ZoneAlarm's Forcefield Boosts PC Security

GENERIC internet web cyber computer security password hacking hacker fraud mouse digital spyware spam CBS/AP

Check Point Software's Zone Alarm Security Suite is one of several anti-"malware" programs that protect you against viruses, spyware, hack attacks and other malicious threats to your PC. Norton 360, a similar protection suite from Symantec does pretty much the same thing, as do Internet security suites from TrendMicro, McAfee and several other companies.

All of these programs watch out for known malicious threats and are on the lookout for unknown software that exhibits suspicious characteristics. Security programs typically also warn you about suspicious "phishing" websites that masquerade as legitimate sites to steal your information and do their best to prevent "drive by downloads" which can occur when a rogue website automatically installs malicious software on your computer.

But ZoneAlarm has come out with a new category of software that takes security a step further. It's not a security suite - in fact it not only works alongside Zone Alarm's security products also security software from the company's competitors. The purpose of this new $29.95 program, called ZoneAlarm ForceField, is to isolate your browser from the rest of your PC so, to paraphrase an advertisement from the Las Vegas Visitors Bureau, "what happens in your browser stays in your browser." But it doesn't stay long. Once you close your browser any potential threat goes away.


ForceField works using what is called virtualization. Although Internet Explorer or Firefox (the two browsers it supports) are running on your Windows machine, they're running in what is called a "virtual machine" which is like a PC inside your PC that is independent of the rest of your system. Virtualization is not a new concept. There are numerous programs that allow you to run "virtual machines" so you could, for example, have two copies of Windows running or perhaps Windows XP running in one "machine" and Linux running in the other. Mac users are increasingly using virtualization programs like Parallels or VMware to run Windows in virtual machine inside a Mac.

But ZoneAlarm ForceField is not as ambitious or complex as these other virtual systems. It doesn't run a separate operating system but only the browser so that if there is an attack within the browser it doesn't damage other files or programs. There is even an option to create a "private browser" window so that whatever happens in that window completely disappears when you close it. There is no need to clear the history or cover your tracks because everything simply disappears.

Of course, there are times when you don't want your browser to be completely isolated such as when you are deliberately downloading software or installing a plug-in such as one that lets you upload photos to a photo sharing site. To accommodate that ForceField watches for activities that the user initiates through the mouse or keyboard and lets them through as long as they don't trigger known threats.

There is also the ability to have a completely private session where nothing is recorded. As an option, you can click the "private browser" button on the ForceField toolbar and it launches another instance of either Firefox or Internet Explorer with a note on top saying "nothing from this session recorded." As long as you're running this private browser, you don't have to do anything special to protect your privacy once the browser window is closed because it doesn't record website history, allow cookies to be written or record anything.

It also has anti-phishing technology that warns you if you happen to click on a site that is known to steal information or distribute spyware. Phishing sites typically masquerade as legitimate sites from banks and other companies. You often get an email saying you need to log on to provide security information. The site's look exactly like they're legitimate but anything you type - including a username and password - could fall into the hands of a criminal. If, while you're running ForceField, you happen to click on such a site, you get a warning telling you not to enter personal information. I tested it by going through some of my spam and clicking on what I thought were links to phishing sites. If it's definitely a rogue site the warning will be in red telling you "this site is dangerous." If there is doubt, you'll get a yellow warning telling you "unless you trust this site, avoid entering personal information or downloading anything from it."

The software is very easy to download and install and unlike most security programs you don't have to re-boot your computer. Once installed, as soon as you open either Firefox or Explorer you'll see a toolbar that includes a "site status" icon that gives you a report on whatever site you're visiting including whether it's known for phishing or spyware. It also tells you when the site was first registered and what country it's located in. For example, it told me that CBSNews.com is located in United States North America and first registered on 10/4/1994.

It also blocks keyloggers and screen capture software. With ForceField running, I tried using HyperSnap to take a screen shot of my browser but all I captured was a black screen. In fact, it worked a little too well. Not only did it block me from capturing the browser but anything on my PC. I was told that that's a feature not a bug because it blocks all keylogging and screen capturing regardless of whether it takes place in the browser. Fortunately for those of us who actually want to occasionally grab an image of a screen, there's a setting that let you turn off that feature. You could turn it off when you need to grab something and back on when you're done. The same would be true if you wanted to install keylogging software on your machine, perhaps to monitor your children's Internet use. It would be better if the software allowed you to make exceptions for certain programs as do most anti-hacking or "firewall" programs.

I installed ForceField on a Windows PC that was also running Symantec's Norton 360 security software. The two worked together nicely and, as far as I can tell, ForceField is providing some added protection and privacy.
By Larry Magid
  • CBSNews

Comments