Commentary
8/18/2005
03:26 PM
Fred Langa
Fred Langa
Commentary

Langa Letter: Software Suites Versus Standalone Tools

The new version of ZoneAlarm illustrates both sides of the debate, Fred Langa says.



In July, ZoneLabs (the makers of the popular desktop firewall, ZoneAlarm) released a major new version: It added new features to a product that had already grown far beyond basic firewall functions to include blocking of hostile E-mail attachments, monitoring of the antivirus protection provided by third-party tools, protecting against the outbound activities of mass-mailing worms, and more. With each new function, of course, the software package became larger and more complex.

The newest version adds still more features, including an "OS-level firewall" that attempts to prevent potentially hostile behavior by system-level software. Working in ways analogous to that of antivirus or anti-malware tools, the new ZoneAlarm also monitors for suspicious software behavior, but does so at a very low level, even trying to see which software components are opening threads and why. When it spots potentially dangerous actions, ZoneAlarm pops up a security dialog. You can block the suspicious action, allow it once, or allow it permanently.

This is potentially a very useful feature. Combined with ZA's normal firewall features, plus any good antivirus/anti-malware tools, and XP's own System Restore and Data Execution Prevention, ZA's new features should help lock down a system against just about all normal attack vectors.

But -- you knew there had to be a "but," right? -- the new ZoneAlarm is the most complex ever. The previous versions in the 5.x series had been creeping up through the 5MB range; the new 6.x version jumps to almost 9MB. An even more complex and complete version (which adds things such as its own antivirus tool, identity theft/privacy protection, anti-phishing and spam blocking, IM security/Web site filtering, and more) weighs in at 22MB.

Contrast this to a simple, basic firewall like floppyfw or Linux Firewall on a Floppy; these firewalls fit in their entirety on a single floppy disk. They don't do nearly as much as ZoneAlarm (and in fact take an entirely different tack), but do serve to illustrate how far beyond basic firewall functions ZA has grown.

Of course, this isn't a development unique to ZoneAlarm. Office tools, graphics tools, audio tools, development tools, Web tools -- in almost every area, software expands in size and complexity over time. In some cases, it's due to the addition of better error-handling and truly useful new functions. But in other cases, it's simply "featuritis," where the developers add bells and whistles to an already-fine product, due to the need (real or perceived) to have a "new" or "improved" offering. Sometimes, the new features are genuinely good; other times, they just end up being extra baggage.

Think of your own use of a common tool such as your word processor: How many of its features do you really use on a regular basis? Probably only a dozen or so, out of the hundreds and hundreds of features and functions it offers.

More Benefits = More Trouble?
ZA's growing complexity prompted me to write this in my newsletter when the new version first appeared:

My main concern with this and similar tools that are getting more and more complex is the possibility -- maybe even probability -- of negative interactions between different tools as each tries to carry out a similar function. Colloquially, we've referred to that as security tools "stepping on each other's toes."

As a result, I suggest waiting a bit when the new ZoneAlarm is offered (some users are getting the update notices right now...). The pre-update version is fine, and works well -- there's no urgent need to upgrade. Let other braver or risk-loving souls take the plunge, and watch for feedback. Once the new tool has been installed on a couple million systems (it won't take long) we'll know if there are problems with the new ZoneAlarm tool conflicting with, say, Norton or Sygate or AntiSpyWare or other tools. My guess is that some conflicts are almost inevitable; but I also think the folks at Zonelabs will get things fixed pretty fast. So, a few weeks or a month or two after release, the new ZA tools should be stable and ironed out enough to be fine.

As this is not a minor upgrade of the current ZA, but something far more complex, I strongly urge you not to jump in headfirst as soon as the new version is out. Let others see if the water's safe, and when it is, then dive in.

OTOH, if you're an experienced user with a stable, well-backed-up system, and decide to take the plunge early, drop me a line and tell us what your experiences were. Please put "Zonealarm" in the E-mail's subject line. Thanks!

