To all Window users

[Ilwrath]

I agree with Glaucus.  Point me to something specifically wrong with Zone Alarm from a home user's perspective.  I mean, it is true that ZA is only as good as you configure it.  This is true of ANY firewall, though.  (Allowing all ports or all applications that ask for internet access to HAVE internet access isn't really very secure.)  

What ZA does (restrict programs, and notify programs attempting outward access) it seems to do very well.  Unless there's something we're missing here?

The truth is, I, myself, run Kerio Personal Firewall (aka Tiny Personal Firewall) because I like the fine-grained control over port ranges, etc...  But for your average user (my mom, cousin, aunt, etc.) I've always recommended ZoneAlarm.  As long as you give it some sane settings, it seems to be quite secure...?

[Ilwrath]

c'mon.... humor, people!!!  searches for UAE files often return results for United Arab Emirates, instead of our files for our favorite Universal Amiga Emulator.  ;-)

[Ilwrath]

Unexplained 100% CPU usage.

Not seen this, personally, but have heard of it occasionally happening.  Of course, Win32 apps do this all the time.  Surely it happens less often than say...  EXPLORER.EXE?

Kills all network traffic when disabled.

Uhm.... is that not the point?  If a renegade app could just kill ZA and then connect, ZA wouldn't be a very effective firewall, would it?  Stopping all traffic while disabled is the proper behavior, is it not?

Not able to be uninstalled cleanly.

Not encountered this problem, either, but it's really more of a Windows issue than a ZA issue.  Windows too easily loses track of it's DLLs and settings.  For example, I just had an issue with a certain popular video editing program's uninstaller....  The program had installed some new codecs.   Uninstalling the app broke not only the program's codecs, but also my standard Windows ones.  It wouldn't surprise me if ZA tramples a few DLLs associated with TCP/IP, such that it breaks a few things on it's uninstall.  I blame Windows for making it so damn easy for apps to do this.... I'd be surprised if Agnitum outpost pro uninstalls cleanly, as well...  ;-)

Really, the comments posted so far are problems common to all Windows apps.  IF you know of a SPECIFIC SECURITY problem, please let me know, as most of my family runs this.    

But, really, the ones posted above don't have much more weight than complaints about the ugly-ass brown interface....

[Ilwrath]

Right. Go to www.securityfocus.com and search for the number of issues about ZoneAlarm in the past.

Thanks for bringing some sanity to this, mikeymike.

Ok, there are a few things with ZoneAlarm, but looking over the securityfocus reports, I saw 4 actual reports on ZA in the past 10 months.  (As far back as I felt like clicking)  

I still don't see why ZA isn't secure for a basic home user, though.

1 was the SMTP exploit.  No home user should be running SMTP.  And if you're advanced enough you know how to securely configure SMTP, why the heck are you running a basic home-user firewall?

1 exploit wasn't remotely accessible.  Gee, if I can walk up to the home computer, I can probably do a lot more harm than bypassing the firewall.

So, honestly, two legitimate exploits in 10 months.  I wouldn't say ZoneAlarm looks much worse than Symantec Internet Security, or most any other PERSONAL firewall.  My argument is that they ALL offer a good base of protection if properly maintained and configured.  But, of course, don't get any false sense of confidence that ANY software is invulnerable. Even the best written software is going to get hit now and then.  (Witness recent SSH exploits surfacing.)

The lesson should be that NO product is perfect.  Make sure it's configured properly, and keep up to date with the patches and be wary of anything that seems amiss with a system.  This should be done no matter what software or OS you have.  :-)

Ask anyone who knows anything about computer systems security whether they think ZA is any good, and they'll laugh.

Odd... most sysadmins I know still recommend it.  It's a simple and basically secure package at a very reasonable price.