely shade of blue, and alerts the user to the no logging changes.
This test and review will use the same sets of data that InfoWorld used. To quote the InfoWorld review, “I opened malicious links listed on [shadowserver.org] and [dshield.org], and found others by searching for Web sites with the string "killwow1.cn/g.js" in the source code.” The third link, according to the report, infected the system.
Starting with Shadowserver.org, the list for 14/05/2008 was the sample data used. (At the time of this writing, it was the most current.) In this test, all of the listed sites (seventy-seven), were visited. Unlike past reviews, where security software is rated on what it blocks or removes, there is special attention paid to the percentage of sites blocked or missed. While there was no mention of exactly how many sites from Shadowserver.org were visited in the InfoWorld review, all of the listed sites were hit for the Tech Herald review in order to offer the best sample of known malicious data from this source.
Interesting test notes (Shadowserver.org):
- Sites that pull a “RED” alert from ForceField are prevented from loading. You are told, “Nothing bad has happened yet,” and offered a chance to go back to a page that simply says, “You are safe now.”
- Twenty-eight sites were blocked by both AVG Free 8.0 and ForceField.
- Seventeen sites were blocked by AVG Free 8.0 but missed by ForceField.
- Sixteen sites were blocked by ForceField but missed by AVG Free 8.0.
- Of the sites blocked by both AVG Free 8.0 and ForceField or by ForceField alone, ForceField showed eight “RED” alerts and thirty-six “Yellow” alerts.
- Both security applications failed to block six sites.
- There were ten sites on the Shadowserver.org list that were in error (Suspended, 404, 403, etc.).
The Shadowserver.org test offered a data list of seventy-seven confirmed to be malicious. With the error websites removed, there were sixty-seven websites visited.
Based on the Shadowserver.org test alone, the InfoWorld review is blown out of the water. ForceField did exactly what it promised. It offered a warning or outrightly refused to load a site on forty-four sites out of the sixty-seven tested. That is just over sixty-five percent coverage on its own. However, when you factor in the blocking average of AVG Free 8.0, which was sixty-seven percent or forty-five out of sixty-seven sites tested, you can see the power of the two programs.
In all, there were sixty-one sites flagged. That is a success rate of ninety-one percent for the test. The object was to use ForceField as it was intended, as another layer of security on a patched and updated system with some sort of anti-Malware scanning already in place.
(NOTE: AVG Free 8.0 details: http://tinyurl.com/4gvkgy)
The next test was on dshield.org. If you are not familiar, dshield.org is a useful resource as it lists various data on attacking IP address, targeted ports, and more. One of the common uses for this site is to collect IP addresses to block. Dshield offers a Top 10 list of attacking IP addresses, so for this test, the Top 10 list was used. The InfoWorld review of ForceField only mentioned using dshield.org, and not the methods.
Interesting test notes (dshield.org):
- Out of ten sites, four showed no web server like activity. The other six that were web pages failed to be blocked by either AVG Free 8.0 or ForceField.
- One page was a Chinese Beijing Olympics login portal
- Another page was an IIS informational page
The test here is inconclusive. It is unknown if the issues mentioned in the InfoWorld review are linked to dshield.org testing. After the dshield.org part of the test, AVG Free 8.0 was used to scan the system. The system scan was started to check the health of the system after six of the ten dshield.org sites were not blocked when they loaded web pages. These sites might not be black listed by either security program for several reasons. However, because they are known as attacking sites, they could be malicious to the passer by online.
There is also the fact that dshield.org lists only IP address, and not the structure of the website. Therefore, if there were malicious files on one of the six sites that loaded, simply viewing the main IP on port 80 might not be enough to trigger any type of attack.
There is nothing to say about this test, that isn’t obvious, ForceField and AVG Free 8.0 both failed to stop six out of the ten sites. The status of those sites are known, they have been reported as attacking IP addresses. With that said, there is also no proof they are harmful to a user by merely visiting them. The scan of the system located several tracking cookies, from DoubleClick, Trafficmp, Webtrends, Mediaplex, 2o7, and others, but nothing malicious.
The third test involved searching Google for "killwow1.cn/g.js" and attempting to visit pages that are shown to be malicious. As of 2008/26/05, 44,300 sites were returned by this search. Of these forty-four thousand plus sites, maybe a hand full are malicious. AVG Free 8.0 uses Link Scanner, which places a small red ‘X’ next to a malicious search result. During the test, the first twenty flagged links (those with a red ‘X’) were accessed. According the InfoWorld review, it was the third link that infected the under patched system.
In this test, the third link with a red ‘X’ was a site named SeekingandFinding.com. While it is not known what the malicious payload was that attacked the test system, it did cause ForceField to throw an error and asked to report information. On top of that, the system itself locked up and needed a reboot.
Once the system was back online after the restart, the test was launched again. There were no notable changes to the system; so far, the only issue from loading that page was a system freeze. The third link, again Seekingandfinding.com, wants to load a ‘Shell WebView Content and Control Library’ according to Internet Explorer. The browser blocked the ActiveX control; however, ForceField now shows twelve items blocked according to the Protection Activity button. (Note: Remember these links are being followed against the warnings issued by AVG Free 8.0.)
Another website, understanding-islam.com, wants to load ‘Microsoft Data Access – Remote Data Services’. However, once again Internet Explorer blocked the ActiveX and ForceField blocked twelve threats. At this point all three of the original sites were loaded again post system crash with no errors. For the next set of sites, Google blocked one of them with a Malware warning. The other two sites visited during this set were uneventful, as Internet Explorer blocked content on one site, and denied an ActiveX control on another.
According to Google, “Of the 266 pages we tested on the site over the past 90 days, 40 page(s) resulted in malicious software being downloaded and installed without user consent. The last time Google visited this site was on 05/18/2008, and the last time suspicious content was found on this site was on 05/14/2008. Malicious software includes 40 Trojan(s), 6 exploit(s), and 2 scripting exploits. Successful infection resulted in an average of 18 new processes on the target machine.” (Note: These details come from the added information recently reported on here: http://tinyurl.com/4b4odw)
The results of this test made another point about layered security. Google blocked four sites, Internet Explorer prevented ActiveX exploitation, AVG Free 8.0 warned about the links being harmful before they were accessed, and to top it off, ForceField averaged twelve actions per page blocking malicious content.
In the opinion on the InfoWorld review, I made a point that if you want a test to fail, it will. Likewise, if I want a test to pass I can make it pass. With that in mind, every test performed can be replicated. These results can be tested by anyone.
The test and review of ZoneAlarm ForceField proves without a doubt that the InfoWorld review of ForceField was way off the mark. The largest problem, is that to ensure a fair and proper test, you need to start with a clean, fully patched system. If during this test, I had used XP SP2, Internet Explorer 6, and left off a few months worth of patches, all of the exploits would have worked.
ForceField is not a cure all security program. During this test, it is obvious that AVG Free 8.0 made up for the lack of protection that ForceField offers. The thing that makes ForceField shine is that it works with Firefox or Internet Explorer and any other security suite you have. When used in conjunction with other security software, ForceField offers a serious layer of defense to a computer. AVG Free 8.0 was tested here, but ForceField also worked with Norton 360 2.0 (The testing with 360 was different, as many features overlapped.), and AVG Internet Security 8.0, just to name a few.
Overall, if used properly, ForceField is a great tool. You simply have to remember the rules with security to get the most out of it. These rules are simple. Update and patch daily. Layer your security, and use a little common sense.
ZoneAlarm ForceField earns a solid 98 out of 100 for the actions demonstrated during these tests. It crashed once, but still managed to protect the system before it went down in a blaze of glory. Take the trial for a spin, and if you like it, the cost is affordable to keep it.
The system crash was preempted by a virtual memory warning. This happened as a known malicious site was being loaded. There is no solid proof, one way or another, that the site caused the crash or a program error caused the crash. There is also the fact the VM machine running the test at the time could have caused the crash.
During this test, most of the sites visited or linked too because of an Injection Attack were in Chinese. With that said, there were no translation packs downloaded to the virtual system.
From our Other Sites
This Japanese guy cooks up some pancakesâ€¦nothing special there right? Well he uses tiny implements to do it and makes perfect little pancakes. Kinda cool and they look tasty!
Well this one has been trending all over the web, just what color is this dress? It all started in Scotland when the mother of a bride-to-be sent a picture to her daughter asking what she thought of the dress. The bride and groom each saw the image differently, this then got posted online and picked up by some viral sites. The lighting in photo is probably causing different people to see it as either white and gold or blue and black. Prof Stephen Westland, chair of color science and technology at a University in the UK told the BBC that it was impossible to see what other people see but that it was most [â€¦]
Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.
McLarenâ€™s 675LT will debut at this yearâ€™s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate [â€¦]
Some cool McLaren 675LT Wallpaper. The McLaren 675LT is the latest coupe to come from the supercar maker and has a top speed of 205mph.Click on an image to open a page with multiple sizes that you can download to use as wallpaper for your mobile or desktop.More McLaren Wallpaper.
This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western [â€¦]
This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robotâ€™s arm. For a sense of scale the roverâ€™s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASAâ€™s Goddard Space Flight Center.
This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.