• Home »
• Self-Help Resources »
• Preventing Unauthorized Access »
• Firewalls »
• ZoneAlarm Security

ZoneAlarm Security

You NEED a Firewall

If you are continually connected to the Internet—and most people are today— you cannot afford to be without a firewall.

I've gone into more details about the need for a firewall and how it works on the Firewalls page.

Obtaining ZoneAlarm - Configuring ZoneAlarm - Updating ZoneAlarm - Uninstalling ZoneAlarm - ZoneAlarm Issues - Ensure ZoneAlarm is Current

Obtaining ZoneAlarm

My Recommended Firewall Solution

I'm not convinced that firewalls with lists of "acceptable" programs are the safest way to configure a firewall for security. While they may take less hands-on experience to use, an attractive feature to novices and those that just want computers to run without their having to know what is going on, I suspect that these would be more vulnerable. I also like the ability to determine for myself if a program needs access.

ZoneAlarm Recommended

I strongly recommend a current version of ZoneAlarm Internet Security Suite or ZoneAlarm Extreme Security.

• Special Internet Offer for ZoneAlarm Antivirus Protection!—Guards your front door — stopping hackers and other intruders in their tracks. (firewall, anti-virus and anti-spyware USD 19.95 for up to 3 PCs (50% off))
• Download ZoneAlarm Internet Security Suite and Save 50% —Essential antivirus, anti-spyware, and firewall protection for your PC. (firewall, anti-virus, anti-spyware, more… USD 24.95 for up to 3 PCs)
• ZoneAlarm Extreme Security — Save $20 Now! —The most comprehensive suite on the market. Protects your PC, your browser, and your data. (firewall, anti-virus, anti-spyware, hard drive encryption, more… USD 49.95 for up to 3 PCs)

All prices indicated are for a one-year subscription and subject to change.

Free Basic Firewall for Personal Use

Download ZoneAlarm Free Firewall Now!

There is a ZoneAlarm Basic Firewall (firewall only, no automatic configuration) which is FREE for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions).

Look on the extreme right of the window that opens for the download button/text. If you cannot see the download link, look for a scroll bar at the bottom of your browser window and move it so that you see the right side of the page. When you click on the link, make a note of where the file is saved on your computer.

1. When you click on the downloaded file, it will ask if you're running Windows XP or Vista, then download and install the correct version according to your response.
2. Close all programs running before installing—you'll need to restart you computer before the installation is complete.
3. Windows Firewall may ask if TrueVector Service should have access. Say yes.
4. Do NOT select the 15 day trial unless you wish to try the full version for 15 days (after which you'll need to either purchase the product or uninstall it, then reinstall the free version).
5. Start ZoneAlarm when directed. You will be prompted to restart Windows shortly after.
6. When Windows restarts, you may be offered a tutorial. It is worth viewing if you are new to ZA, but it is always available in the ZoneAlarm folder under All Programs.

Look at the information below to learn how to configure the free version. ZoneAlarm Internet Security Suite or ZoneAlarm Extreme Security will simplify the process of determining what programs should have access and can be purchased by following the links above.

Configuring ZoneAlarm

General Concepts

ZoneAlarm is designed to deny access to the Internet by default, allowing access only to the programs you've given permission to have access. This is it's best feature, but can be a stumbling block if you forget this.

Some broadband providers (like Shaw cable) insist that you uninstall ZoneAlarm if you request help with gaining access to the Internet, primarily because of this issue. If you need to remove ZoneAlarm, uninstall it properly, make the changes necessary to restore your Internet connection, then reinstall it to regain the protection it provides.

Giving & Denying Access

ZoneAlarm is an excellent program, but you must be sure to configure ZoneAlarm carefully so as not to compromise security. Before giving any program permission to access the Internet, be sure you know what the program requesting access is and why it needs Internet access.

Access Requests

When a program tries to access the Internet, ZoneAlarm provides you the opportunity to allow or deny access with the access request notice like the one shown to the right (see a larger image).

• Programs like your e-mail and Web browser need access.
• If you just started a program or began to install a program, it is likely that program/installer is the one seeking access permission.
• Many installation programs seek additional components on the Web or confirm that you have the most current version.

Setup programs may need access once. Give them temporary permission: click "Allow" but don't check the "Remember this setting" box. You should then remove setup programs from the Zone Alarm Programs listing once you have finished installing the program. ZoneAlarm will prompt you if access is needed at a later date.

If you are not sure whether to give permission for access, say no (but don't tell the program to remember the setting at this point). If the program continues to work you can make the decision final by telling ZoneAlarm to deny access—Remember this setting. You can also do a search for the application to see what it is. The application name in our example is firefox.exe.

The dialogue box indicates if this is a repeat request. Note that in our example, firefox.exe has previously had access granted.

"Changed Program" Warnings

ZoneAlarm doesn't just grant access because of a program's name or file location. It retains a "snapshot" of the characteristics of the approved programs and warns you with a changed program dialogue box similar to the one above (except that the top border colour is orange). If you've recently updated the program, you should allow permission.

ZoneAlarm Internet Security Suite "Suspicious Behavior" Warnings

ZoneAlarm Internet Security Suite offers the advantage of fewer alerts but may give you suspicious behavior warnings like the one shown to the right (see a larger image) for programs exhibiting unusual behaviour.

This warns you about programs that are changing files in manner similar to how malicious programs (virus or malware) would act. If you are installing a program or update you can probably allow the activity.

Read the description of the activity before allowing or denying the process. (The suspicious behavior box shown was displayed during an update of Shockwave Player for Internet Explorer.) Note: if you deny a legitimate program, the install cannot complete properly and the program may not function correctly.

The Program Control Screen

You can fine-tune the ZoneAlarm settings (or correct errors made with the dialogue box prompts) using the Program Control screen. To get there, follow these instructions:

1. Open ZoneAlarm by double-click on the ZoneAlarm "ZA" icon beside the clock. (This can be replaced with red/green bars during Internet activity.)
2. Click on Program Control (on the left-side menu) then the Programs tab (on the top).

You should then see something like the image on the right. If you click on this image you get a larger view with functions for the various parts of the screen shot labelled.

Giving or Denying Access to Specific Programs

• indicates the program has permission.
• indicates that the program is denied access.
• indicates that the program will ask each time it needs access. Note: once you've given or denied access to a program the setting will remain until you restart Windows.

You can change these values by left-clicking the symbol for the program.

• You should be most worried about the Internet column.
• Most programs don't need server access on home computers (usually only instant messenger programs need this sort of access).
• Unless you have set up a local network between the computers in your home or office the Trusted Zone refers to access on your own computer. With a network, you can configure ZoneAlarm to have certain computers designated as trusted.
• Note that I've blocked access to the printer's Spooler SubSystem App for all but Trusted Access. Unless you are printing across the Internet (or a domain) you don't need to offer more than this access to your printer.

Server Access Seldom Needed

Few programs need server rights. Only instant messenger programs (MSN Messenger, Yahoo! Messenger and AIM/AOL Instant Messenger), online conferencing software and file sharing software need such access.

Deny server access to all other programs (and to these programs if you don't use them). ZoneAlarm will usually warn you if you are changing something you shouldn't be changing (like the Application Layer Gateway Service in Windows XP).

Return to top

Updating ZoneAlarm

How to Update Your ZoneAlarm Product

Be sure you are running the most current version.

Support is provided for Windows XP, Vista and Windows 7 only. Check the ZoneAlarm Issues section for an older version that will work.

Automatic Updates

In most cases, ZoneAlarm will perform minor updates on its own as long as you have automatic updates enabled (the default setting).

New Version Available

However, if you see an update notice in the form of a dialogue box like the one to the right, it indicates that a new version is available. You'll need to download the update then install it. Downloading the update does not update ZoneAlarm.

Obtaining the Update

Click on Update Now to take you to the update page. (I strongly recommend that you don't put this update off as updates protect you with security updates.)

Free Basic Firewall Updates

If you are updating the Basic Firewall, when the download window opens, look for the download link on the extreme right of the window.

• Download ZoneAlarm Free Firewall Now!

