Tuesday, May 27, 2008

A Look At Live OneCare Vs ZoneAlarm

Microsoft last month announced a new offering was going into beta, code-named "Albany," that wrapped a number of pieces of software and service into a single bundle -- with the company's Live OneCare security offering a key component. While the software giant is aiming Albany at the consumer space, executives have suggested it could be part of a broader strategy to combine software and services in one package.

Against this backdrop, the Test Center decided to take a new look at Live OneCare and how it stacked up against Check Point's ZoneAlarm product. While Live OneCare may be part of an evolving, bundle-focused, end-point security strategy for Microsoft, can a VAR provide a better solution by going outside the bundle?

If the solution is security or intrusion detection, the problem, of course, is malware.

Though not as glamorous, malware tends to not originate from a single, directed attack by some cyber-criminal intent on wreaking havoc on your customer's systems. Rather, most malware comes from inadvertent misclicks from unknowing users who may have opened infected email attachments, fallen victim to a "drive-by-download" Website, or who may have simply clicked a pop-up ad promising a free iPod.

This means a well-guarded network is not just protected at the gateway, but at the endpoints -- namely the desktops. There's a slew of anti-malware software available for desktop protection. The Test Center took a head-to-look at two: Microsoft's Live OneCare and Check Point's ZoneAlarm Internet Security Suite.

A couple of reasons why these particular applications were pitted against each other: they both target the small/home business crowd (each suite reviewed supports up to 3 PCs), and each sells for the same $49.95.

Testing of each was done on twin HP boxes both installed with Windows Vista Ultimate SP1. On each machine, Windows Firewall was disabled as was Windows Defender. This was done to give a true picture as to the type of malware Live OneCare and ZoneAlarm could pick up and clean without additional software. Testers took a look at installation, configuration and malware fighting abilities of each.


There were differences noted between the two just during install. Zone Alarm installed without one hiccup, prompting for a reboot to complete. Live OneCare's install rolled along, and about mid-way through, the computer rebooted without any messages or warning. Although disconcerting, upon reboot Live OneCare was installed.


Live OneCare had an annoyance factor; to set it up, a log-on using a Windows Live account is necessary. To use this product, a Windows Live account needs to be established. As far as settings go, both applications offer pretty much the same configurable features; anti-virus, anti-spyware and firewall. There are some differences as well. ZoneAlarm lives up to its name by breaking a protected network into three distinct zones: Internet: protects a PC from unknown computers; Trusted: allows sharing of resources with familiar computers; and Blocked Security: to lock out untrusted machines. In a bit of irony, Check Point product's provide protection against spam and phishing for Outlook and Outlook Express. Live OneCare does not have that capability. Live OneCare does have an integrated back up feature, a nice add-on for a very small business or home PCs, but it is limited; you can choose the type of files to back-up but cannot select specified files by location.

Malware Battle

Both products readily detected common types of spyware thrown at them; Virus Ranger, Gator, Generic Adware and other various nuisances were all detected. ZoneAlarm was a bit more adroit at preventing malware install, after reviewers ignored the warning to see if the spyware would be allowed to install. Live OneCare, readily let the installation happen but was quick to provide alerts recognizing the installed code as malicious.

Both programs fared well in Firewall security. Core Security's Core Impact was used to send a battery of exploits against both boxes. Live OneCare's firewall proved slightly more impenetrable; Core Impact was unable to pick up on the type of OS and architecture running on the machine, while the PC running ZoneAlarm gave up that info.

Live OneCare is a decent choice for home use. Microsoft makes it easy to acquire and the fact that it integrates with Windows Live, is probably more convenient for home users. Also, protection from Live OneCare is certainly better than none, and the backup utility is a plus for home users, who may not have such a strategy deployed. But a better option, especially for a small business, is Zone Alarm. The ability to add and remove network computers within zones, gives a control method for securing a small network. Also Zone Alarm has a more detailed alert and reporting system; something a business user would probably need to refer to more than the average home user.

Bottom Line: Let the consumer space have a look at Albany, with Live OneCare. For VARs and professional IT security, a better starting point would be ZoneAlarm.

No comments: