EDGE 2015 is starting in

Find out more EDGE 2015
Menu
ZoneAlarm ForceField: Compromised in sixty seconds

ZoneAlarm ForceField: Compromised in sixty seconds

Check Point's virtualized browser security client, like would-be panaceas before it, fails to live up to the hype

Check Point Software's new Web browser security software, called ZoneAlarm ForceField, integrates a host-based firewall, anti-spyware, Web site rating, anti-phishing, and keylogger-jamming into a limited virtualization environment with the elegant user interface you've come to expect from the ZoneAlarm brand. Its goal is to provide superior anti-malware protection against the increasingly prevalent and complex threats posed to Internet surfers.

To be frank, I've reviewed similar over-marketed and under-effective virtualized or "sandbox" security clients over the years (most notably GreenBorder, subsequently acquired by Google), all of which promised to provide superior protection against all malicious Internet threats. Unfortunately, although ForceField does offer some real improvements over the other products I've reviewed, it wasn't enough to stop malware from infecting my test systems. In less than a minute, by clicking only my third malicious Web site link, my test system was silently compromised without so much as a chirp out of ForceField. This is not to say that ForceField didn't deliver some protection and detection, but I'm getting ahead of my review.

Although I am overly skeptical of limited virtualization products, I'm a big fan of both Check Point and ZoneAlarm, and I was eager to see what the solution brought to the space. Unfortunately, Check Point's accompanying whitepaper re-awakened my initial skepticism by using new, unnecessary technical jargon ("Web-based Super Attacks," "New Advanced Technologies") and over-promising the protection ForceField can provide ("reject all changes to the user's PC unless the user specifically solicits them"), while overly criticizing traditional defenses.

Browsing for trouble

Much of what ForceField claims to do (file and registry virtualization, blocking drive-by-downloads, and so on) is also claimed by Microsoft in Windows Vista and Internet Explorer 7 Protected Mode. Accordingly, I ran the tests on unpatched versions of Windows XP Pro SP2 with Internet Explorer 6 and Firefox 2.0, with intentionally older versions of common browser add-ons. I wanted to give malicious Web sites ample opportunity to infect the underlying operating system while giving ForceField the best chance of being the sole blocker (versus measuring unexpected browser or operating system defenses).

I then installed ZoneAlarm ForceField v.1.0.331.0 with default settings and surfed to dozens of known malicious, live Web sites. I opened malicious links listed on www.shadowserver.org and www.dshield.org, and found others by searching for Web sites with the string "killwow1.cn/g.js" in the source code. The latter string is associated with thousands of recent, maliciously infected Web sites. Note: Don't attempt to duplicate my query unless you are prepared to wrangle with malicious code.

Installation of ForceField went smoothly as promised. The footprint is small (just 4MB to 5MB), and configuration is minimal. After installation, a small ForceField icon appears on the status bar, and a new ForceField menu bar is added to the browser. Clicking on the icon allows access to the limited and self-explanatory configuration menu.

The only notable option that needs more explanation is the Clear button. This button is to be clicked when the user decides that the data in the virtualized browser environment should be deleted prior to ForceField deciding on its own. This option is a benefit as well as one of the weaknesses of this product and its similar cousins. Asking end-users to decide when to reset virtual environments is circular logic. If end-users could consistently and appropriately recognize when they were exposed to malware in the first place, they wouldn't need the virtual environment.

EDGE 2015:: For all the latest on EDGE 2015 including the keynote speakers visit the EDGE mini-site now

Follow Us

Join the ARN newsletter!

Error: Please check your email address.

Upcoming

Slideshows

In Pictures: 7 things we hate about Twitter

In Pictures: 7 things we hate about Twitter

You probably either love Twitter for its quirkiness and brevity or see it as a pointless waste of time. After nearly a decade on the social scene, Twitter still needs to improve its user experience and fill in notable gaps in the service. These seven problems are long overdue for a fix.

In Pictures: 7 things we hate about Twitter
IN PICTURES: EDGE 2015 - Sponsor Briefing

IN PICTURES: EDGE 2015 - Sponsor Briefing

With EDGE 2015 rapidly approaching, ARN and Reseller News NZ held a Sponsors Briefing where ARN publisher and president, Susan Searle, and Events Manager, Alexandra West, ran through the considerable logistics in detail. Attendees then enjoyed some splendid canapes and drinks. EDGE is designed to bring the A/NZ channel together in a collaborative and educational environment. Themed around channel channel leadership, EDGE will be held at the Sheraton Mirage, Port Douglas, July 20-23. Photos by MIKE GEE.

IN PICTURES: EDGE 2015 - Sponsor Briefing
In Pictures: Robots that cook, clean, sing and dance

In Pictures: Robots that cook, clean, sing and dance

Cooking, learning language and doing the laundry are a few of the human skills demonstrated by.real humanoid bots featured in the National Geographic movie Robots.

In Pictures: Robots that cook, clean, sing and dance

iasset.com is a channel management ecosystem that automates all major aspects of the entire sales, marketing and service process, including data tracking, integrated learning, knowledge management and product lifecycle management.

Show Comments