ZoneAlarm Security
Obtaining ZoneAlarm | Installing | Configuring
Updating to Current Version | Uninstalling | ZoneAlarm Issues
You NEED a Firewall
If you are continually connected to the Internet — and most people are today — you cannot afford to be without a firewall. More about firewalls….
ZoneAlarm Recommended
Alternatively, Free Basic Antivirus + Firewall provides decent protect for FREE (if you qualify).
Obtaining ZoneAlarm
The ZoneAlarm 2013 product line (be sure you're at version 11 or newer) provide better security with an easier interface (Faster Performance | Stronger Protection | Enhanced Privacy).
Save up to 50% when you download these ZoneAlarm Security products:
- Download ZoneAlarm Extreme Security
— The most comprehensive suite on the market for everything you do online. (Antivirus & Anti-spyware Engine, Advanced Two-way Firewall, PC Tune-up, Do Not Track, Facebook Privacy Scan, Private Browsing, Anti-Spam, Parental Controls, Keylogger/Screengrabber Jamming, Identity Protection, Online Backup: Reg. USD 79.95 for up to 3 PCs); or
- Download ZoneAlarm Internet Security Suite
— Essential antivirus, anti-spyware, and firewall protection for your PC. (Antivirus & Anti-spyware Engine, Advanced Two-way Firewall, Do Not Track, Facebook Privacy Scan, Private Browsing, Anti-Spam, Parental Controls, Identity Protection, Online Backup: Reg. USD 69.95 for up to 3 PCs).
All prices indicated are for a one-year subscription and subject to change.
Free Basic Antivirus + Firewall for Personal Use
There is a ZoneAlarm basic Antivirus + Firewall (less frequent updates) which is FREE for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions).
There is more about ZoneAlarm's Free Antivirus + Firewall on the ZoneAlarm blog.
Check the License Agreement
If you are downloading or updating the free Antivirus + Firewall, be sure the ZoneAlarm licence agreement permits you to use the free version.
- Review the advantages of ZoneAlarm's paid products.
- Do NOT install the 15 day trial unless you wish to try the full version for 15 days (after which you'll need to either purchase the product or uninstall it, then reinstall the free version).
- Download the free ZoneAlarm (if you meet the requirements):
- Free Antivirus + Firewall (recommended)
- Original Free Basic Firewall (no antivirus)
- The installer is a small file that starts the installation process then downloads the remainder of the required files.
- If you are offered TrialPay, look for the free download link. (TrialPay requires you to purchase other qualifying products to obtain the software for “free”).
- Make a note of where the file is saved on your computer (usually in your Downloads folder or on the desktop).
Paid Products Recommended
Even if you qualify for to use the free ZoneAlarm, for better security I strongly recommend you purchase ZoneAlarm Extreme Security (most complete protection) or ZoneAlarm Security Suite (superior protection).
- Get discounts on one-year subscriptions to ZoneAlarm products for up to 3 computers using these links.
- The free ZoneAlarm products only update once daily (instead of hourly).
- If you use the basic free firewall, conflicts with other security software may leave you vulnerable to the more dangerous threats you face on the Internet today.
- ZoneAlarm Free Antivirus + Firewall 11.0 User Guide.
Be cautious when installing multiple security products. Multiple antivirus and other products can appear as a threat to each other and, in the process, allow your computer to become infected.
Installing ZoneAlarm
These instruction will help you to install ZoneAlarm smoothly and avoid issues. These same instructions apply if you're doing a major product upgrade requiring an install.
- Close all programs running before installing — you'll need to restart your computer before the installation is complete.
- If you're updating ZoneAlarm, you'll need to ensure you're installing the same product as is currently installed and you will need a valid license.
- If you install a trial version for which you don't have a valid license, you'll either need to purchase a license for that exact trial product or uninstall it within 15 days.
- If you choose to use another product, you'll need to uninstall the trial version then install the product for which you have a valid license (or meet the ZoneAlarm licence agreement if you're using one of the free products).
