Cautionary note re ZoneAlarm firewall, version 5

Cautionary note re ZoneAlarm firewall, version 5

Didn't find your answer?

ZoneAlarm is one of the more popular firewalls. If you have a current subscription you may be prompted to upgrade to version 5. Just be advised that this version seems to be a bit "buggy" and can cause system freezing and (unconfirmed) disabling of email virus checking. You may want to wait for the bugs to be ironed out before upgrading.

http://forum.zonelabs.org/zonelabs/board?board.id=inst
Clint Westwood

Replies (16)

Please login or register to join the discussion.

avatar
By slarti
04th Jun 2004 17:45

Why pay for firewall software?
When some of the free offerings are at least as good?

I have already mentioned Kerio and have heard nothing but good about Sygate, though I believe it is now difficult to get the free version.

As for an annual subscription, what for?

If it works, it works and does not need upgrades, unless the technology of the internet changes. That was the problem with ZoneAlarm, it used to be small lean and mean, then to justify regular income they tried to become all things to all men, became bloat-ware and stopped working.


In addition to the security measures mentioned by Helen, turning off the preview pane in your browser, and moving to a non IE browser will increase your security.

Thanks (0)
avatar
By Briar
02nd Jun 2004 08:54

Accounting web community works again!
I am glad I read this. I installed ZoneAlams v5 a couple of weeks ago and have been having problems ever since! I shall go back to v4.

Thanks (0)
avatar
By mxhoward
03rd Jun 2004 17:29

VPNs
Alan said: "VPNs are a problem for hardware firewalls too. Many *say* they support VPN passthru, but in practice only work with VPNs from certain manufacturers."

I certainly agree with the first sentence, but not the second. The failure of VPNs working through firewalls is down to the firewalls. VPNs on the whole are a concept, which for most people, will be embodied in software running on the PC. There's no hardware involved and no choice for the consumer to make.

Thanks (0)
avatar
By MBStafford
02nd Jun 2004 20:16

Also the opposite
Like David Moore, I have not had any trouble with my registered copy of ZoneAlarm 5. The only comment I would add is that I have disabled the email functions, since I am content to rely solely on my (up to date) anti-virus software in that area.

Thanks (0)
avatar
By alansingfield
03rd Jun 2004 10:56

Choosing a firewall/router
Helen, if you decide to go down the hardware route, this is what you need to think about:

1. Is your internet connection through a USB connection or ethernet? Most ADSL connections (through the BT line) are USB, NTL/Telewest are usually ethernet (the plug which looks a bit like a telephone jack). You will need a special kind of router for USB.

2. Do you want to use your internet connection around the house? A wireless router will allow you to connect to the internet from the bathroom if you want, but you'll need to add a wireless network card to your computer. Great if you have a laptop or your net connection is in the wrong room.

This page makes a reasonable go of explaining it all:
http://www.ntlworld.com/linksys/

Any decent computer shop should be able to advise you, try Aria or MicroDirect.

Alan.

Thanks (0)
avatar
By MBStafford
03rd Jun 2004 16:03

Setup
After reviewing the comments here and on the Zone Labs message board, it seems possible that ZoneAlarm 5 has a conflict with some other software in the email area, probably anti-virus protection. If you have up to date AV software, what additional protection does ZA give that you really need? My answer would be none, but I could be very wrong about this. As I said in my earlier posting, I have disabled ZA email protection on my copy and have had no problems. I did, however, have to reconfigure after upgrading in order to access my Netscape web mail account, but the Privacy Adviser alerted me to what was needed. It would seem that the default settings in version 5 are more aggressive than in 4.5

As far as VPNs are concerned, you need to put these in the trusted zone and possibly do some other tweaks as well. Firewalls are not the simplest of software to set up (I have no experience of the hardware kind).

All the above is, as must be apparent, just speculation and thinking aloud, so I can accept no liability for any catastrophes! Are there no real experts reading this thread?

Thanks (0)
avatar
By Helen Crowley
04th Jun 2004 11:02

Thanks Steve
I will research/try your recommendation over the weekend as I'm pretty annoyed with Zone Alarm. (I only have one PC at home, so don't think a hardware version is necessary really. I have broadband (yes even in the Highlands of Scotland!) so I just want to maximise my security as I don't trust the firewall within XP - in addition to software such as McAfee Virus Checker, Spybot,Adaware, and banning my husband from opening unsolicited dodgy looking E-mails on pain of me shopping with his credit card!)
I had the free version originally and all seemed to be ok but I felt it was fairly basic, so I thought I would trial the Pro version with a view to purchasing. Big mistake! During the period of the trial I had problems as mentioned in my previos post but then when the trial finished a few days ago I couldn't do anything on the internet at all! I ran my virus checker etc (nothing found)and in the end it was only after I had uninstalled the trial version AND re-installed the original free version that my PC remembered how to find websites, retrieve E-mail etc!

Thanks (0)
avatar
By mxhoward
02nd Jun 2004 14:14

Not impressed
I installed ZoneAlarm when I was having problems with my Cisco firewall a couple of months ago. It was OK but much more obtrusive than the Cisco. Over the last few weeks I seem to have suffered a lot of Internet gremlins - my PC seems to forget the how to find or use the ISPs DNS. I have noticed that there's an entry in ZoneAlarm's log corresponding to just about every problem. I'vce worked on the configuration - something you just don't have to do with Cisco, but never quite resolved all the issues. Finally I tried turning ZoneAlarm off and all the problems magically disappeared.