Because the main window shows the advantages of the paid products, if you cannot see the download link right away you should look for a scroll bar at the bottom of your browser window and move it to see the link. Make a note of where the file is saved on your computer.

Installing the Update

Once you've downloaded the update, you'll now have to install it. The procedure is relatively simple as long as you read and follow the instruction. You will need to restart Windows to complete the process so you'll want to make sure that no other programs are running.

• Double-click the ZoneAlarm download to begin the update. You will be prompted to shut down the True Vector service. Say yes (only when updating or removing ZoneAlarm).
• Follow the prompts. Where the Next option is offered, do that, installing with the default choices; otherwise click OK or Done. There should be no need to change anything in the User Survey portion unless you have changed your type of Internet connection or have added a network. Where a choice is offered for added features, this usually entails added subscription fees after a trial period expires.
• Where offered a choice between a clean install (recommended) or an upgrade, you should choose the upgrade unless you are having difficulties with the current installation or if you are comfortable making the choices about which programs to allow access to the Internet, since a clean install wipes the current setup.
• Windows XP firewall may bring up a security alert asking if the True Vector service can have permission. Be sure to allow this access.
• When everything is complete, you are asked to restart the True Vector service, then your computer.
• Upon rebooting, there may be other offers, including a tutorial. This tutorial is worthwhile to refresh you memory about how ZoneAlarm operates and is placed in the Zone Labs Programs or All Programs folder in the Start Menu for future reference.

Once you've completed the upgrade, ZoneAlarm should operate just like it did before unless you selected a clean install, in which case the various programs that request access to the Internet will cause ZoneAlarm to prompt you for a decision regarding access. Again, your safest bet is to click on No. If the program works properly without access, then you can let ZoneAlarm know not to give the program access and not to prompt you.

Manual Program Updates

• Double Click the ZA (ZoneAlarm) icon located with the icons next to the clock in the task bar.
• Click on the Overview menu on the left side of the screen that comes up.
• Click on the Preferences sub-menu that shows beneath Overview.
• Click on the Check For Update button that appears on the resulting screen.

Manual Anti-virus Updates

You can also do a manual update, which I'd recommend for ZoneAlarm Internet Security Suite, ZoneAlarm Extreme Security or ZoneAlarm Antivirus prior to your scheduled virus scan so that you have the most recent detection information.

• Double Click the ZA (ZoneAlarm) icon located with the icons next to the clock in the task bar.
• Click on the Anti-virus/Anti-spyware menu on the left side of the screen that appears.
• Click on the Update Now button that appears on the resulting screen.

The program will then check to see that

Detailed Update Instructions

View detailed instructions on how to update your ZoneAlarm product.

Ensure ZoneAlarm is Current

If you are running ZoneAlarm paid products version 8.0.400.020 or earlier will not automatically update to version 9 (released September 25, 2009), even if you check manually. Download the most recent version of:

• ZoneAlarm Extreme Security Suite.
• ZoneAlarm Internet Security Suite.
• ZoneAlarm Pro.
• ZoneAlarm Antivirus.

You'll need a valid license to use these products for more than 15 days.

ZoneAlarm Free Firewall

Download ZoneAlarm Free Firewall Now! ZoneAlarm is FREE for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions).

Return to top

Uninstalling ZoneAlarm

If you want to stop using ZoneAlarm, be sure to uninstall it properly:

• Never just delete the ZoneAlarm program icons and the folder. ZoneAlarm makes changes to your system that require it to be properly uninstalled, either from the uninstall program in the Zone Labs program group or through the Windows Add/Remove Software utility (called Programs and Features in Windows 7).
• Some users have experienced difficulties when improperly uninstalling Zone Alarm. Be sure to remove any relevant registry entries. (Note: improper changes to the Windows registry can make your computer inoperable. Make these changes carefully or seek out professional assistance.)
• If ZoneAlarm was improperly uninstalled, you may need to reinstall it before uninstalling it again to complete the process successfully.

Return to top

ZoneAlarm Issues

Installation Issues

Lenovo PMHandler.exe

When installing ZoneAlarm on a Lenovo computer running Windows Vista 32, I ran into an issue where ZoneAlarm installed fine, but on the first reboot, a blue screen (BSOD) appeared. Going to Safe Mode and uninstalling ZoneAlarm resolved the issue, but not without sacrificing the protection ZoneAlarm offers.