- Follow the instructions as each dialogue box appears.
Starting the Install
Double-click on the ZoneAlarm icon for the product you are installing. The installation will begin with this dialogue box:
Options & License Agreement
Choose the “Custom Install” option (the text is under the yellow Quick Install button) so that you can choose the options you want for the Security Toolbar:
Depending upon the version you're installing, you'll see one or more of these options pre-selected:
- Make ZoneAlarm search my homepage
- Install ZoneAlarm toolbar
- Make ZoneAlarm my default search
My recommendation is to deselect all of the above. Otherwise your current homepage and default search choices will be changed and the toolbar will be installed.
- While toolbars may be convenient, there are significant privacy issues.
- Search engines track your search queries. I recommend Startpage because it offers you search results from Google in complete privacy!
- If your current homepage is not what you want, you can change it by adding the desired page in your browser's settings. I strongly recommend against allowing programs to make changes to this setting.
Next, review the license agreement, then select Agree.
The Installation Process
The ZoneAlarm installer will then appear. If additional options appear, I'd recommend downloading the full package.
Once the necessary files have downloaded, the product installation will begin.
- Windows Firewall may ask if TrueVector Service should have access. Say yes.
- The progress bar will indicate the status of the install.
- Some processes take longer than others. Don't worry if the progress bar appears to be stopped for some time.
Finishing the Install
Once the installation is complete, you'll see a “Setup finished!” dialogue box. If you wish to register your product, type in your email address and ensure the check box is selected.
Click “Finish.” Windows will restart shortly after.
When Windows restarts, ZoneAlarm is fully functional. Have a look at the Top 10 User Questions on the CheckPoint site if you're having problems.
Now, proceed to the instructions for configuring your newly installed ZoneAlarm product.
Configuring ZoneAlarm
For the most part, ZoneAlarm does an excellent job of configuring itself and most users seldom have to make changes.
Trusted or Public Zone
When you first connect to a network, ZoneAlarm asks you to select a trust level for the connection.
- Most users should select the Public zone. It is meant for public access on open networks (i.e. free WiFi in a coffee shop) but will be the safest choice.
- Select Trusted if you need to share files or printers between computers on your trusted network (presumably one you control).
The Public zone is safer if you're unsure. You can always change it later.
ZoneAlarm Interface
With the release of the ZoneAlarm 2012 product line there have been significant changes to the layout of the product to simplify maintenance. The home screen from the Extreme Security version is shown below:
Although ZoneAlarm does an excellent job of determining the setting for most programs and most users, each of the three windows has settings that can be adjusted by clicking on each specific pane:
- Computer includes Advanced Firewall, Anti-virus & Anti-spyware, Application Control and PC Tune-Up settings.
- Internet controls Web Security, Browser Virtualization, Anti-spam and Parental Controls.
- Identity & Data includes Identity Protection, DataLock Hard Drive Encryption and Online Backup.
There are additional settings options for the services available in your version of ZoneAlarm (Extreme Security has them all). Have a look at the Antivirus settings:
General Concepts
Access Denied by Default
ZoneAlarm is designed to deny access to the Internet by default, allowing access only to the programs you've given permission to have access. This is it's best feature, but can be a stumbling block if you forget this.
- Simply disabling ZoneAlarm creates problems.
- If you need to remove ZoneAlarm, uninstall it properly, make the changes necessary to restore your Internet connection, then reinstall it to regain the protection it provides.
Giving & Denying Access
“Changed Program” Warnings
ZoneAlarm doesn't just grant access because of a program's name or file location. It retains a "snapshot" of the characteristics of the approved programs.
ZoneAlarm "Suspicious Behavior" Warnings
ZoneAlarm Extreme and Internet Security Suite offer the advantage of fewer alerts but may give you suspicious behavior warnings for programs exhibiting unusual behaviour.
