Windows 7 Security Information
How Secure is Windows 7?
win 7 - windows 7 - win7
 
Security Overview
ZoneAlarm is pleased to bring the world's #1 firewall and award-winning Internet protection to the Windows 7™ operating system, delivering advanced security for Windows 7 users.

While Windows 7 has made security enhancements, it does not include, nor is it intended to include, a full security system.

What security does Windows 7 give you? This chart compares Windows 7 to our leading security suite.

Security Features

Windows 7
& Vista
Inbound & Outbound
Full Stealth Mode  
Antivirus/Anti-spyware 1
User Access Control
Program Monitoring  
Behavioral Rootkit Detection  
Browser Security
Blocks known dangerous sites & downloads
Blocks new dangerous sites & downloads not yet reported  
Stops browser exploits, drive-by downloads  
Stops plug-in and web application exploits  
Daily Credit Report Monitoring, Alerts ^  
Victim Recovery Service ^  
Hard Drive Encryption 2 3
Password and Disk Recovery for Encryption   3
Secure Online Backup ^  
Other Security
Parental Controls
Anti-spam  

^ US Only
1. Standalone anti-virus and anti-spyware available separately for free in Microsoft Security Essentials.
2. Microsoft includes hard drive encryption only in their top of the line "Ultimate" version of Windows 7 and Vista.
3. Hard Drive Encryption for laptops is available for an additional fee.


Antivirus Protection
Windows 7 does not include antivirus protection. However, Microsoft and other vendors do offer free basic antivirus scanning programs like Microsoft Security Essentials. Most threats can eventually be detected by these antivirus programs, but only after they have been discovered "in the wild" and recorded.

New viruses and spyware are created everyday. This means that the real danger lies in the threats your basic antivirus has not heard about yet and therefore cannot detect.

Why would you need more than antivirus software?
Detection of new viruses by antivirus programs is less than 70% successful, according to retrospective, proactive testing of antivirus programs.

Known viruses caught vs. New viruses missed
Source: AV-Comparatives Proactive/retrospective test May 2009. AV-Comparatives is an independent organization that
tests how well different antivirus engines detect viruses and other threats.

While independent testing shows that many antivirus programs score over 90% in catching known malware, you may not have heard that the testing also shows that retroactive, proactive detection of unknown, new malware is less than 70% successful.

Our answer to this problem is to add several other ways of spotting the bad guys and keeping them off your computer in the first place.

That's why ZoneAlarm Extreme Security includes the following:

To stop known viruses and spyware:

  • Strong, fast antivirus/antispyware engine with frequent virus signature updates

To stop unknown, new viruses and spyware:
  • Heuristic scanning checks for a complex set of malware characteristics
  • Program and process control and the OSFirewall constantly watch for suspicious activity and unauthorized attempts to send information out of your computer
  • Virtual browsing neutralizes threats that sneak through browser security holes

Firewall Protection
The Microsoft Windows 7 operating system does not include full firewall protection. Firewalls stop malicious attacks from entering or exiting your system. Without full protection, you and your system are vulnerable to common attacks. See the leak test results for proof.

Full firewall protection provides both perimeter and operating-system firewall protection. By default, Windows 7 includes a basic inbound firewall and the option to configure some basic outbound firewall protection. But even with all of these controls on, Windows 7 remains vulnerable to other firewall and operating system attacks. Only the ZoneAlarm OSFirewall™ guards against suspicious behavior all the way down to the operating system level.

What can go wrong if I only have the default Windows 7 firewall? There are a number of ways hackers get past the kind of basic inbound firewall found in Windows 7 and other products. This is why we created our OSFirewall to protect you from threats like these:

  • Download deceptions — You or someone who uses your computer is deceived into installing a seemingly safe download, such as a screensaver, which hides malicious software in it. This "trojan horse" malware can be used to set up access for hackers.
  • Spoofing attacks — A person or program masquerades as another by falsifying data in order to trick the inbound firewall. Once the intruder is in, only an outbound and OS-level firewall can protect you by detecting and blocking his suspicious behavior.
  • Rootkits — These are programs that enable secret privileged access to your computer or network. Hackers typically install them by exploiting vulnerability or cracking a password. They may be discovered by strong antivirus software, but are difficult to detect before they do harm because they activate each time your computer starts up.
  • Security exploits — These are programs crafted to take advantage of a security hole or "back door." Hackers use vulnerability scanners to quickly check computers for such known weaknesses. Research shows that most people are inadvertently running outdated, hacker-friendly software that allows security exploits.1

ZoneAlarm products are famous for their award-winning firewall, which works hard to protect you from all of the above. And it's fully compatible with Windows 7.

