When ZoneAlarm announces a new security product, the world listens, and with good reason.
The company's anti-spyware and antivirus offerings have been heralded as industry standards. Its solutions have been a staple of the firewall and security sector for years.
Now comes ZoneAlarm ForceField (ZAFF) Beta, the company's first major new product in some time and its first foray into the relatively new arena of "virtual" protection.
The fundamental principle is much like that of the stunt double in movies. A replica of your PC is set up to take the hard hits out there in the browsing universe, while shielding the "real" you — your actual system — from potential peril.
ZAFF works in Internet Explorer (version 5.0 and higher) and Firefox (version 1.0 and higher) for Windows XP. Once installed, any browser-based attack will bounce off the virtual system.
Trojans cannot launch in your system because they never get to your system. Unauthorized downloads deflect off of ZAFF, as do malicious software installations. The product blocks keystroke logging, an effort by evil-doers to record users' keystrokes in the hopes of capturing passwords and other personal data.
ZAFF protects against phishing and alerts users to suspected phishing sites. It similarly deals with spyware and likely spyware sites. All these diverse defensive mechanisms draw on a powerful protective database made up of known fraudulent sites and heuristic analysis of unknown sites.
Even with all these protections in place, the app is smart enough and efficient enough to not grind internet activity entirely to a halt. It will stop an unsolicited download, for instance, but will allow downloads initiated by the user. We grabbed the popular chat tool ICQ and ZAFF let it sail through, only prompting us to confirm that we wanted the download.
Likewise, its warnings are just that: Warnings. You can go wherever you want. ZAFF won't stop you until it spots a malicious file or catches you entering sensitive information into a recognized malignant site.
We meandered freely into a dubious online casino and ZAFF immediately went code yellow, warning us not to enter any personal information, but we could have kept going, had we been so foolhardy.
Full command remains with the user. While ZAFF is geared to take down unsolicited badness, solicited malware is another story. As with our dubious casino, a user can in theory go out and find some badwear and bring it home on purpose. ZAFF will challenge your choice at each step of the way, but it will not stop you — if that's what floats your boat.
Should genuine, unwanted malware manage to slip through the defenses, ZAFF still offers protection. The nasties will be trapped inside the virtual bubble with which the application surrounds the browser. When that virtual browser shuts down, any leftover malicious code goes away with it.
