App Review ZoneAlarm Extreme Security Next-Gen Antivirus 2023

It is advised to take all reviews with a grain of salt. In extreme cases some reviews use dramatization for entertainment purposes.
Content created by
Shadowra

Shadowra

Level 33
Thread author
Verified
Top Poster
Content Creator
Malware Tester
Well-known
Sep 2, 2021
2,270
ZoneAlarm is best known for its firewall, which was a benchmark in the 2000s.
The editor has evolved little until this year, with the release of its NextGen version.
ZA abandons the Kaspersky engine for Sophos and an AI Machine Learning technology.
Let's take a closer look at its ability to keep PCs out of harm's way.



Interface: 9/10

ZoneAlarm's interface is uncluttered and self-contained.
With very few settings, it's a far cry from the gasworks of the past in terms of configuration!
I'm withdrawing 1 point, however, because ZoneAlarm's WEB extension clearly sucks!
In fact, ZoneAlarm handles all downloads. To do this, it emulates files internally with DeepAnalyse to detect malicious code. This is a good thing... but the process is still running without stopping!

Protection:9/10 Web / Fake crack 1/1 Remains 17 threats on 171 malware / PC Infected - EXE damaged

ZoneAlarm has evolved into an excellent antivirus!
It successfully avoided many of the traps set during the test.
The protection is very solid and provides a very good detection rate.
However, ZoneAlarm does not protect the registry.
A Russian virus written in BATCH was able to modify several registry keys, making it impossible to execute EXE and LNK files.
It's a pity, because it started out so well for excellence.

Result : No scan ! EXE damaged

Recommand : Yes, but beware of unknown applications.
System Clean : No system infected - EXE damaged

@Trident and @Decopi request
 
Last edited:

Decopi

Level 6
Verified
Oct 29, 2017
252
@Shadowra

Firstly, a big "THANK YOU"... specially because at your new job (congrats) you're very busy now, and despite that, you managed to deliver your video.

Now and with regards to your test results, it's good to know ZAESGN went well, not excellent, but well at least.

IMHO, ZAESGN is still an "interrogation mark". But this is not necessarily negative.
I think everything will depend on next ZAESGN versions. For example, the App Control and the Granular Firewall, both might improve ZAESGN protection capabilities. Same logic for new features, if ZAESGN keeps adding new features at each new version, and also keeps improving internal mechanisms (registry protection etc), then ZAESGN may have a chance to challenge big security software players, and this will be great for users.

Anyway, I would like to see more ZAESGN tests.
I hope that other users will be interested in ZA, also having the motivation and curiosity to test ZA in depth.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,687
@Decopi, once I am back home (I’m on the beach these few days, it’s 30 degrees in the UK), I will be back to testing ZoneAlarm little by little every day as well.

The registry protection is presented but the operation of messing up execution policies may look like a user-created script and not necessarily like malware. Maybe a user wants to block execution of lnk and exe files.
I sent an email to Check Point Threat Operations Centre (TOC) and Check Point Research (CPR).
I am awaiting their reply. They are very quick in replying.

On top of that I discovered a vulnerability (development is aware and passed a message), UI inconsistentency (for example spacing between anti-bot and firewall is less than betwen anti-ransomware and keylogging protection) as well as in the main UI some sentences are closed with a full stop, others are not and many others.

I constantly report to them 😀
 

Decopi

Level 6
Verified
Oct 29, 2017
252
@Decopi, once I am back home (I’m on the beach these few days, it’s 30 degrees in the UK), I will be back to testing ZoneAlarm little by little every day as well.

I hope 30 degrees isn't... Fahrenheit :ROFLMAO:
A beach is a beach, it doesn't matter if it's beautiful or ugly, enjoy the sun, the 30°C and the sea!

Back from holidays, it'll amazing if you can make "another" video with a deep ZA test. I say "another", because you already made a test. But I believe the new ZA versions are supposed to be better than the one you tested. It'll be nice to see under tests the new ZA version with App Control.
Also will be great if you can keep your weekly (with few samples, no video).

The registry protection is presented but the operation of messing up execution policies may look like a user-created script and not necessarily like malware. Maybe a user wants to block execution of lnk and exe files.

Totally agree. Shadowra said the malware was similar to a batch, so you're right, an user can write a batch, and the AV shouldn't block that.
Despite that, IMHO, ZA should alert about changes in sensitive system areas (registry, drives, start up etc).
In addition, I don't know why any malware will be interested on "modifying registries to block exe files". I mean, one thing is to block an exe file, which is not necessarily a dangerous behavior. But to block exe files, and after that to run something else, or to connect to the internet etc... perhaps then the ZA behavioral blade should detect that potentially dangerous behavior.

However, the whole discussion always is about the limits between the "minimalist default ZA settings" VS adding new features and more power customization at every new ZA version.
It'll depend on ZA project!
If they keep the current minimalist ZA, then it'll be enough for average Joes. But it won't be enough against big players.
If ZA project expects to be among big security software players, yes or yes, ZA needs to make room for customization + new features in new versions.
I'm not an expert, but from my point of view, it's very hard to increase protection capabilities keeping current ZA minimalist UI.

I sent an email to Check Point Threat Operations Centre (TOC) and Check Point Research (CPR).

I am awaiting their reply. They are very quick in replying.

On top of that I discovered a vulnerability (development is aware and passed a message), UI inconsistentency (for example spacing between anti-bot and firewall is less than betwen anti-ransomware and keylogging protection) as well as in the main UI some sentences are closed with a full stop, others are not and many others.

I constantly report to them 😀

You're the Man!
Excellent job.

I honestly don't care about ZA marketing, branding etc.
If ZA hears you, and they make changes, protection is improved, new features are added... it'll be be perfect for me!
 
Last edited:

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,687
Yeah, I outlined more than once to them that this default “policy” (it is a policy from Harmony Endpoint) doesn’t necessarily work for everyone and in all cases. So far, they seem to listen. We will see how it will evolve from now onwards with program control (if it’s similar to HEP, it will be very powerful). I will do a video soon.

It is 30 degree celsius here, it went up suddenly.
20220529_140557.jpeg

038ADE7B-3FB9-4A69-8E1B-81A8ED4A74C3.jpeg
 

Decopi

Level 6
Verified
Oct 29, 2017
252
I'm in France and it's 30 degrees today :p

Many times I heard that Paris was experiencing incredible different high temperatures during the past years, with 40° degrees.
I saw pictures of Parisians at the both sides of the Seine river, using the spaces like a beach :ROFLMAO:

I have family in Sweden, and they also say that they're experiencing very hot unusual summers.
 

Digmor Crusher

Level 23
Verified
Top Poster
Well-known
Jan 27, 2018
1,246
Beautiful photos!... it seems quite cloudy, hope you had some sun ☀️... you don't deserve a beach on a cloudy day (y)
I would actually prefer clouds on a hot day at the beach. I never understood what the enjoyment is for sitting at a beach in the sun and roasting. That's why I prefer my vacations in Europe as opposed to the Caribbean or Mexico. Now give me 30C in the shade with 🍻 and I'm golden.
 

Trident

Level 27
Verified
Top Poster
Well-known
Feb 7, 2023
1,687
Check Point TOC replied that threat prevention engines can not handle batch files disabling execution of files as the same threat prevention engines run on servers and disabling execution is frequently used there.

To re-enable execution of exe and other files, these steps must be followed:

  1. Click Start, and then select Run.
  2. Type "command.com", and then press Enter. (A DOS window opens.)
  3. Type the following command lines:
    ConsoleCopy

    cd\

    cd \windows

    Press Enter after typing each one.
  4. Type copy "regedit.exe regedit.com" and then press Enter.
  5. Type "start regedit.com" and then press Enter.
  6. Navigate to and select the key:
    HKEY_CLASSES_ROOT\exefile\shell\open\command
  7. In the right pane, double-click the (Default) value.
  8. Delete the current value data, and then type:
    "%1" %*
    Tip: Type the characters: quote-percent-one-quote-space-percent-asterisk.
 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top