Langa Letter: Software Suites Versus Standalone Tools
The new version of ZoneAlarm illustrates both sides of the debate, Fred Langa says.
In July, ZoneLabs (the makers of the popular desktop firewall, ZoneAlarm) released a major new version: It added new features to a product that had already grown far beyond basic firewall functions to include blocking of hostile E-mail attachments, monitoring of the antivirus protection provided by third-party tools, protecting against the outbound activities of mass-mailing worms, and more. With each new function, of course, the software package became larger and more complex.
The newest version adds still more features, including an "OS-level firewall" that attempts to prevent potentially hostile behavior by system-level software. Working in ways analogous to that of antivirus or anti-malware tools, the new ZoneAlarm also monitors for suspicious software behavior, but does so at a very low level, even trying to see which software components are opening threads and why. When it spots potentially dangerous actions, ZoneAlarm pops up a security dialog. You can block the suspicious action, allow it once, or allow it permanently.
This is potentially a very useful feature. Combined with ZA's normal firewall features, plus any good antivirus/anti-malware tools, and XP's own System Restore and Data Execution Prevention, ZA's new features should help lock down a system against just about all normal attack vectors.
But -- you knew there had to be a "but," right? -- the new ZoneAlarm is the most complex ever. The previous versions in the 5.x series had been creeping up through the 5MB range; the new 6.x version jumps to almost 9MB. An even more complex and complete version (which adds things such as its own antivirus tool, identity theft/privacy protection, anti-phishing and spam blocking, IM security/Web site filtering, and more) weighs in at 22MB.
Contrast this to a simple, basic firewall like floppyfw or Linux Firewall on a Floppy; these firewalls fit in their entirety on a single floppy disk. They don't do nearly as much as ZoneAlarm (and in fact take an entirely different tack), but do serve to illustrate how far beyond basic firewall functions ZA has grown.
Of course, this isn't a development unique to ZoneAlarm. Office tools, graphics tools, audio tools, development tools, Web tools -- in almost every area, software expands in size and complexity over time. In some cases, it's due to the addition of better error-handling and truly useful new functions. But in other cases, it's simply "featuritis," where the developers add bells and whistles to an already-fine product, due to the need (real or perceived) to have a "new" or "improved" offering. Sometimes, the new features are genuinely good; other times, they just end up being extra baggage.
Think of your own use of a common tool such as your word processor: How many of its features do you really use on a regular basis? Probably only a dozen or so, out of the hundreds and hundreds of features and functions it offers.
More Benefits = More Trouble?
ZA's growing complexity prompted me to write this in my newsletter when the new version first appeared:
My main concern with this and similar tools that are getting more and more complex is the possibility -- maybe even probability -- of negative interactions between different tools as each tries to carry out a similar function. Colloquially, we've referred to that as security tools "stepping on each other's toes."
As a result, I suggest waiting a bit when the new ZoneAlarm is offered (some users are getting the update notices right now...). The pre-update version is fine, and works well -- there's no urgent need to upgrade. Let other braver or risk-loving souls take the plunge, and watch for feedback. Once the new tool has been installed on a couple million systems (it won't take long) we'll know if there are problems with the new ZoneAlarm tool conflicting with, say, Norton or Sygate or AntiSpyWare or other tools. My guess is that some conflicts are almost inevitable; but I also think the folks at Zonelabs will get things fixed pretty fast. So, a few weeks or a month or two after release, the new ZA tools should be stable and ironed out enough to be fine.
As this is not a minor upgrade of the current ZA, but something far more complex, I strongly urge you not to jump in headfirst as soon as the new version is out. Let others see if the water's safe, and when it is, then dive in.
OTOH, if you're an experienced user with a stable, well-backed-up system, and decide to take the plunge early, drop me a line and tell us what your experiences were. Please put "Zonealarm" in the E-mail's subject line. Thanks!
Many of your fellow readers responded, and a selection of their E-mails appears below; enough to give you an idea of their reported experiences. I'll add my own experiences with ZA6 at the end. Then, because ZA is only an example of the issue we're discussing, we'll come back to the wider topic of the relative merits of complex software suites versus simple, focused, standalone tools:
[Interop ITX 2017] State Of DevOps ReportThe DevOps movement brings application development and infrastructure operations together to increase efficiency and deploy applications more quickly. But embracing DevOps means making significant cultural, organizational, and technological changes. This research report will examine how and why IT organizations are adopting DevOps methodologies, the effects on their staff and processes, and the tools they are utilizing for the best results.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.