Close
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Artificial Intelligence
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Cybersecurity
    • Cybersecurity
    • PC Hardware
    • Virtualization

    ZoneAlarm ForceField Complicates Browser Security

    By
    Andrew Garcia
    -
    July 29, 2008
    Share
    Facebook
    Twitter
    Linkedin

      Check Point’s ZoneAlarm ForceField is designed to secure Web browsing sessions through the use of browser virtualization, inline download scanning and DNS validation services. However, I found the overall experience of using the software fraught with management and usage woes, coupled with inconsistent behavior-calling into question the efficacy of the software.

      Check Point’s ZoneAlarm ForceField is targeted at a consumer audience, and, as such, the product does not include a centralized management console or the like. The software is priced at $29.95 a year for one PC (discounted to $84.95 for three PCs over two years)-not expensive, but, given my test results, I’d question whether it is worth any price at this time.

      In essence, browser virtualization creates a shadow file system used specifically by the browser, isolating anything downloaded or installed (either intentionally or unintentionally) via a Web browser from the operating system proper. So, while malware could technically be downloaded and installed on a PC, it would be written to a temporary area and could be deleted permanently with the click of a button from the virtual subsystem.

      To the virtualized protection, ForceField adds additional services aimed at helping users make intelligent surfing and downloading decisions.

      ForceField performs DNS validation services that will identify potential trouble spots, showing the user when the site was first registered, where it is hosted globally and whether the site has a reputation for foisting malware on users. This data is presented to the user on the browser toolbar, which will shine green, yellow or red depending on the level of threat assessed by the software. (ForceField works on Windows XP and Vista, on either Internet Explorer 6 and 7 or Firefox 2 and 3.)

      ForceField also offers inline malware scans of data downloads, as the software replaces the browser’s usual download helper tool with its own process. Check Point designed ForceField to heuristically recognize when a download was initiated by a user, capturing the data in the virtualized instance to run the malware scan before writing the data to the regular file system; driveby downloads simply are discarded.

      That all sounds good, but I quickly grew suspicious of ForceField’s inline scanning capabilities. ForceField failed to correctly identify several of my test downloads, including the commonly used Eicar test sample (www.eicar.org), as malware. After scanning the files, ForceField merrily wrote the data to my regular file system without warning me of anything-leaving it up to my already installed anti-virus software to clean up the mess.

      Indeed, ForceField was designed to be complementary to an anti-virus solution installed on the same workstation, as it doesn’t provide many of the protections offered by most anti-malware platforms. For example, ForceField won’t scan or virtualize code that comes in via e-mail, nor will it protect against malware introduced via portable storage devices. And, as my tests showed, even ForceField’s raison d’??¼tre-Web browsing protection-needed an assist from other software.

      More annoyingly, I found that with ForceField, it suddenly became more difficult to keep my system up-to-date-particularly the Firefox browser. For example, ForceField let me keep my Firefox extensions up-to-date, both in the virtual environment and on the regular file system, but automated updates of the browser itself were written only to the virtual environment. If I cleared the virtual file system, I lost the updates. To update the application properly, I had to open an unprotected session (an option possible from the ForceField toolbar) to complete the upgrade.

      In fact, in the two months I used Forcefield on my primary desktop, I found I had to spend entirely too much time handholding the security application for my comfort.

      For example, with Version 1.0 of ForceField, the virtualized browser data for Firefox would get corrupted with certain common power events, such as putting the computer into an S3 sleep state. After waking the computer, all Firefox Extensions, including ForceField itself, would be in a perpetual limbo. They were installed, but not active, pending a browser restart that ForceField would not allow to complete. This meant that although ForceField was active and operational in IE, it disabled all my third-party security for FireFox-including my ad blocker and ForceField itself.

      Check Point fixed this problem with Version 1.1 of ForceField (released in early July), which also added support for Firefox 3.0. But ForceField refused to tell me that an update existed via its integrated update tools, requiring me to visit CheckPoint’s ZoneAlarm Web site to download and install the updated code.

      Senior Analyst Andrew Garcia can be reached at agarcia@eweek.com.

      Andrew Garcia
      Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.
      Get the Free Newsletter!
      Subscribe to Daily Tech Insider for top news, trends & analysis
      This email address is invalid.

      MOST POPULAR ARTICLES

      Latest News

      Zeus Kerravala on Networking: Multicloud, 5G, and...

      James Maguire - December 16, 2022 0
      I spoke with Zeus Kerravala, industry analyst at ZK Research, about the rapid changes in enterprise networking, as tech advances and digital transformation prompt...
      Read more
      Applications

      Datadog President Amit Agarwal on Trends in...

      James Maguire - November 11, 2022 0
      I spoke with Amit Agarwal, President of Datadog, about infrastructure observability, from current trends to key challenges to the future of this rapidly growing...
      Read more
      IT Management

      Intuit’s Nhung Ho on AI for the...

      James Maguire - May 13, 2022 0
      I spoke with Nhung Ho, Vice President of AI at Intuit, about adoption of AI in the small and medium-sized business market, and how...
      Read more
      Applications

      Kyndryl’s Nicolas Sekkaki on Handling AI and...

      James Maguire - November 9, 2022 0
      I spoke with Nicolas Sekkaki, Group Practice Leader for Applications, Data and AI at Kyndryl, about how companies can boost both their AI and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×