Right. Go to www.securityfocus.com and search for the number of issues about ZoneAlarm in the past.
Thanks for bringing some sanity to this, mikeymike.
Ok, there are a few things with ZoneAlarm, but looking over the securityfocus reports, I saw 4 actual reports on ZA in the past 10 months. (As far back as I felt like clicking)
I still don't see why ZA isn't secure for a basic home user, though.
1 was the SMTP exploit. No home user should be running SMTP. And if you're advanced enough you know how to securely configure SMTP, why the heck are you running a basic home-user firewall?
1 exploit wasn't remotely accessible. Gee, if I can walk up to the home computer, I can probably do a lot more harm than bypassing the firewall.
So, honestly, two legitimate exploits in 10 months. I wouldn't say ZoneAlarm looks much worse than Symantec Internet Security, or most any other PERSONAL firewall. My argument is that they ALL offer a good base of protection if properly maintained and configured. But, of course, don't get any false sense of confidence that ANY software is invulnerable. Even the best written software is going to get hit now and then. (Witness recent SSH exploits surfacing.)
The lesson should be that NO product is perfect. Make sure it's configured properly, and keep up to date with the patches and be wary of anything that seems amiss with a system. This should be done no matter what software or OS you have. :-)
Ask anyone who knows anything about computer systems security whether they think ZA is any good, and they'll laugh.
Odd... most sysadmins I know still recommend it. It's a simple and basically secure package at a very reasonable price.