This warns you about programs that are changing files in manner similar to how malicious programs (virus or malware) would act. If you are intentionally installing a program or update you can probably allow the activity.
Read the description of the activity before allowing or denying the process. Note: if you deny a legitimate program, the install cannot complete properly and the program may not function correctly.
The Program Control Screen
You can fine-tune the ZoneAlarm settings (or correct problems with programs not in ZoneAlarm's database) using the Program Control screen. To get there, follow these instructions:
- Open ZoneAlarm by double-click on the ZoneAlarm ZA icon beside the clock.
- Click on the Computer pane then look for the Application Control section then the programs secured listing to see the programs ZoneAlarm is monitoring on your computer.
- A new Application Control window will appear. Click on the View Programs entry on the left if it isn't already selected.
The list of programs may take a moment or two to load. You can view the settings by clicking on any particular program so that the details appear in the pane at the bottom.
You'll notice that most programs will have a set of green bars showing the trust level but there are also four settings:
- Outbound Trusted;
- Outbound Internet;
- Inbound Trusted; and
- Inbound Internet.
Giving or Denying Access to Specific Programs
Each program will have a series of the following indicators for each of these categories:
indicates the program has permission.
indicates that the program is denied access.
indicates that the program will ask each time it needs access.
Note: once you've given or denied access to a program the setting will remain until you restart Windows.
You can change these values by left-clicking the symbol for the program. Be aware that making the wrong choices can deny critical programs access to the Internet.
- You should be most worried about the Internet column.
- Most programs don't need server access on home computers (usually only instant messenger programs need this sort of access).
- Unless you have set up a local network between the computers in your home or office the Trusted Zone refers to access on your own computer. With a network, you can configure ZoneAlarm to have certain computers designated as trusted.
- Note that I've blocked access to the printer's Spooler SubSystem App for all but Trusted Access. Unless you are printing across the Internet (or a domain) you don't need to offer more than this access to your printer.
Server Access Seldom Needed
Few programs need server rights. Instant messenger programs (MSN Messenger, Yahoo! Messenger and AIM/AOL Instant Messenger), online conferencing software, the Application Layer Gateway Service in Windows XP and file sharing software need such access.
For the majority of programs commonly in use ZoneAlarm will provide the correct settings (indicated by the green bars in the Trust Level column). Where a appears in that column, you may need to configure the program's choices.
You can generally deny server access to all other programs (and to these programs if you don't use them). If any of these programs don't work after denying access, you may need to experiment to see what settings are necessary.
Ensure ZoneAlarm is Current
Paid Versions | Release Histories | Updating the Free Versions | Automatic Updates
How to Update Your ZoneAlarm Product
Generally older version will not automatically update to newer versions — even if you check manually. You'll need to download the most recent version from one of the links below. There are two basic classes of products:
- paid versions for which you need to purchase a license; and
- free versions which are available at no charge provided you can meet the license requirements.
I'd recommend choosing one of the paid versions because of more complete protection even though the new Free Antivirus + Firewall compares very favourably to competitive commercial products.
Paid Versions
CheckPoint's Release History pages have generally been a great place to get the current version but you can also download trial versions if you have a valid license.
Release Histories
These Release History versions (as well as the "current version" documentation on CheckPoint's site) remained static from December 2011 until July 2012) but seem to be updating regularly now:
- ZoneAlarm Extreme Security Suite.
- ZoneAlarm Internet Security Suite.
- ZoneAlarm Pro.
- ZoneAlarm Antivirus.
- ZoneAlarm SocialGuard.
Trial Versions Provide Alternative Upgrade Path
The most recent version is available by downloading the appropriate ZoneAlarm 30-day Free Trial. As long as you use a current license, these versions will work fine.
- Make a note of where the file is saved on your computer so you can find it later.
- You'll need a valid license to use these products for more than 15 days.
- Without a valid licence, if you elect to return to the free version, you'll need to uninstall the trial version then install the free version.
You'll need to use the Trial Versions (in the previous section) to obtain major updates.