Now that I think back, the problems started when I upgraded to version 5 (of the free product, not the Pro).

Morale: you need to pay for good security.

Thanks (0)
avatar
By alansingfield
02nd Jun 2004 13:41

Hardware firewalls are more reliable.
I used to use ZoneAlarm, and found it spent most of the time trying to get on my nerves.

Now I use a LinkSys wireless router, for £60 it saves me a lot of trouble and I can share my net connection around the house.

The only benefit ZoneAlarm could possibly have over a router is that it gives you program-by-program control. You could always use the free version for this.

Thanks (0)
avatar
By mxhoward
03rd Jun 2004 17:20

Let's not get confused
First, although the domestic and small office user will often find them in the same box, firewalls and routers are not the same thing.

Second, firewalls and anti-virus software are not the same thing.

Ignoring the physical elements of analogue versus digital, at the next level up all data that passes over any network (Internet, LAN, WAN, dial-up connection, etc) is broken into chunks usually known as packets. Each packet has, at least, an address to say where it is going, a type which helps the recipient and network to deal with the packet, and a payload of data. On that basis, let's use an analogy of a postal service handling letters and parcels.

Each item that is carried by the postal service (our network) has an address of where it is to be delivered. Each town has a sorting office (the routers in our network) that either forwards items to other towns (computers on the network) or delivers them locally.

Because we live in difficult times the postal service and some businesses have decided to install equipment to scan their post for bombs and drugs (our firewalls).

When you recieve your post you don't want to bother with the junk mail so you look at each item and discard the obvious rubbish without opening it (our anti-virus and spam filters). Unfortunately you still open some junk mail because, as with the PC's filters, you just didn't recognise it as such.

In summary: Routers send stuff towards its destination; Firewalls look at stuff and decide if it is safe based on its characteristics; Anti-virus filters look at e-mail to weed out known problems.

If you only have one computer, you don't need a router. If you have more than one computer you probably (but not definitely) need a router.

In this day and age you should have a firewall. Some people say you only need one if you have a fast internet connection (eg broadband, cable or better). There's lots of software on your PCs that just listening for all sorts of messages - not just email - to be sent from other computers. Hackers make use of these listeners to attack any PCs that they can. The assumption is that dial-up connections are too slow for hackers to attack your PC. I recently removed 127 bits of rogue software that had come from the Internet via a dial-up line.

Anti-virus software checks your e-mail for known problems. E-mail is a valid communication, so the firewall won't block it. You need the anti-virus filter to check the content of the message for problems.

Thanks (0)
avatar
By Helen Crowley
02nd Jun 2004 16:56

Recommend?
So what Firewall (free or modestly priced)would you recommend for PC at home? My free trial of ZoneAlarm Pro has now ceased and I was having the same problems with PC forgetting how to find webpages even including my home page!

Thanks (0)
avatar
By mraccyd
28th May 2004 19:50

Exactly the Opposite
That's funny, I've actually found the new version to be less buggy than the last.

I don't know if this is any different as I'm using a registered copy rather than the free version??

Thanks (0)
avatar
By AnonymousUser
29th May 2004 20:54

I don't know about the free version
I am using the registered version and have been advised to roll back to the previous version 4.5 (with which I did not encounter any bugs).

The messages in the zonelabs user forum seem to indicate that problems with the upgrade are more widespread than not (and do not seem to relate exclusively to either the free or pro versions). If you got lucky and didn't encounter any problems then you have my congratulations (and envy).

You might want to download the eicar "test virus" and email it to yourself just to make sure that everything is operating as it should. Just a thought.

Thanks (0)
avatar
By alansingfield
03rd Jun 2004 16:43

Firewalls
Hi Maurice,

VPNs are a problem for hardware firewalls too. Many *say* they support VPN passthru, but in practice only work with VPNs from certain manufacturers.

Unfortunately, you have to suck it and see. Buy your router from a local shop, and then you can exchange it with a different make if it doesn't work!

Alan.

Thanks (0)
avatar
By alansingfield
04th Jun 2004 10:55

You're right there Mike
Mike,

Well I've never got a VPN working successfully, so I bow to your superior knowledge!

As for whether a user with a single PC should use a hardware router as a firewall; it depends whether you were going to pay for your firewall software.

My point was that routers are so cheap nowadays that you can buy one outright for less than you'll pay for 12 months subscription for firewall software.

A lot of this depends on who uses your computer and what for; if you don't open attachments automatically and avoid downloading software from Kazaa etc. then you'll have few problems.

On the other hand, if you have teenagers...

Thanks (0)
avatar
By slarti
03rd Jun 2004 18:44

Recommendation
Helen Crowley asked which other firewall might be appropriate for home use.

Since getting fed up with both ZA & ZApro I moved over to Kerio for my desktop protection and am very happy with it.

As with all good software products it keeps asking you if you want to allow programs to connect to your network or the internet (no I don't want Word to connect to the internet) but once you have set up a rule, that is it.

In the last 4 months I have only been asked if I want to accept upgrades, and it stopped dead a bit of spyware my son acquired.

Thanks (0)