A search showed that PMHandler.exe, the power management handler for Lenovo computers, can conflict with ZoneAlarm on Windows Vista machines. By going to Safe Mode and stopping PMHandler from loading allowed ZoneAlarm to complete the reboot and finalize the install. It is called PM Driver in the Programs and Features listing.

You can use MSconfig to make this change, but the startup tools in Piriform's CCleaner may be easier (just disable PMHandler).

This issue (and the solution) are documented in ZoneAlarm Forums: Latest update causes Vista to BSOD after logon.

Note: other causes have been noted by other users, including issues with Windows Firewall. If you can determine from the text that appears on the blue screen what program is creating the problem, you have a better chance of resolving it.

Internet Access Issues

Unable to Access the Internet

The most common reason people cannot access the Internet is because they have stopped ZoneAlarm from loading or have tried to delete ZoneAlarm's files without uninstalling ZoneAlarm properly. It can also happen if ZoneAlarm doesn't load correctly with Windows.

By default, ZoneAlarm (like many security products) disable access to the Internet. If ZoneAlarm is not running, it is unable to request permission for new programs to access the Internet. Programs that have been given access without asking (you instructed ZoneAlarm to remember the program can have access or it is a program recognized as safe by ZoneAlarm — not available in the free version) may continue to have access.

Other potential causes for loss of Internet access include:

• Windows Firewall can stop access. Be sure that TrueVector (a ZoneAlarm component) has permission to access the Internet in Windows Firewall.
• Your antivirus may disable access to your e-mail program or to other programs if it is not active.
• Anti-spyware can disable access for programs.

KB951748 Breaks ZoneAlarm

This is an archived issue that affected only ZoneAlarm version 7.483.000 in July 2008. You should be running the most current version of ZoneAlarm which is not affected. This issue is left here for reference in case you are unable to connect to the Internet and need to temporarily reduce ZoneAlarm's security to enable access.

Windows Update KB951748 (July, 2008) created a problem for ZoneAlarm. Download and install the latest version which solves the loss of Internet access problem. To get temporary access, move the Firewall's Internet Zone Security from High to Med. Be sure to restore it once you've downloaded the ZoneAlarm update.

Operating System Issues

Support For Newer Windows Versions

When new versions of Windows are released, support may not be available for security software. Windows Vista was a particularly bad example, because Microsoft made significant changes to Windows Vista just before release and many utilities and security software products would not run. The long Windows 7 release candidate program ensured ZoneAlarm availability for early Windows 7 adopters.

Support For Windows 9x/Me/2000 Ended

Note: ZoneAlarm discontinued support for Windows 98/98SE/Me/2000. ZoneAlarm version 6.1 will work, but don't expect support.

• Download ZoneAlarm version 6.1 (free for personal use).
  This link points directly to the zlsSetup_61_744_001_en.exe file.

Return to top

More About Security Issues

The following related pages offer more information about security:

• Security Basics—Preventing Unauthorized Access
• Firewalls—Your First Line of Defense
• Your Privacy At Risk—Spyware Detection & Removal
• Passwords and Encryption—Protecting Your Electronic Signature
• Web Security—Vulnerabilities in Internet Software
• Windows Security—Vulnerabilities in Windows
• Anti-Virus Protection—Current Alerts, Strategies, Hoaxes & Software
• Avoiding Spam & Copyright Abuses—Promote Responsible Net Commerce

PDF Documents

Several documents on this Website are labelled as PDF. You will need the free Acrobat® Reader® to view and print the PDF documents. Get the free Acrobat® Reader®.

Return to top

www.RussHarvey.bc.ca/resources/zonealarm.html
Updated: March 9, 2010

| Conditions of Use | Site Navigation | Site Map | Contact Us | Copyright © 1996-2010. All rights reserved. |

Skip Navigation

• Site Home
• Web Design »
• Writing & Editing
• Computer Services »
• Self-Help Resources
• Personal Pages
• Contact
• Site Map & Navigation
• Site Search

» Click for sub-menu.