Many of your fellow readers responded, and a selection of their E-mails appears below; enough to give you an idea of their reported experiences. I'll add my own experiences with ZA6 at the end. Then, because ZA is only an example of the issue we're discussing, we'll come back to the wider topic of the relative merits of complex software suites versus simple, focused, standalone tools:

Reader Feedback: ZA6

Fred, I updated my ZoneAlarm Pro to version 6.x today. I performed the update, although I did briefly wonder if I should wait for one or more versions to appear, mainly because of the indicated improved features... Anyway I have had no major issues (after > 24 hours) however the new anti-spyware feature can't obtain updates at present (reported to ZoneAlarm). The only real issue, as you indicated, is that it is more complex, so: (1) Bad/good - you have to confirm many more WinXP actions (3 levels of defense, I assume) this makes it much easier for inexperienced users to create problems by not allowing specific actions and, worse, allowing bad actions because the last time they didn't allow something their computer didn't work properly. (2) Good -- you now get to stop programs like Real Audio from always adding items to Startup every time you use it or upgrade it.
-- Bert

I installed the new version a week ago, but after an hour or so trying to get the settings properly set up, I abandoned it, did an uninstall, then re-installed the previous version.
-- johnhbox

Fred, I upgraded to version 6 of ZoneAlarm Pro. The only problem I have had so far is ZoneAlarm 6 set the Internet Zone Security on the Firewall section to HIGH, by default. This caused Outlook Express to neither receive or send E-mail. I set this back to MEDIUM, and this solved the problem. On the versions 5+ of ZoneAlarm Pro, this was set to MEDIUM by default. If any of your other readers have this problem, this solution may work for them.
-- Francis Arceneaux

Hi Fred. I opted to upgrade to the 6.0 after reading some excellent reviews. Ah, then the problems began. My home LAN went kaput and some programs were not allowed to function, no matter what the settings. After checking some blogs via Google, I checked into the ZA home page and guess what ... they acknowledge a "bug" in the program. They advise anyone who did an "upgrade" installation (which allowed one to save previous settings) to uninstall ZA and then do a "clean" installation. I'm still experiencing tons of problems with it and reverted back to my trusty ver. 4.5 (via a RESTORE). I am really disappointed with them.
-- Don Naphen

Hi Fred, I have been running the new ZoneAlarm Pro for a few days now and it seems to be performing as advertised. I started with version 6.0.631.002 and then upgraded to 6.0.631.003 when the minor fix came out. Had a little problem with this upgrade and had to completely wipe the old version and reinstall 6.0.631.003 because it wouldn't take the License Key. I have been running ZoneAlarm for over 10 years now and it has always performed very well. I have it running on Windows XP Pro with a cable Internet connection. It seems to be going through some "Training" again, but that is OK.
-- Dick Grunwald

I installed it after a full Ghosting backup and so far I've only had a few of problems. The first was that ZAPro 6's new OS Firewall feature went nuts for the first couple of days. During the installation it found every app on the system and decided that just about every program was exhibiting suspicious behavior. Once I got used to setting the correct Trust Level for various programs it was fine. But if I had to explain how to do this, and the decision-making process, to a newbie, I think their head would explode. This is suddenly a really complicated configuration. The next problem was that my mouse caused red-flagged behavior issues every time I came out of Hibernation or Standby. Twice it locked up my system. I believe it was being triggered by the Logitech's Smart Move feature. I resolved this by bumping up the Trust level of the "Logitech Events Handler Application" (EM_EXEC.EXE). One issue I haven't resolved yet is that launching Windows applications, ex. Windows Explorer, has suddenly slowed by several long seconds. Set the Program Control to Low (which turns off the OS Firewall) and it's back to normal. One possible solution posted on their forum by one of their ubergeeks is to add ps2.zonelabs.com as a Trusted host under Firewall. This is supposed to link the OS Firewall to some ZoneLab DB with information on Trusted Programs which the OS Firewall will use to speed processing of launch requests. The caveat is that you apparently need to go back and Edit the entry and click Lookup to update the IP addresses they're using. To me, this is way, way, too complicated. And I'm not convinced it even works.

