PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

ZoneAlarm Antivirus & Firewall 2012

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
- ZoneAlarm Antivirus & Firewall 2012
3.0 Average

The Bottom Line

ZoneAlarm has a brand new look and a new advanced disinfection feature that did a good job the malware it detected, though it didn't detect as many samples as others have. It goes beyond simple antivirus, adding firewall, antiphishing, backup, credit monitoring, and more.

Pros & Cons

    • New, friendly user interface.
    • Scans for malware during installation.
    • Thorough scan is fast; subsequent scans super-fast.
    • Analyzes all downloads.
    • Firewall blocked all leak tests.
    • Excellent phishing protection.
    • Free credit monitoring.
    • Some malware balked installer.
    • No rescue CD available.
    • Some files called safe by download manager were flagged as malicious by antivirus.
    • Firewall less effective against exploits.
    • Download manager identified some exploit files as safe.

ZoneAlarm Antivirus & Firewall 2012 Specs

OS Compatibility: Windows 7
OS Compatibility: Windows Vista
OS Compatibility: Windows XP
Tech Support: 24/7 US-based chat support; knowledge base; forum.
Type: Business
Type: Personal
Type: Professional
All Specs

With its red and green graphs, orange background, and big red Stop button backed by black and yellow diagonals, ZoneAlarm in the year 2000 was certainly colorful. By 2002 or so the product switched to a tamer color scheme tabs down the side and across the top. It changed again with Check Point's acquisition of ZoneLabs, keeping the tabs down the left side only. That gradual evolution ends now. The interface of ZoneAlarm Antivirus 2012 ($59.95 direct for 3 licenses) is a complete break with all previous ZoneAlarm products. There are also some changes under the hood, too, including advanced disinfection and a new install-time scan. In testing it did demonstrate better cleanup ability than other recent products, though its real-time protective components contradicted each other at times. With the total redesign, ZoneAlarm is almost like a brand new product, and as such it has a few kinks to work out.

New, Friendly Interface
Like Webroot Internet Security Complete 2011 ($79.95 direct for three licenses, 4 stars) and Kaspersky PURE Total Security ($89.95 direct for three licenses, 4 stars), ZoneAlarm's main window is divided into large panels that serve both as buttons and as informational displays. The three buttons control Computer, Internet, and Identity & Data. When all is as it should be, each button is green and displays the word "Protected." If there's a problem, the panel turns red, displays "At Risk," and offers a button to fix things.

The product's redesign doesn't stop at the main window. Throughout the user interface Zone Labs developers have worked hard to make everything as simple as possible. The fiddly details are still available, for nerds who want to dig for them. But the average user will find the new ZoneAlarm much friendlier.

Little Data from the Labs
ZoneAlarm's antimalware protection relies on technology from Kaspersky combined with the company's own cloud-based detection techniques. In five tests by Virus Bulletin over the past three years, ZoneAlarm has achieved VB100 success four times, but most of the independent labs don't test ZoneAlarm separately from Kaspersky.

Kaspersky alone consistently gets high marks from all of the labs that I track, as you can see from the chart that follows. For an explanation of what goes into that chart, see How We Interpret Antivirus Lab Tests.

ZoneAlarm Antivirus + Firewall 2012 lab tests chart


Successful Installation, Mostly
During installation ZoneAlarm now performs a scan for active malware. If it finds problems it eliminates them, reboots, and then completes the installation. This feature kicked in for over half of my malware-infested test systems, making installation smooth sailing.

Unfortunately, malware on two of the test systems terminated the installer every time it launched, so it never got a chance to run that preinstall scan. Unlike Panda Antivirus Pro 2012 ($49.99/year direct for three licenses, 3 stars), ZoneAlarm can't install in Safe Mode under Windows XP (my security testbed is a combination of Windows XP and Window 7). I used a rescue CD to solve install problems with Panda and with G Data AntiVirus 2012 ($29.95 direct, 3.5 stars). ZoneAlarm is arranging to offer a rescue CD, but not in time to aid my testing.

Check Point tech support supplied a Kaspersky-built tool called AVZ Antiviral Toolkit that cleaned up the two problem systems sufficiently to allow installation of the full ZoneAlarm product, but getting to that point took quite some time.

Better Removal than Detection
ZoneAlarm defaults to a quick scan of locations likely to harbor viruses. Its full scan checks all files and folders, and its deep scan also checks inside archives. For malware removal testing I chose the deep scan. A deep scan of my standard clean test system took 18 minutes, which is plenty fast, and a repeat scan took under two minutes.

ZoneAlarm now includes a new advanced disinfection mode that kicks in when the regular scan detects entrenched threats. Once you give permission, the scan switches to advanced disinfection mode and automatically reboots at the end to complete the cleanup process. Almost half of the infested test systems required advanced disinfection.