Of 51 firewall leak tests, ZoneAlarm Extreme Security on Windows 7 passed 100%. Windows 7 alone, with default security settings, failed 33% of the same set of tests. Results of some of these tests are shown below.

Tests
(click test name for more info)

Passed = Passed Failed = Failed
Windows 7 with
ZoneAlarm
Extreme Security
2010
Windows 7 only
with default
security settings
Breakout2 creates and HTML page locally that points to its target URL. Then, it enables Active Desktop and sets its HTML page as your desktop wallpaper. If your firewall fails this test, then your firewall does not check for Active Desktop abuse.
Coat
Passed
Failed
ECHOtest
Passed
Passed
Leaktest was designed to test whether just renaming a malicious program with the name of an authorized application could allow it to bypass your firewall. If your firewall fails, then your firewall trusts your applications by there name (characters) instead of by a crypted fingerprint, e.g., MD5 (Message-Digest algorithm 5) which is a widely-used cryptographic hash function with a 128-bit hash value.
Keylog5
Passed
Failed
Keylog6
Passed
Failed
OSfwbypass
Passed
Failed
Runner2
Passed
Passed
Schedtest
Passed
Failed
SSS3
Passed
Failed
Tooleaky
Passed
Passed
Wallbreaker1
Passed
Failed
Yalta has both a classical test, and an advanced test. The classical test tries to send UDP packets toward ports that are often allowed, e.g., 53 (DNS), 21 (FTP). The advanced test uses a driver to send packets directly to the network interface, going under TCP/IP layer. If your firewall fails this test, then your firewall may allow traffic that you did not initiate on pre-configured ports.
AWFT1
Passed
Passed
DNSTest
Passed
Passed
Generally, when an application accesses the Internet, your firewall uses the Windows API to retrieve the parent PID. Ghost changes the PID by shutting itself down and restarting to continue to send data. If your firewall fails this test, then your firewall's parent/child network access monitoring is checking too late.
Instead of directly modifying the target process memory, Jumper makes the target load its foriegn DLL by itself. To do so, Jumper writes to the 'AppInit_DLLs' registry entry, and then kills explorer.exe which is reloaded automatically by Windows. Once inside the Jumper DLL modifies your Internet Explorere (IE) start page registry entry with all the data it wants to transmit, and then launches IE. If your firewall fails this test, then your firewall is not monitoring the critical registry entries.
Wallbreaker3
Passed
Failed
Wallbreaker4
Passed
Passed
AWFT3
Passed
Passed
AWFT4
Passed
Passed
On XP all DNS requests from various applications are transmitted to the DNS client (SVCHOST.EXE). This behavior can be used to transmit data to a remote computer by crafting a special DNS request without the firewall noticing it. DNStester uses this kind of DNS recursive request to bypass your firewall. If your firewall fails this test, then your firewall checks too late for DNS requests.
Kernel1
Passed
Passed
SSS2
Passed
Failed
Thermite injects it's code into the target process directly by creating an additional malicious thread within that process that is totally invisible to some firewalls. If your firewall fails this test, then your firewall is vulnerable to process injection.
Copycat uses direct code injection (without creating an additional thread) into a Web browser to avoid firewall detection. If your firewall fails this test, then your firewall is vulnerable to process injection.
CPIL tries to find explorer.exe and patch its memory. Then with the infected explorer.exe, CPIL attempts to transmit data to remote servers using your default browser. If your firewall fails this test, then it may fail to monitor suspicious code injection.
CPILSuite1
Passed
Passed
Kernel1b
Passed
Passed
SSS
Passed
Failed
CPILSuite2
Passed
Passed
Kernel2
Passed
Passed
Kernel3
Passed
Passed
VBStest
Passed
Failed
CPILSuite3
Passed
Passed
DDEtest
Passed
Failed
ECHOtest2
Passed
Failed
FireHole uses your default web browser to transmit data to a remote host. To do this, it installs a DLL file onto your PC in same process space as a trusted application, so it has a greater probability of accessing the Internet stealthily. If your firewall fails this test, then your firewall doesn't control applications that launch others, and is also vulnerable to DLL injection.
Flank
Passed
Failed
Kernel4
Passed
Passed
Keylog3
Passed
Failed
Keylog7
Passed
Failed
NewClass
Passed
Passed
Schedtest2
Passed
Passed
SockSnif
Passed
Passed

Tests were run using independent, publicly available leak tests from Matousec.com. Believed accurate based on research performed the week of October 14, 2009; this list of tests is not exhaustive. The ZoneAlarm Program Control was set to Maximum, the setting that most users are in by default after a short learning period.

1 Source: Singel, Ryan "Security Report: Most PCs Run Outdated, Hacker-Friendly Software", December 8, 2008
Identity and Data Protection
Windows 7 Operating System does not provide any security to specifically protect your identity or confidential data. To protect your data and identity, you should consider the following:

Identity or Data Protection

What is it?

Does Windows 7 provide this?

Does ZoneAlarm add this to Windows 7?

Credit Monitoring Services

Offline services monitor credit activity for signs of identity theft; help you recover from theft and prevent identity theft.

No.

Yes, added with:
ZoneAlarm Extreme Security
ZoneAlarm Internet Security Suite
ZoneAlarm Pro Firewall

Hard Drive Encryption for Laptops

Protects all the data on your laptop PC by encrypting it so it can only be accessed by someone with an encryption password.  (Your Windows log-on can easily be bypassed by a thief.) 

No, except in the Windows 7 Ultimate Edition commonly used by Enterprises. Does not include a password or disk recovery service for consumers.

Yes, ZoneAlarm Extreme Security adds it for a small additional cost

Antispyware and Anti-keylogging

Detects and stops spyware and keyloggers that watch what you are doing or record your keystrokes (including passwords) to send to cyber criminals.

No.

Yes, added with:
ZoneAlarm Extreme Security
ZoneAlarm Internet Security Suite
Zonealarm PRO Antivirus + Firewall

Data Backup

Lets you backup your data in case your PC is lost, stolen, or corrupted.

Yes, provides local and network backup, but does not provide a secure online backup service.

Yes, ZoneAlarm Extreme Security includes a secure online backup service

ZoneAlarm Extreme Security provides hard drive encryption that works with all Windows 7 editions as well as Windows XP and Vista. And, ZoneAlarm provides more:

  • The same Check Point encryption technology used by over 14 million people in businesses and governments around the world
  • 24/7 password and disk recovery service

In addition, to bullet-proof your data and identity, ZoneAlarm Extreme Security includes:

Do you need Hard Drive Encryption?

It's perfect for you if you...
  • Keep personal data on your laptop, such as your social security number, private photos and videos, or medical records.
  • Keep financial information on your laptop, such as bank statements or tax returns.
  • Ask your computer to remember you login and password for any shopping and banking websites.
  • Are a small business owner or professional who carries proprietary or confidential client data on your laptop.

If a thief steals your laptop, he or she can have access to all of the above by using relatively simple techniques that bypass your Windows logon name and password.

Hard Drive Encryption is what saves you from this nightmare--it makes sure that all data on your laptop does not fall into the wrong hands, even if your laptop does!

To learn more about how it works, see Hard Drive Encryption for Laptops.


ZoneAlarm is ready for Windows 7
Frequently Asked Questions
Microsoft's Windows 7 release is scheduled for October 22.
  1. Will ZoneAlarm be compatible with the Windows 7 operating system when it releases?
  2. What about ForceField, will it be compatible with Windows 7?
  3. If I have an active ZoneAlarm subscription will I be able to upgrade to the Windows 7 compatible version for free?
  4. Will ZoneAlarm products be Windows 7 certified by Microsoft when Windows 7 releases?
  5. Before Windows 7 releases, can I install ZoneAlarm 9 (2010) onto a pre-release version of Windows 7?
  6. How do I know which version of ZoneAlarm I have?
  7. Before upgrading to the Windows 7 operating system will there be anything a ZoneAlarm user needs to do?
  8. Are the ZoneAlarm Extreme Security add-on features like PC Tune-up also supported on Windows 7?
  9. How to purchase a Windows 7 ready* version of ZoneAlarm?

1. Will ZoneAlarm be compatible with the Windows 7 operating system when it releases?
Yes, ZoneAlarm users with active subscriptions (ZoneAlarm Extreme Security, ZoneAlarm Internet Security Suite, Zonealarm PRO Antivirus + Firewall, ZoneAlarm Pro, and ZoneAlarm free firewall) will be able to download a free ZoneAlarm 9 (2010) update that supports Windows 7 when it releases.

2. What about ForceField, will it be compatible with Windows 7?
The standalone ZoneAlarm ForceField product will not be compatible at the time of the Windows 7 release, but will be ready later in 2009. At that time, users with active ForceField subscriptions will be able to download a free update that supports Windows 7. 

However, the new Browser Security features included in ZoneAlarm 9 products (ZoneAlarm Extreme Security, ZoneAlarm Internet Security Suite, Zonealarm PRO Antivirus + Firewall, ZoneAlarm Pro, ZoneAlarm) will be compatible with Windows 7 upon its release.

Tip: The Browser Security features included in ZoneAlarm Extreme Security will be the same as the ZoneAlarm ForceField features. This means you could uninstall ForceField before upgrading to ZoneAlarm Extreme Security 9 (2010) and not lose any features.

3. If I have an active ZoneAlarm subscription will I be able to upgrade to the Windows 7 compatible version for free?
Yes, regardless of the version of ZoneAlarm you are running, or which operating system you are currently using, as long as you have an active ZoneAlarm license subscription, you will be able to download a free upgrade that supports Windows 7.

4. Will ZoneAlarm products be Windows 7 certified by Microsoft when Windows 7 releases?
We expect our ZoneAlarm products (ZoneAlarm Extreme Security, ZoneAlarm Internet Security Suite, ZoneAlarm Antivirus, ZoneAlarm Pro firewall, and ZoneAlarm free firewall) to be Windows 7 certified on or shortly after the Windows 7 release date.

5. Before Windows 7 releases, can I install ZoneAlarm 9 (2010) onto a pre-release version of Windows 7?
You can, but be aware that some parts of the product are still in beta with known issues for pre-release Windows 7. You can also install newer beta versions of ZoneAlarm 9 at our Beta Center.

6. How do I know which version of ZoneAlarm I have?

  1. Open ZoneAlarm and click Overview > Product Info.
  2. Your Version Information is shown at the top.

For example, "version 8.0.298.035" means you have ZoneAlarm 8.

7. Before upgrading to the Windows 7 operating system will there be anything a ZoneAlarm user needs to do?

  • ZoneAlarm 9 on Windows Vista: You will need to uninstall ZoneAlarm and install the Windows 7 compatible version of ZoneAlarm before upgrading to the official release of Windows 7.
  • ZoneAlarm 9 on Windows XP: You can upgrade to the official release of Windows 7 with your ZoneAlarm 9 product installed. You may update ZoneAlarm before or after you upgrade to Windows 7, but we recommend updating beforehand
  • Other ZoneAlarm users: If you are running a ZoneAlarm product that is older than ZoneAlarm 9, you will need to upgrade to the Windows 7 compatible version of ZoneAlarm before upgrading your operating system

8. Are the ZoneAlarm Extreme Security add-on features like PC Tune-up also supported on Windows 7?
Yes. The add-on features will also be fully supported in the Windows 7 compatible version of ZoneAlarm.

9. How to purchase a Windows 7 version of ZoneAlarm:
Please click on the appropriate product.


win 7 - windows 7 - win7