One bad thing I noticed was that the install added a number of sites to the Privacy list including passport.net, msn, checkpoint, and bestbuy.com. All of the entries removed all of the cookie controls (including 3rd party). I couldn't find anything in the docs or on the Web site that warned me about this. I found them by accident and removed them immediately. I don't like sneaky stuff added during installs! Overall, ZoneAlarm Pro 6 is overly complicated, minimally documented for the complexity, and could drive away new users who are easily intimidated by lots of red flags being thrown at them. Especially when the support seems to be "did you look in the forum?" I don't think this latest version is going to win them many new fans. I'm disappointed. On a scale of 1 to 10, I'm giving it a generous 6.
-- M. Jessen

Dear Fred, The new Zonealarm security suite is just fine. Works perfectly. However, my one gripe with it is its ad-blocking module doesn't block the ever-increasing flash ads that show movies and are very distracting. The ONLY utility I could find that blocks them is the fantastic ad-blocking utility called SuperAdblocker available here. I think this ad-blocking utility is fantastic. No more annoying flash movies all over the net! Otherwise, ZoneAlarm Security Suite handles everything else. I also use Spybot and SpywareBlaster, even though the new Spyware blocker in ZoneAlarm I'm sure will get better and better.
-- Donald A. Lachot

Fred, Just this week I installed ZoneAlarm 6 and boy I wish I had waited. The install went fine. After rebooting, ZA6 took forever to load at startup as it wanted to scan everything. After about 5 minutes of waiting while alert boxes came up and information boxes flew onto the screen telling me to wait a few minutes, I was good to go. With ZA6's antivirus feature and anti-spyware running, it took forever for any program to load. Try loading your browser and you're in for a few minute wait while ZA6 scans everything, and if you try to multitask, forget it. Finally I turned off the Antivirus and spyware parts of the program and rebooted and I was able to get things to load normally. After installing ZA6 I went to Steve Gibson's site to check the firewall out, and the results came back all stealth. Now my only problem is that Web surfing is very slow, pages won't load, graphics won't load, it's like being back on dial-up. I checked my system for viruses and spyware and it came back clean. But when I try to load a page my system tries to go to 127.0.0.1:1026 or 1028 and then the browser errors out with a page not found. It looks like I will be uninstalling ZA6 and I will go back to ZA5 were there were no problems, and I will wait for the fixes.
-- Dave

Dear Fred, I've installed the new Zonealarm Security Suite on 3 systems here, all running Spyblaster and Spybot, and I'm having zero problems. It's very sweet! Much improved. No problems at all.
-- Donald A. Lachot

Greetings, I've been using Sygate for a while now. But, I thought I'd give ZoneAlarm a try as I've seen it recommended frequently. So I downloaded it, disabled Sygate, removed Sygate from startup, and installed ZoneAlarm. After rebooting I would click my username and enter my password and after a moment the computer would simply reboot. I tried this several times before booting to safemode and performing a System Restore.
-- John Sercel

Hi Fred, Just to let you know, I have installed the new version 6 on two machines now (one workstation, one laptop), with no problems to date. The installations went smooth, and the program seems to work well so far. FWIW, I use the Zonealarm antivirus solution, so I don't have any other antivirus program installed on my systems.
-- Ted

Fred, I have just updated three PCs (2k & XP) with the new version of ZoneAlarm. Seems to work AOK with maybe one exception. When using the anti-spyware function, it seems that every process that wants to connect to the internet or act as a server gets a pop-up asking for advice. I don't have much of a problem with this because I am familiar with most process activities, but someone who isn't familiar with process loading and actions will be stymied. The two XP PCs that I updated have novice or beginner-status users and they are petrified when one of these pop-ups arrives. Hence, I turned off the anti-spyware function and use other tools manually on these machines. Other than that, it seems to work very smoothly, which is what I would expect from ZoneAlarm. By the way, these are all the Pro versions of ZA.
-- Ron Smith

Fred: I downloaded and installed [the new ZA]. Immediately I couldn't get my E-mail downloaded and after 2 hours with techs from the phone company they gave up and said it must be my Internet Explorer and referred me to Microsoft. In trying to solve the problem I shut off Zone Alarm and Norton and still couldn't download. So before blaming IE I uninstalled the latest ZA and put a last March edition back on and, lo and behold, my mail came thru! Something in the software is obviously interfering with other stuff on my computer.
-- Brian

Fred's Experience
In my own case, my install of ZA6x initially caused a total blue-screen system lockup on my XP Pro installation; one of only a handful of such lockups I've experienced in the years I've been running XP. But after a power-off hard reboot, everything ran normally.