ZoneAlarm detected 79 percent of the samples. G Data detected 83 percent of this same collection, while Panda detected 85 percent. However, ZoneAlarm's better cleanup earned it a higher overall score. ZoneAlarm got 6.0 points for malware cleanup where Panda and G Data got 5.8 and 5.4 points, respectively.

Other products turned in much better scores using my previous malware collection. K7 Antivirus Plus 11.0 ($39.96 direct, 4 stars) detected 97 percent of that collection, and Double Anti-Spy Professional v2 ($29 direct, 4 stars) recognized 94 percent. Better cleanup by Norton AntiVirus 2011 ($39.99 direct, 4.5 stars) earned it the top overall score of 7.9 points, despite a lower detection rate. Spyware Doctor with AntiVirus 2011 ($39.95 direct for three licenses, 4 stars) came very close with 7.8. As Kaspersky Anti-Virus 2011 ($59.95 direct for three licenses, 3.5 stars), it scored lower than ZoneAlarm in every area.

Like Panda, ZoneAlarm detected 100 percent of the rootkit threats, but better cleanup earned it 6.7 points, much better than Panda's 4.7. However, it only detected 75 percent of the scareware samples where Panda and G Data detected all of them. For a full explanation of how I derive these scores see How We Test Malware Removal.

ZoneAlarm Antivirus + Firewall 2012 malware removal chart


Keeping a Clean System Clean
Continuing my testing, I opened a folder containing static samples of all the same malware threats. ZoneAlarm detected over 40 percent of the samples on sight, popping up a scan window to report on its progress removing them. In the same situation Panda detected less than 30 percent on sight, while G Data caught nearly 80 percent.

I next launched each sample that wasn't immediately deleted. ZoneAlarm's handling of these threats was all over the map. It identified some as specific threats and treated them. For others it popped up a warning of suspect behavior and asked whether to allow it; I always chose Deny. 20 percent of the threats it detected managed to install and run regardless, and another 20 managed to place executable files on the test system.

At one point or another during testing ZoneAlarm detected 86 percent of the threats, better than Panda's 83 percent but worse than G Data's 91 percent. ZoneAlarm scored 7.5 points for malware blocking; Panda and G Data scored 7.7 and 9.0 respectively.

Like Panda and G Data, ZoneAlarm detected all of the scareware threats. However, where the other two scored a perfect 10 points for scareware blocking, ZoneAlarm got 8.6. G Data and ZoneAlarm also detected 100 percent of the rootkit threats; ZoneAlarm scored 8.9 and G Data 9.1. Under the previous set of samples, Norton 360 and Ad-Aware FREE Internet Security 9.0 (Free, 4.5 stars) both scored a perfect 10 for rootkit blocking.

For details on how I test malware blocking and derive these scores, see How We Test Malware Blocking.

ZoneAlarm Antivirus + Firewall 2012 malware blocking chart


Do note that if you always deny suspect behaviors you can cause trouble for valid programs. Out of 20 PCMag utilities I installed, four triggered behavior warnings from ZoneAlarm and didn't run properly when I clicked Deny.

Download Protection Contradiction
In Internet Explorer and Firefox, ZoneAlarm blocks access to known malicious Web sites. It also takes over the download process and verifies that each downloaded file is safe. However, in testing I found the various components of the product at odds with each other.

When I attempted to downloaded my sample set again, results fell into four roughly equal groups. One group was blocked at the URL level, a second was correctly identified as malicious by the download manager, and ZoneAlarm simply missed a third group.

ZoneAlarm handled the fourth group poorly. Files in this group got a big green "safe" report from the download manager, yet at the same time the antivirus flagged them as malware. Despite the fact that these files had never executed and hence could not have made any changes to the test system, ZoneAlarm asked permission to run advanced disinfection and reboot the computer.

I approve of using multiple protection layers, but, when the layers can't agree on what's dangerous, it undermines the user's confidence.

Full-Featured Firewall
The ZoneAlarm antivirus also includes full-scale firewall protection. That's not surprising, given that Zone Labs practically invented the personal firewall product category. Back in the bad old days, ZoneAlarm was known for dazzling users with a blizzard of popup program control confirmations. The company tamed those popups using whitelisting and other techniques, but the OSFirewall feature still displayed impressively arcane warnings.

That's not the case in the 2012 edition. By default the Application Control feature automatically configures Internet and network access for a huge number of known programs, without asking the user confusing questions. OSFirewall may still ask the user about certain suspect behaviors, but it describes them in simple, straightforward terms.

Expert users can enable advanced application control, application interaction control, or component control, but doing so will definitely cause more popups. Even without these added protections, ZoneAlarm detected and blocked all of the leak test utilities I tried.

When ZoneAlarm detects a new network it asks whether to put it in the Trusted or Public zone. In the Public zone, others on the network can't connect with your computer. Switching to the Trusted zone lets you access printers and other network resources. If it's an unsecured wireless network ZoneAlarm puts it in the Public zone automatically.

