Internet Security Zone Blog

by Laura Yecies

What’s the difference between a regular browser and a virtualized browser? Not much that you’d notice, and plenty that you won’t. And that’s the way it should be.

Security should require as little intervention as possible from you. It should instinctively deflect attacks quietly in the background while allowing you to go about your everyday business without interruption or interference.

That’s the goal behind the browser virtualization feature we built as the foundation of the new ZoneAlarm ForceField. In some ways, it’s anti-traditional. It doesn’t scan your hard-drive or filter incoming emails. It’s not actually looking for threats. Browser virtualization allows you to be attacked, but at the same time avoid harm.

But to us, this approach *is* traditional…it’s not unlike the firewall. Like the original firewall (which remains super-relevant even after almost a decade), in a way browser virtualization tricks a hacker into believing something. The firewall stealths ports to avoid random probes hackers may have unleashed on the Internet (ie a hacker may run a port scan on a range of IP addresses to find vulnerable PCs connected to the Internet). Similarly, browser virtualization can trick a hacker into believing the files he seeks to infect through Web-based attacks are simply not there, because they’re partitioned away from the Web session.

That provides a bubble of security that allows you to make mistakes, and flush them away simply by closing the browser. It’s security without the hassle.

Why is it important?

Each time you surf the Web, a number of changes — many innocuous — are made to your OS. For example, when you fill out an online form to become a registered user of a Web site, the site’s server may download a “cookie” onto your PC to allow you to be automatically logged in on your next visit.

But some hackers are using Web sites to deliver malicious software to your PC.

For instance, a keylogger could be automatically downloaded from an infected Web server to your PC to record everything you type and transmit it to cybercriminals. Or a Trojan could be hidden in a video you are trying to watch on a social networking site, allowing a hacker to take over control of your PC and turn it into a “zombie” PC.

How does it work?

ZoneAlarm ForceField diverts all automatic reading and writing attempts as you surf the Web to an emulated, or “pretend” part of the operating system, isolating your “real” operating system from automatic drive-by-downloads and Web-based malware. It’s essentially a reverse-trick.

You may have heard of business-focused PC and data center virtualization solutions from companies like VMWare and Citrix. ZoneAlarm ForceField’s virtualization engine is in a way similar in function to “manual virtualization systems” like VMWare™. But instead of virtualizing an entire image of your operating system and partitioning it like an entirely new “second PC” on a single machine,  ZoneAlarm ForceField uses precision emulation, virtualizing only those parts of the operating system that are written to by Web sites. It also automatically maintains the virtual system it creates.

There is no large installation, significantly less system memory use and associated performance degradation, and no need for you to keep track of two separate operating systems (or even two separate filing systems).

The virtualization engine works in two directions, protecting your PC by writing “unsolicited” downloads to the emulation layer (but still allowing you to intentionally download stuff you want), but also protecting the Web session (such as banking, shopping etc). The “bubble” prevents spyware technologies like keyloggers and screenscrapers that may already lurk on your PC from seeing anything you are doing. It’s like blinding the spyware.

This is a new technology, and we’re already working on our next generation of virtualization technologies. Stay tuned…

by Laura Yecies

It’s now been 2 weeks since the Patch Tuesday mess that knocked many of you offline. Since ZoneAlarm updates have been released, Microsoft has released a revised security bulletin and knowledge base article, and things have largely returned to normal, I wanted to offer you an apology, plus an explanation of events and outline the steps we’re taking to reduce the risk of this happening again.

First, the apology. This should not have happened, and everyone here at Check Point is very sorry for your inconvenience.

What happened? As you probably now know, Microsoft issues new security patches on the second Tuesday of each month for its Windows operating system and Internet Explorer browser. This is called “Patch Tuesday.” Two weeks ago, one of the security updates wasn’t compatible with ZoneAlarm, causing many of our customers to lose Internet access.

(What’s particularly ironic is that we have long tried to tell all of you how important it is to patch your PC as soon as Microsoft releases these updates, and I always try to reiterate that point here in this blog. And I still will – these security updates are critical to your overall PC safety…please don’t allow this experience to change your patching habits.)

But I digress.