Updating the Free Basic Firewalls
- ZoneAlarm Free provides basic firewall protection for individual and not-for-profit charitable entity use (excluding governmental entities and educational institutions). See the ZoneAlarm Free Release History for the most current download or follow the Free ZoneAlarm download links in the Obtaining ZoneAlarm section.
- A release history not available for the new Free Antivirus + Firewall, but is at the same version as the Free Basic Firewall (above).
Automatic Updates
In most cases, ZoneAlarm will perform minor updates on its own as long as you have automatic updates enabled (the default setting) but it doesn't hurt to ensure you're updated manually.
Even if you qualify for to use the free ZoneAlarm, I strongly recommend you ZoneAlarm Extreme Security or Internet Security Suite (see my links which provide discounts on one-year subscriptions to ZA products). As pricing goes up you get increased protection and features.
ZA Free is easier to configure than previously but can have compatibility issues with other security software leaving you vulnerable to the more dangerous threats you face on the Internet today.
Installing Updates
Once you've downloaded an update, you'll now have to install it. The procedure is relatively simple as long as you read and follow the instructions. You will need to restart Windows to complete the process so you'll want to make sure that no other programs are running.
Installing an update involves the same procedures as installing ZoneAlarm.
Once you've completed the upgrade, ZoneAlarm should operate just like it did before unless you selected a clean install, in which case the various programs that request access to the Internet will cause ZoneAlarm to prompt you for a decision regarding access. Again, your safest bet is to click on No (but don't tell it to remember the setting unless you're SURE). If the program works properly without access, then you can let ZoneAlarm know not to give the program access and not to prompt you by remembering your choice.
Manual Program Updates
- Double Click the ZA (ZoneAlarm) icon located with the icons next to the clock in the task bar.
- Click on Update at the top left side of the ZoneAlarm display.
- The program will check for updates and you'll see a progress bar showing the download and installation.
- Once complete, simply click the Close button.
Manual Anti-virus Updates
You can also do a manual update, which I'd recommend prior to any scheduled virus scan so that you have the most recent detection information. The procedure is the same as above.
Uninstalling ZoneAlarm
Uninstall ZoneAlarm Correctly
If you want to stop using ZoneAlarm, be sure to uninstall it properly:
- Disabling the startup of ZoneAlarm will cause you problems because it continues to run invisibly (a security measure so it can't be disabled by malware). Programs with automatic permission to run will continue to work, but those requiring your permission will not.
- Never just delete the ZoneAlarm program icons and the folder. ZoneAlarm makes changes to your system that require it to be properly uninstalled, either from the uninstall program in the Zone Labs program group or through the Windows Add/Remove Software utility (called Programs and Features in Windows 7).
- Some users have experienced difficulties when improperly uninstalling Zone Alarm. Be sure to remove any relevant registry entries. (Note: improper changes to the Windows registry can make your computer inoperable. Make these changes carefully or seek out professional assistance.)
- If ZoneAlarm was improperly uninstalled, you may need to reinstall it before uninstalling it again to complete the process successfully.
How to Uninstall ZoneAlarm
If you have problems updating or maintaining ZoneAlarm, you may need to uninstall it and reinstall. It is recommended that you not do an "upgrade" installation in this case.
Try the Windows Uninstaller
First try uninstalling ZoneAlarm using the uninstaller built into Windows.
- The uninstaller is found in the Control Panel — select Programs and Features (Add/Remove Programs for XP). You'll need to reboot Windows to complete the uninstall.
- You'll want to have a current copy of the correct version of ZoneAlarm for your license.
- You'll need to reboot again when the installation is complete.
Use the ZoneAlarm Removal Tool
If uninstalling and reinstalling ZoneAlarm didn't work, you'll need to use the ZoneAlarm Removal Tool. This program completely removes the settings and changes made by ZoneAlarm. You then reboot and reinstall ZoneAlarm.
There is more information in the ZoneAlarm Community Forums.
