Zone Labs adds anti-spyware tools

Check Point Software Technologies Ltd's chief technology officer Gregor Freund, who says he coined the term "spyware" eight years ago, said the company is adding broader spyware protection in the next version of the ZoneAlarm firewall.

The company has added a spyware scanner/cleaner and, more importantly, an OS firewall to the software, currently in beta. Freund said that the functionality will eventually also make it to Integrity, the enterprise version of ZoneAlarm.

We’ve always had a network firewall, and we introduced an application firewall, and now we’re building another firewall, another protection layer for the operating system, Freund told ComputerWire.

The idea is to give ZoneAlarm users a way to control what the software on their system can do. It sits deep in Windows, watching for events such as programs trying to insert themselves in the OS’s startup scripts or the registry.

This protects against many of the ways in which spyware installs itself, without needing to have signatures for every potentially unwanted program, Freund said. Users will have the option to kill malicious processes.

But the Program Advisor service, to be renamed SmartDefense Advisor, will deliver signatures, so ZoneAlarm can make suggestions as to whether the user should block the event as malicious, or let it through as benign.

In addition, the software will include regular spyware scanning and removal, based on signatures of known spyware. This feature will be built into the antivirus scan already included in some versions of ZoneAlarm.

All this new functionality will be also added to the Integrity client, which is the centrally managed version of ZoneAlarm, Freund confirmed. He would not give dates, but said new features in the consumer software usually make it to Integrity about six months later.

Freund also addressed a recent problem with the Program Advisor service, in which an automatic signature update crashed a key component of ZoneAlarm, leaving many users without a firewall for several hours.

According to ZoneAlarm users, the company pushed out a second buggy update, causing the same problem, early last week, but Freund said this was not the case. The first time was our screw-up, he admitted, calling it a failure of the testing process.

Program Advisor updates are pushed out over HTTP, he said, and users who saw the problem the second time may have been accessing a cached version of the original bugged update from their ISP, he claimed.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing