App Review ZoneAlarm NextGen Extreme Security 2024

[Shadowra]

Content source

https://odysee.com/@Shadowra:f/ZoneAlarm-NextGen-Extreme-Security-2024:4

ZoneAlarm is an Israeli antivirus developed by CheckPoint.
Formerly based on the Kaspersky engine (discontinued following US sanctions), CheckPoint turned to the British company Sophos.
It also combines all the features seen in Harmony (Machine Learning, Cloud, File Reputation etc etc).
Let's see what it's worth together!



User interface :
ZoneAlarm's interface is clear, but rather messy for my taste. It's suitable for novices because... there's no configuration!
Just install and forget about it, and ZoneAlarm does the rest!
Admittedly, this user-friendly approach is well-suited to novices, as it takes them by the hand, which may annoy geeks.

In terms of RAM consumption, ZoneAlarm can be a bit of a power hog, and I did experience a few slowdowns...

Web protection: 9/10
Despite an undetected file (which mysteriously disappeared from memory), ZoneAlarm blocked all malicious downloads.
Surprisingly, ZoneAlarm did not block the links, but emulated the downloaded files using its extension!
This is a good idea, as it can scrutinize every bit of the file and determine whether it is malicious before it arrives on the computer, but this operation monopolizes a lot of resources on the machine...

Fake crack : 1/1
ZoneAlarm has blocked the installed files.

Malware Pack : Remaining 17 files out of 154.
ZoneAlarm combines Cloud, Machine Learning and the Sophos engine to detect malware, and let's face it, it's formidable!
At runtime, ZoneAlarm surprised us by managing to catch up with all the executions I ran!
Worse still, it even had the luxury of stopping attempted injections! Honestly, that's unheard of - congratulations CheckPoint!
It's just a pity that it alerts on each file, grouping them together would be much better.

Final scan :
Autoruns : 0
NPE : 0
MBAM : 0
KVRT : 2 (rest of JS detected, not active)

Final opinion:

ZoneAlarm is a pleasant surprise in the world of antivirus software. In just 1 year, the publisher has made enormous progress!
By combining a number of technologies (from Harmony), ZoneAlarm has given itself a more serious image and a new aura.
All that remains is to work on optimization, as ZoneAlarm is still rather heavy.
ZoneAlarm is highly recommendable.

@Trident and @Jengo request

 

[Bot]

Thanks for your detailed review on ZoneAlarm NextGen Extreme Security 2024. It's great to hear that it has made significant progress and is performing well in terms of malware detection and blocking malicious downloads. Your feedback on its user interface and resource consumption is also noted. It's indeed important for such software to balance between effectiveness and system optimization. We hope to see improvements in future updates. @Trident and @Jengo, your thoughts?

 

[Trooper]

Thanks for taking the time to review this one. Cheers!

 

[cartaphilus]

ZoneAlarm is an Israeli antivirus developed by CheckPoint.
Formerly based on the Kaspersky engine (discontinued following US sanctions), CheckPoint turned to the British company Sophos.
It also combines all the features seen in Harmony (Machine Learning, Cloud, File Reputation etc etc).
Let's see what it's worth together!



User interface :
ZoneAlarm's interface is clear, but rather messy for my taste. It's suitable for novices because... there's no configuration!
Just install and forget about it, and ZoneAlarm does the rest!
Admittedly, this user-friendly approach is well-suited to novices, as it takes them by the hand, which may annoy geeks.

In terms of RAM consumption, ZoneAlarm can be a bit of a power hog, and I did experience a few slowdowns...

Web protection: 9/10
Despite an undetected file (which mysteriously disappeared from memory), ZoneAlarm blocked all malicious downloads.
Surprisingly, ZoneAlarm did not block the links, but emulated the downloaded files using its extension!
This is a good idea, as it can scrutinize every bit of the file and determine whether it is malicious before it arrives on the computer, but this operation monopolizes a lot of resources on the machine...

Fake crack : 1/1
ZoneAlarm has blocked the installed files.

Malware Pack : Remaining 17 files out of 154.
ZoneAlarm combines Cloud, Machine Learning and the Sophos engine to detect malware, and let's face it, it's formidable!
At runtime, ZoneAlarm surprised us by managing to catch up with all the executions I ran!
Worse still, it even had the luxury of stopping attempted injections! Honestly, that's unheard of - congratulations CheckPoint!
It's just a pity that it alerts on each file, grouping them together would be much better.

Final scan :
Autoruns : 0
NPE : 0
MBAM : 0
KVRT : 2 (rest of JS detected, not active)

Final opinion:

ZoneAlarm is a pleasant surprise in the world of antivirus software. In just 1 year, the publisher has made enormous progress!
By combining a number of technologies (from Harmony), ZoneAlarm has given itself a more serious image and a new aura.
All that remains is to work on optimization, as ZoneAlarm is still rather heavy.
ZoneAlarm is highly recommendable.

@Trident and @Jengo request

Yes it's amazing. Checkpoint offering has the configuration that ZA lacks and it's lot lower impact on the system because majority of the heavy lifting is offset by the blade however the negative aspect is that the majority of the lifting is done by the blade thus internet connectivity is required
ALl of this is from my own personal experience which might vary system by system and configuration by configuration.

 

[TuxTalk]

Thanks for testing @Shadowra , ZoneAlarm and Harmony are currently the must have Antimalware people can get.
Their protection is now the best there is. Proof again, those big companies like Gen Digital keep trying , but bloatware their software so much it simply does not work so good anymore.

I always say, keep it simple, thats why ZA now is running on my system and with some tweaks its running very light ( for me )

 

[Digmor Crusher]

ZoneAlarm and Harmony are currently the must have Antimalware people can get

Maybe, but how many home users actually need them?

 

[Trident]

Yes it's amazing. Checkpoint offering has the configuration that ZA lacks and it's lot lower impact on the system because majority of the heavy lifting is offset by the blade however the negative aspect is that the majority of the lifting is done by the blade thus internet connectivity is required
ALl of this is from my own personal experience which might vary system by system and configuration by configuration.

First, let’s thank @Shadowra for taking the time to create this amazing review!

Then, let’s clear things up. The “blade” is not one blade, every component by itself is called a blade. There is the anti-malware blade, behavioural guard, anti-ransomware and forensics blade, and so on.

Emulation does not affect the system in any way. The file is taken, encrypted and delivered to the Check Point emulation server.
Emulation does not happen on the machine.

Emulation runs quick pre-analysis. If the file looks a tad bit malicious, it is locked. Then full emulation is started. Once complete, the results, plus a detailed emulation report are returned to the client and the file is removed or left alone.

Emulation also inspects all links, clicks buttons like “next”, moves the mouse, mimics user activity and performs other anti-evasion actions. It runs on custom Check Point CPUs and there is in-depth memory analysis as well.

Emulation also has an extension, known as CDR. Users may want to work with documents and not have the time to wait for emulation. CDR quickly creates a version of the document that cannot be malicious and contain an exploit. After document is confirmed to be safe, original version becomes available to download (more than 90% of time the original versions are not downloaded, as the cleaned up document is good enough).

There is a full array of non-cloud (local capabilities), including the Sophos engine, the offline reputation, behavioural guard and anti-ransomware. More power is unlocked when machine is connected.

 

[cartaphilus]

First, let’s thank @Shadowra for taking the time to create this amazing review!

Then, let’s clear things up. The “blade” is not one blade, every component by itself is called a blade. There is the anti-malware blade, behavioural guard, anti-ransomware and forensics blade, and so on.

Emulation does not affect the system in any way. The file is taken, encrypted and delivered to the Check Point emulation server.
Emulation does not happen on the machine.

Emulation runs quick pre-analysis. If the file looks a tad bit malicious, it is locked. Then full emulation is started. Once complete, the results, plus a detailed emulation report are returned to the client and the file is removed or left alone.

Emulation also inspects all links, clicks buttons like “next”, moves the mouse, mimics user activity and performs other anti-evasion actions. It runs on custom Check Point CPUs and there is in-depth memory analysis as well.

Emulation also has an extension, known as CDR. Users may want to work with documents and not have the time to wait for emulation. CDR quickly creates a version of the document that cannot be malicious and contain an exploit. After document is confirmed to be safe, original version becomes available to download (more than 90% of time the original versions are not downloaded, as the cleaned up document is good enough).

There is a full array of non-cloud (local capabilities), including the Sophos engine, the offline reputation, behavioural guard and anti-ransomware. More power is unlocked when machine is connected.

WOW I wasn't aware that they had the funds to spin a custom silicon darn. Nice!

thank you for the detailed explanation woot.

 

[Trident]

WOW I wasn't aware that they had the funds to spin a custom silicon darn. Nice!

thank you for the detailed explanation woot.

And a little bit on static analysis (NGAV) as well.

The models are gradient-boosted decisions trees (a lot of micro trees which are weak on their own are combined into one powerful model). They get updated once in a while (about once a year). It is truly signature-less and fully local approach. Static analysis supports executables, modules (DLL) and documents. It does not need connection to operate.

Static analysis also performs binary disassembly to detect packers.

The funds:

 

[mlnevese]

Maybe, but how many home users actually need them?

Let me see I need 8 licenses for all my family's device...

If I buy Zonealarm from their homepage that's US$139,95. for that price I can buy in my country:

6 licenses for Kaspersky Premium
2 licenses for ESET Premium
7 licenses for Norton Advanced
2 licenses for Bitdefender Total Security
6 licenses for Avast Ultimate.

All of these considering the price for a 10 machines license, on their home page, for the first year of use.

Now let's think about the average home user. He'll be well protect by any of the solutions above . They all will fail against something.

I can see why an enthusiast or someone working with classified information would pay the extra money, for the average home user, I really don't see how you could convince him to spend several times the price of other more traditional solutions.

Anyway, amazing results. I'm quite impressed by it

 

[Trident]

Let me see I need 8 licenses for all my family's device...

If I buy Zonealarm from their homepage that's US$139,95. for that price I can buy in my country:

Assuming that your country is US, this is what I see:

There are additional coupon codes online sometimes that can be found.

 

[mlnevese]

Assuming that your country is US, this is what I see:
View attachment 284659
There are additional coupon codes online sometimes that can be found.

Yeap they are offering a back to school discount right now. But even if you consider half the price it's still expensive for anyone in my country.. It's still equivalent to 3 Norton, Kaspersky or Avast licenses, for instance..

 

[Trident]

Yeap they are offering a back to school discount right now. But even if you consider half the price it's still expensive for anyone in my country.. It's still equivalent to 3 Norton, Kaspersky or Avast licenses, for instance..

They always offer some sort of discount, just like all other vendors. They also turn auto-renewal off by default, unlike others that try to trick you with “introductory offers” to charge you $150 next year.

The only things is, you can not buy it from Kinguin for $10. Threat Emulation is very expensive for Check Point to run and maintain and they require their customers to pay their dues.

 

[mlnevese]

They always offer some sort of discount, just like all other vendors. They also turn auto-renewal off by default, unlike others that try to trick you with “introductory offers” to charge you $150 next year.

The only things is, you can not buy it from Kinguin for $10. Threat Emulation is very expensive for Check Point to run and maintain and they require their customers to pay their dues.

As I said the figures consider the prices in my country buy directly from the home pages... If I looked for discounted prices, there would be an even bigger difference.

I'm in no way criticizing the product. I'm an enthusiast and will consider it next time I have to renew a license BUT you won't convince the average user that he should pay 6 or 3 times a Kaspersky license price for it.

 

[Trident]

you won't convince the average user that he should pay 6 or 3 times a Kaspersky license price for it.

Kaspersky in the US is no longer offered or sold. The page has suspended selling and provides information about the product only.

 

[mlnevese]

Kaspersky in the US is no longer offered or sold. The page has suspended selling and provides information about the product only.

It's not suspended in my country. And they have lowered their prices recently here

 

[Trident]

It's not suspended in my country. And they have lowered their prices recently here

Are you in Canada or Australia?

 

[mlnevese]

Are you in Canada or Australia?

Down to the South Brazil.

 

[Shadowra]

@Trident will convert all MalwareTips to ZoneAlarm ^^

 

[mlnevese]

@Trident will convert all MalwareTips to ZoneAlarm ^^

count me in, eventually. But I'm not an average user. I bought a cheap Norton license just to play around with the new version