ZoneAlarm Issues
Installation Issues
Lenovo PMHandler.exe
When installing ZoneAlarm on a Lenovo computer running Windows Vista 32, I ran into an issue where ZoneAlarm installed fine, but on the first reboot, a blue screen (BSOD) appeared. Going to Safe Mode and uninstalling ZoneAlarm resolved the issue, but not without sacrificing the protection ZoneAlarm offers.
A search showed that PMHandler.exe, the power management handler for Lenovo computers, can conflict with ZoneAlarm on Windows Vista machines. By going to Safe Mode and stopping PMHandler from loading allowed ZoneAlarm to complete the reboot and finalize the install. It is called PM Driver in the Programs and Features listing.
You can use MSconfig to make this change, but the startup tools in Piriform's CCleaner may be easier (just disable PMHandler).
This issue (and the solution) are documented in ZoneAlarm Forums: Latest update causes Vista to BSOD after logon.
Note: other causes have been noted by other users, including issues with Windows Firewall. If you can determine from the text that appears on the blue screen what program is creating the problem, you have a better chance of resolving the problem you're experiencing.
Internet Access Issues
Unable to Access the Internet
The most common reason people cannot access the Internet is because they have stopped ZoneAlarm from loading or have tried to delete ZoneAlarm's files without uninstalling ZoneAlarm properly. It can also happen if ZoneAlarm doesn't load correctly with Windows.
By default, ZoneAlarm (like many security products) disable access to the Internet. If ZoneAlarm is not running, it is unable to request permission for new programs to access the Internet. Programs that have been given access without asking (you instructed ZoneAlarm to remember the program can have access or it is a program recognized as safe by ZoneAlarm — not available in the free version) may continue to have access.
Other potential causes for loss of Internet access include:
- Windows Firewall can stop access. Be sure that TrueVector (a ZoneAlarm component) has permission to access the Internet in Windows Firewall.
- Your antivirus may disable access to your email program or to other programs if it is not active.
- Anti-spyware can disable access for programs.
- Trojans and other malware (including programs that emulate antivirus software but are malware) usually disable your antivirus and access to security sites on the Web.
Operating System Issues
Support For Newer Windows Versions
When new versions of Windows are released, support may not be available for security software. Windows Vista was a particularly bad example, because Microsoft made significant changes to Windows Vista just before release and many utilities and security software products would not run. The long Windows 7 release candidate program ensured ZoneAlarm availability for early Windows 7 adopters.
Windows 7 (SP1 recommended), Vista (SP2) or XP (SP2/SP3) Required
View ZoneAlarm's current system requirements.
- The nature of threats on the Internet has changed.
- Older (or unpatched) Windows systems are more vulnerable. Download and install the latest available service pack and security updates for Windows (and Office or Office viewers if installed).
- Newer threats are much harder to detect and very difficult to remove.
- Know how your security software warns you about threats. Many websites are infected with programs that appear to be legitimate, but whose purpose is to scare you into downloading dangerous software.
More About Related Issues
Protecting Your Online Identity
The following related pages offer more information about protecting your online identity:
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Avoiding Spam — Unsolicited Emails and Mailing Lists
- Phishing — Obtaining Information by Deceit
- Proper Email Address Etiquette — Using To:, CC: & BCC: Correctly
Securing Your Computer
The following related pages offer more information about securing your computer:
- Security Basics — Preventing Unauthorized Access
- Security Strategies — Avoiding Infections
- Firewalls — Your First Line of Defense
- Anti-Virus Protection — Current Alerts, Strategies, Hoaxes & Software
- Your Privacy At Risk — Spyware Detection & Removal
- Encryption — Protecting Your Data
- Passwords — Protecting Your Electronic Signature
- Web Security — Vulnerabilities in Internet Software
- Windows Security — Vulnerabilities in Windows
www.RussHarvey.bc.ca/resources/zonealarm.html
Updated: May 2, 2013