ZoneAlarm ForceField: Compromised in Sixty Seconds

[HardOCP News]

If you are considering ZoneAlarm ForceField to protect your PC from spyware and malware, you might want to read this first. According to the review, it works…just not as well as it should. The test PC was compromised in less than a minute during testing.

I've reviewed similar over-marketed and under-effective virtualized or "sandbox" security clients over the years, all of which promised to provide superior protection against all malicious Internet threats. Unfortunately, although ForceField does offer some real improvements over the other products I've reviewed, it wasn't enough to stop malware from infecting my test systems. In less than a minute.

 

[AceGoober]

Ouch. I wonder which type of malware got through?

 

[pxc]

It sounds like a total waste of money:

More telling in the grand scheme of things, ForceField proved less effective than a fully patched version of Windows XP SP3 running Internet Explorer 7 and fully patched applications. Exposing the patched system to the same malicious sites I used to test ForceField, I discovered that all malicious drive-by-download programs were prevented even when the malicious Web sites were displayed, besting the prevention provided by ForceField on unpatched systems.

 

[gtg465x]

It's basically impossible to get any type of infection from any web site if your system is up to date and you don't click OK when message boxes pop up. Simple as that... don't click OK. I think people get sucked in sometimes with the message boxes that won't go away unless you click OK, in which case you should kill them from the task manager.

 

[Kurik]

Perhaps they should rename the product Gone in 60 seconds?

 

[Serpico]

It's basically impossible to get any type of infection from any web site if your system is up to date and you don't click OK when message boxes pop up. Simple as that... don't click OK. I think people get sucked in sometimes with the message boxes that won't go away unless you click OK, in which case you should kill them from the task manager.

The problem is that most people aren't as technically savvy as we are. Firewall programs like this should "just work". Rest assured that this hole will get plugged soon but that it happened in the first place is still pretty disturbing.

On the plus side, security in Vista is excellent, IMO the main reason people should move over from XP when they can. Secondly, most of these security holes are discovered before malware authors, people who actually want to do damage, can figure it out themselves.

 

[Serpico]

And worth reading from the article:

More telling in the grand scheme of things, ForceField proved less effective than a fully patched version of Windows XP SP3 running Internet Explorer 7 and fully patched applications. Exposing the patched system to the same malicious sites I used to test ForceField, I discovered that all malicious drive-by-download programs were prevented even when the malicious Web sites were displayed, besting the prevention provided by ForceField on unpatched systems. ForceField could possibly offer some detection and prevention advantages for zero-day exploits, and even in my limited test cases, definitely offers improved alerting and detection over a system without any anti-malware software installed. But it didn't provide better protection than a fully patched system.

Proof positive that security falls at the feet of the OS authors in the end.

 

[chulerico]

It's basically impossible to get any type of infection from any web site if your system is up to date and you don't click OK when message boxes pop up. Simple as that... don't click OK. I think people get sucked in sometimes with the message boxes that won't go away unless you click OK, in which case you should kill them from the task manager.

I think that if you use the internet with browsers, you will get infected sooner or later, its just a matter of time, you want hack proof, cut the cable,

the best method that I find, its have a computer just for internet browsing,

sam

 

[gtg465x]

I think that if you use the internet with browsers, you will get infected sooner or later, its just a matter of time, you want hack proof, cut the cable,

the best method that I find, its have a computer just for internet browsing,

sam

Only time I've ever been infected is when trying pirated software... and that is a habit of the distant past.

 

[Hockster]

Seems pretty typical of Zone Alarm. I never install any of their crap anymore and advise Everyone I know to avoid ZA like the like plague.

 

[milkweg]

It's basically impossible to get any type of infection from any web site if your system is up to date and you don't click OK when message boxes pop up. Simple as that... don't click OK. I think people get sucked in sometimes with the message boxes that won't go away unless you click OK, in which case you should kill them from the task manager.

Never heard of drive by downloads? If you have scripting enabled there are sites that know how to install crap without you even having to click on anything. That's why I use Firefox with noscript.