ZoneAlarm 6 is somewhat hypersensitive when you first install it. Here, you see a bogus ''Dangerous Behavior'' security alert triggered by an utterly normal, routine interaction between mainstream software. Similar false alarms can occur dozens to hundreds of times during the first few days of operation of ZA6.
(click image for larger view)


ZoneAlarm 6 is somewhat hypersensitive when you first install it. Here, you see a bogus "Dangerous Behavior" security alert triggered by an utterly normal, routine interaction between mainstream software. Similar false alarms can occur dozens to hundreds of times during the first few days of operation of ZA6.
In use, I found ZA's initial behavior to be somewhat annoying because of the lack of built-in defaults for even the most well-known and widely used software. For example, see this screenshot, where ZA is reporting "Dangerous Behavior" because Word is invoking Norton Antivirus. Of course, this isn't "dangerous," and in fact is perfectly normal. It would be one thing if this alert were triggered by some unknown word processor or antivirus, but Word and Norton? How much more mainstream can you be? Why isn't this behavior known and built into ZA's "SmartDefense Advisor?"

I also noticed that my system boot times got a bit longer with the new ZA installed; and my surfing was slowed down, especially when opening new sites. So far, it's an annoyance rather than a showstopper, but I'm still debating whether the benefits of ZA's extra security are worth the tradeoffs.

And that brings us back to the main focus of this article: do-it-all software suites versus focused, standalone tools.

Software Suites Versus Standalone Tools
All-in-one suites do offer one major benefit: Convenience. That's certainly worth something, and for many users, is by itself a compelling reason to use a suite. In corporate environments, use of suites also can simplify licensing, installation, training and maintenance -- major factors to consider.

But suites undeniably add complexity, and can also engender bloat -- layering in features and functions which can eat disk space (making backups larger and longer) and CPU time (compromising performance).

And, as we discussed in another recent newsletter, it's also rare for any one company to produce the absolute best product in many different areas, so an all-in-one software tool may not perform as well as a pseudo-suite of tools created by assembling a library of the best-in-class tools in each separate area.

In the case of PC security tools, for example, there are many, many tools from which to choose, so no one should feel locked in to any one brand or version. Here's a list of excellent, mostly free, software defenses for a PC. Generally, a PC can benefit from having one of each kind, except with anti-malware, where multiple tools can usually be used to good effect:

Firewall (Sygate, ZoneAlarm, and Norton)

Antivirus (Symantec/Norton, NOD32, AVG, AVAST, and ClamWin, etc.)

Anti-malware (MS AntiSpyware, SpywareBlaster, Startup Monitor, WinPatrol, Ad-Aware, and Spybot S&D)

The main downside to this piece-by-piece approach is that it's harder to assemble and maintain a disparate library of tools; and harder to train unsophisticated users in proper operation of software that presents different looks and feels, and that uses different nomenclatures.

Which Of Two Approaches?
As with so many things, there's no absolute right or wrong here: For some, the best solution will be the use of all-in-one tools; for others, the piece-by-piece approach will be better. (I personally lean toward the latter.)

I invite your feedback on both sides of the issue: First, and most narrowly, what's your experience with the new version of ZoneAlarm? Second, and more broadly, which approach -- all-in-one tools, or separate, best-of-class tools -- do you prefer, and why? How do you overcome the drawbacks of each approach? For instance, if you employ all-in-one software, how do you deal with the added complexity and bloat; and perhaps the effects of not having the best-possible software in each category? If you use the separate, best-of-class approach, how do you handle maintenance and training? And in both instances, what tools do you use? Join in the discussion!


To discuss this column with other readers, please visit Fred Langa's forum on the Listening Post.

To find out more about Fred Langa, please visit his page on the Listening Post.

We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Email This  | 
Print  | 
RSS
More Insights
Copyright © 2020 UBM Electronics, A UBM company, All rights reserved. Privacy Policy | Terms of Service