In this case, since it was a Windows patch and not an update issued by ZoneAlarm that instigated the crisis, we learned of the conflict from you – through our customer service line, forums etc. Immediately, our engineering team sprung into action, and in less than 24 hours released a new, tested and QA’ed version to resolve it. Our team posted a work-around to the Web site within hours, and our developers in San Francisco worked through the night to create a permanent solution. This is no easy feat, and while I’ve thanked them personally, I also wanted to acknowledge their outstanding commitment publicly.

So here’s what we’re going to do: We’ve assigned a team of top engineers to install any new updates on a new test bed currently being engineered specifically to catch compatibility issues between Windows or Internet Explorer and all ZoneAlarm products. This will happen in real-time on Patch Tuesdays.

In addition, we’re working with Microsoft to try to open up new communication avenues. While it’s not a panacea, more open and coordinated communication is a positive step forward.

Thank you for your understanding, and a special thank you to everyone in the ZoneAlarm user community who helped us spread the word once we had a workaround identified and posted. Your help was invaluable.

Safe surfing,

Laura

A message from ZoneAlarm ….

On Tuesday, Microsoft rolled out an automatic update to all of their users.  Unfortunately, this cut off Internet access for anyone on Windows XP or Windows 2000 using the ZoneAlarm firewall.  This is the #1 free firewall in the world, and is also included in other security products sold by ZoneAlarm.

For ways to fix this, go here:  http://download.zonealarm.com/bin/free/pressReleases/2008/LossOfInternetAccessIssue.html

Or call Customer Service here: 1-877-966-5221

by Laura Yecies

Here along the 101 corridor in Silicon Valley, technical jargon, acronyms and super-secret code names can at times overwhelm our daily lexicon. But when we launch a new product, it’s our responsibility to leave the techie talk behind and explain how it works in real English. Sometimes, that’s not as easy as it looks.

Take the firewall. It’s not a complicated technology, but when we first launched it almost a decade ago, there were extensive debates about how to describe it to people. In fact, the first edition of ZA wasn’t even called a firewall, it was port management software for enterprise PCs. ZoneAlarm ended up being the first personal firewall and today that core product remains the leader in free firewalls (and is the foundation of almost all of our ZA products). The final explanation not only described our product, but defined firewalls for the entire industry.

More recently, we faced a similar situation. ZoneAlarm ForceField is the first of its kind. True, there have been some basic virtualization attemps (such as GreenBorder bought by Google and discontinued) but they lacked the active security layers anti-phishing and drive-by download security we added and were difficult for consumers to use. Forcefield isn’t a single technology, but a grouping of key features intended to work in concert to ensure a safe, easy, surfing experience.

So there was no established industry jargon, or accepted terminology to help us describe ForceField’s capabilities. There was no naming nomenclature (IE “Internet Security Suite”) to guide us in the branding and marketing. It was a blank slate.

We accepted the challenge enthusiastically as this is one of the most fun parts of a marketer’s job. Everyone in our group was encouraged to give input, especially with coming up with an analogy that related to real life - to better explain the technology to everyday people. Some of the ideas were fun and wacky (May the ForceField Be With You), others were intended to give you a visual picture of how the technology worked. We ended up going in that direction, and two main concepts have endured. The first is the idea that ZoneAlarm ForceField is your browser “stunt double”. It’s you surfing the Internet, but your stunt double takes the hits when a hacker tries to strike. At the end of your session, you can toss away the stunt double browser, keeping the “real you” safe.

The other analogy that we use is the virtual bubble of security – in fact this idea is what gave rise to the product name.  Surfing the Web with ForceField is like surfing in a bubble that you control. Attacks that happen during your session are isolated in the bubble, protecting your PC and keeping your most sensitive data safe. At the same time, malware already on your PC, like perhaps a keylogger, is prevented from spying on anything happening within your surfing bubble, keeping your keystokes, mouse clicks and Web transactions safe from prying eyes. 

I’m not sure either of these two descriptions are 100%, but they’re close. However, we’re always open to ideas, so if you have one feel free to e-mail it over (lyecies@zone.checkpoint.com).

Also, in future posts we will start a series using real-world language to explain *all* the different features in the Suite that protect you, and how they work. We talk about layered security, so these posts will explain each individual feature, how to best use it, and how these different layers work together to help keep you safe from a variety of attacks. Also, please let us know what you think…are the descriptions still too technical? Do you have a better way of explaining it? We’d love to hear from you…

Safe surfing!

Laura