ZoneAlarm's firewall correctly stealthed all of the test system's ports and fended off a number of port scans and other Web-based attacks. I couldn't find any way to disable it using techniques that could be implemented in malicious code. That's no surprise; ZoneAlarm has been hardened against attack for years.

Odd Reaction to Exploits
When I attacked the test system using exploits generated by the Core Impact penetration tool, ZoneAlarm behaved oddly. Out of 30 exploits it completely ignored a dozen. Its download manager actively identified five exploit-related files as safe, though the antivirus contradicted it by deleting two of those files.

Counting those caught by the antivirus, ZoneAlarm blocked half of the threats and identified them by name. However, it requested a reboot to clean up six of those, indicating that it didn't fully prevent installation.

Norton Antivirus actively blocked and identified all of the exploits; Kaspersky Internet Security 2011 ($79.95 direct for three licenses, 4 stars) blocked and identified all but one. And both of them prevented the exploits from dropping malicious files on the test system. ZoneAlarm's developers could take a clue from these two impressive exploit fighters.

Phishing Protection and Privacy
ZoneAlarm includes several layers of protection for the user's privacy. As with previous editions, your ZoneAlarm subscription gets you a one-year subscription to Identity Guard's "Good Start" credit protection, normally $4.99/month. This service alerts you to any changes in your credit status and warns if your credit card numbers are exposed online. Toll-free help for recovery is available, including help with canceling compromised cards.

The Identity Lock feature protects against inadvertent transmission of user-defined private information such as credit card numbers and passwords. You start by entering the data you want protected against transmission in email or Web forms. ZoneAlarm stores the data using one-way encryption, to protect that data. With Identity Lock set to High, ZoneAlarm simply replaces private data with asterisks in email messages or Web forms. If you lower it to Medium, ZoneAlarm will ask for confirmation before releasing private data.

You can also define specific trusted Web sites that are always authorized to receive private data. For example, you could identify your PayPal password as trusted but whitelist the actual PayPal Web site. Now you can't be caught by a fraudulent PayPal site.

ZoneAlarm's browser toolbar also actively works to identify and block phishing sites, using a database of known phishing sites and real-time analysis for unknowns. In testing it did a bang-up job. I had to check nearly 300 reported phishing URLs in order to find 100 that I could verify. During the process ZoneAlarm and Norton were neck and neck, sometimes one leading, sometimes the other. By the end of the several-day test period ZoneAlarm came in just 2 percentage points behind Norton and 25 percentage points above Internet Explorer alone.

Nearly 80 percent of antiphishing tools I've tested recently can't even beat Internet Explorer's built-in SmartScreen filter. BitDefender Total Security 2011 ($69.95 direct for three licenses, 3.5 stars) is the only recent product to block more phishing sites than Norton. For an explanation of exactly how I derive the figures in the chart below, The article How We Test Antiphishing explains exactly how I derive these scores.

ZoneAlarm Antivirus + Firewall 2012 antiphishing chart


Bonus Features
Like Panda Global Protection 2012 ($79.99/year direct for three licenses, 2.5 stars), McAfee Total Protection 2011 ($79.99 direct for three licenses, 3.5 stars) and others, ZoneAlarm comes with a free 2 GB of hosted online backup provided by MozyHome Online Backup (Free, 3.5 stars). Actually all of the ZoneAlarm products include this bonus, even ZoneAlarm Free Firewall 9.2 (Free, 4.5 stars). Since you could have that same 2 GB of backup for free directly from Mozy, ZoneAlarm isn't really giving you anything.

On the plus side, during the month of June every purchase of a ZoneAlarm product will come with a free year of Facebook protection from ZoneAlarm SocialGuard ($19.99 direct for five licenses, 4 stars). Those buying directly from the company will simply receive it in the shopping cart. If you purchase your ZoneAlarm product elsewhere, you can get SocialGuard by contacting the company's live chat support. This offer maybe extended past June.

More than Antivirus
As the name indicates, ZoneAlarm Antivirus + Firewall 2012 gives you more than just antivirus protection. You also get a firewall, phishing protection, download protection, backup, credit monitoring, and (for now) Facebook protection.

The new, friendlier user interface plus these bonuses make it a nice bundle, and it does a better job than some recent competitors at cleaning up the malware it detects. However, it still needs to detect more threats, and contradictory messages from different protective layers may confuse some users. I like the direction this product is going; I'll like it even better when it gets there.

More Antivirus reviews:

Final Thoughts

- ZoneAlarm Antivirus & Firewall 2012

ZoneAlarm Antivirus & Firewall 2012

3.0 Average

ZoneAlarm has a brand new look and a new advanced disinfection feature that did a good job the malware it detected, though it didn't detect as many samples as others have. It goes beyond simple antivirus, adding firewall, antiphishing, backup, credit monitoring, and more.