ZoneAlarm Internet Security Suite
A newer version of ZoneAlarm Internet Security Suite is available.Or, Learn More About ZoneAlarm Internet Security Suite
Full user review
"ZoneAlarm is no longer the firewall it once was."
Still a GOOD firewall, anti-malware & anti-virus application.
The Gibson Research "Shields-Up" site (https://grc.com/x/ne.dll?bh0bkyd2) shows ZoneAlarm to be very much LESS than the full stealth firewall it once was; with a total of a mere 9 out of my system's first 1056 TCP ports set to full stealth. It used to show all of these first 1056 TCP ports to be full stealth.
I have been using ZoneAlarm since 2001. Back in the days when Zonelabs (the original developers of the progam) ran the show. The Gibson Research, on-line test page "Shields-Up" (https://grc.com/x/ne.dll?bh0bkyd2) said it all, in two words; FULL STEALTH! That's full stealth in every catagory. Like looking into a black hole for any scanner that happened by. THIS is the reason ZoneAlarm WAS the "world's #1 firewall".
Unfortunately, it appears this is no longer the case. Since Check Point have taken it over, ZoneAlarm has gone considerably down-hill in my opinion. The Gibson Research "Shields-Up" site now shows ZoneAlarm to be very much LESS than the full stealth firewall it used to be. (See my pros & cons above).
Management at Check Point; please note carefully. The task of a firewall is to completely hide the presence of a system's presence on-line. I.E., FULL STEALTH.
As I said, ZoneAlarm used to do this. But now it no longer does. Instead it clearly advertises the user's presence on-line like a flashing beacon on a dark night, to any scanner that happens by.
A "Stealth" port is one that ignores and "drops" incoming packets without informing the sender whether the port is "Open" or "Closed". When all of your system's ports are stealth your personal firewall doesn't make the mistake of "counter-probing", your system will be invisible to any random scans, which continuously sweep the Internet.
Even if your machine had been scanned earlier and it's presence recorded by a would-be attacker, a return to this IP address will lead the intruder to believe that your machine is turned off, or no longer exists. Could you ask for any better? Your firewall protected system is acting like a gaping black hole for TCP/IP packets. That's very cool.
On the other hand, "Closed" is the best you can xpect without a stealth firewall. At least the port is not "Open" and accepting connections from the probes which continuously sweep the Internet looking for exploitable systems.
Anyone scanning past your IP address will detect your PC, but "closed" ports will quickly refuse connection attempts. Since it's much faster to re-scan a machine that's known to exist, the of your machine's presence could well be logged for scrutiny at a later date — for example, when a new vulnerability is discovered and before the exploitation can be repaired.
This is why it is important for you to keep your system up-to-date with updates for your operating system. Because potential malicious intruders are discovering new vulnerabilities regularly. Even more important with a non-stealth firewall in place. In contrast, that's very un-cool.
My hope is to inform users of this software that they're using and to seek the assistance of the vendors in rectifying the condition.