Continuing the recent series of tests for different security solutions available out there, ZoneAlarm’s top product, Extreme Security Suite 2012 was taken for a test drive. Here’s a rundown of the test:
First stop: a website infected with a Trojan. Once in it, I was prompted to download a malicious file, and emulating a not-very-savvy user, did so, then opened the downloaded file. Nothing seemed to happen. No warning from ZoneAlarm, no sign of infection either… so I resorted to the good ol’ process monitor to see what had just happened. Too many times these infections deliver their payload invisible to the human eye, so to speak.
But not this time. Very nice! ZoneAlarm did not allow the execution of the malicious file. Even though it did not alert of its maliciousness, ZA did not allow the malicious file to deliver its payload. An on-demand scan of the downloaded file was met by ZA with a correct labeling of “malicious” and deletion (I think the real-time protection module should have alerted without needing an on-demand scan, but won’t hold it against ZA. For all practical purposes that first run was a pass).
Second run: Another malicious Trojan. Similar story.
Third attempt… a fake antivirus, famous for being hard to detect. Mixed result: ZA did not allow the payload to be delivered, but this time not even an on-demand scan of the file resulted in the correct label of malicious.
Fourth run: the infamous Koobface worm. Not so new anymore so no surprise that ZA’s real-time module caught it this time, before I could even open it. But a pass is a pass.
As with others tested security programs, no evaluation was done on computer resources usage or compatibility problems. Strictly from the viewpoint of protection against drive-by download infections, ZA’s Extreme Security Suite 2012 is a pass. It therefore joins the ranks of the other 2 suites that have passed this test, Kaspersky Security Suite 2012 and VIPRE Antivirus Premium 4.