世界著名防火墙最新测评报告的详细解读ZoneAlarm篇(原版翻译)
来自:MACD论坛(bbs.macd.cn)
作者:govyvy
浏览:2209
回复:1
马上注册,结交更多好友,享用更多功能,让你轻松玩转社区。
您需要 登录 才可以下载或查看,没有帐号?立即注册
x
感谢大家有兴趣浏览这篇翻译的文字,我想先说明一下:该篇文章取自www.matousec.com,由于该公司是专业的安全性产品评估测试公司,因此其发表的结论性报告有一定的参考价值,同时该公司还是一家测试并出售Bug产品的商业公司,其对送测安全类产品的标准相当的严格,评论近乎严苛,所以不管您是哪款防火墙产品的拥护者,阅读本文请以平和的心态面对,说到底,防火墙的实际应用和实验室测试还是有比较大的区别,一款产品是否好用,只有使用者心里最清楚,世界上没有完美的防火墙,只有最适合自己的防火请,发表这些文字只是希望对大家在选择该类产品时提供必要的参考资料。原文地址http://www.matousec.com/projects/windows-personal-firewall-analysis/results.php,感兴趣的朋友可以浏览。
该测评项目的所有防火墙测试报告译文已经汇总发布,请到http://bbs.hypost.cn/read.php?tid=116235查阅
ZoneAlarm Pro 6.1.744.001 - Review
ZoneAlarm Pro is the leading product on the field of personal firewalls. Its users are given pleasant interface for the administration and control. However, its security is very poor and we do not recommend ZoneAlarm Pro for any serious use.
ZoneAlarm Pro 6.1.744.001-概览
ZoneAlarm Pro是个人防火墙领域的领军产品,为用户提供了亲切友好的管理和控制界面,然而,在安全性方面ZoneAlarm还是存在很大的不足,因此我们不推荐用于高安全性要求的领域。
Tested version
The trial version of ZoneAlarm Pro was recommended to us by its vendor Zone Labs as the representative firewall product from ZoneAlarm product family. Zone Labs offers only one better product which is called ZoneAlarm Internet Security Suite but its firewall engine is the same as in Pro version and it just contains features like Antivirus Protection or Spam Blocker we are not interested in our personal firewall analysis. ZoneAlarm product family took the first place in our survey we made before we started with the Windows Personal Firewall analysis project.
The full version of ZoneAlarm Pro with one year updates is available for $49.95. For the same price you can buy ZoneAlarm Internet Security Suite also with one year updates. There exists a free (non-business use only) version of ZoneAlarm called simply ZoneAlarm. A comparison table of these products together with download of trial and free versions is on the ZoneAlarm's website.
测试版本
参加测试的ZongAlarm Pro版本是由开发者Zone实验室作为其ZoneAlarm家族的代表性产品而推荐给我们的。虽然Zone实验室还提供了一款据说更加出色的产品-----ZoneAlarm网络安全套装,但是因为该产品的防火墙功能的核心和专业版并无二致,并且其包含的诸如病毒防护或间谍程式防护等特色功能并不在我们这次针对个人防火墙所进行的分析范围内,(此没有选择作为测试对象)在此测试之前,ZoneAlarm产品家族在我们进行的调查中获得了最高的用户认可度。
要想获得附带一年更新权限的完整版ZoneAlarm Pro需要支付49.95美金,而同样的价格您也可以购买一年更新的ZoneAlarm网络安全套装产品。同时Zone实验室还提供一款名为ZoneAlarm简化版的免费产品(非商业用途版),在其官方网站上公布了所有相关产品的信息对比表,并同时提供体验版以及免费版的下载。
Installation and initialization
The analysis started by downloading the latest available version which was 6.1.744.001. The installation process delighted us with a well-developed installation wizard. It is easy and fast to go through the whole installation. During the installation you have to reboot the operating system before ZoneAlarm starts to work. You are asked to fill in some basic information about your computer. ZoneAlarm adapts to your environment based on your answers. Every question you are asked is clear and well described so even basic users should have no problems with this part of installation. The only thing we were missing in the installation process was a chance to set a password to protect ZoneAlarm settings. During the installation ZoneAlarm also initializes its database. Our installation was also completely trouble-free and thus ZoneAlarm Pro received no penalty for the installation process.
安装和初始化
我们的分析基于所下载的最新版本,版本号6.1.744.001。良好的设计使程序的安装过程非常顺利,简单迅速,令人满意。在ZoneAlarm开始运作前,您需要在安装程序执行完毕后重新启动您的电脑,同时需要填写一些关于您的计算机的基本信息,ZoneAlarm将根据您的回答进行自适应的调整或设置。每一个被询问的问题都被设计的很明确并且描述得很详细,所以即使是初级用户在回答的时候也不会有任何的障碍。在安装过程中,ZoneAlarm将同步初始化数据库,而唯一缺漏的是不能设置密码以保护防火墙的设置。总体上,该产品的安装很简便,因而在该环节我们给予ZoneAlarm Pro满分。
Hardware requirements
ZoneAlarm Pro is very robust application. Its hardware requirements are quite high for a personal firewall product. It uses over 24 MB RAM and it reduces the computer performance by about 20%. On the other hand these values are hardly noticable on todays computers. However, the unpleasant effect of installed ZoneAlarm is a little slowdown of new application running. When a program is run for the first time on your computer ZoneAlarm does not know it and it takes a while until it is run. This can be very bothersome if you often work with newly downloaded programs.
硬件要求
ZoneAlarm Pro是款“大块头”的产品,就个人防火墙来说,它的硬件要求非常高:24M的内存占用以及20%的计算机运行效率的损耗,当然,以现在电脑的配置来看,这些都是可以被忽略的参数。然而,安装了ZoneAlarm后会稍稍阻滞新安装应用程序启动速度,这对使用者多少显得不便:当某程序在您的电脑上初次运行的时候,如果ZoneAlarm未曾识别,那在该程序正常运作前将需要耽搁一会,如果您经常利用新下载的程序,那这对您也许是个小麻烦。
Common behaviour and control
The Control Panel is well designed as all other components of ZoneAlarm Pro. All kinds of users are given easy to use and powerful interface to set many details and control the behaviour. After the installation ZoneAlarm runs in the learning mode and it can be switched to the fully automated mode anytime. It is also possible to block all network activity with one click and thus prevent uncovered malicious software to communicate with the Internet immediately. However, we have also found smaller imperfections during common run. In a few situations dialogs of ZoneAlarm are not fully accurate, userful, or they mislead the user. We can mention the component control alert that informs the user about a new library in trusted software and it asks user to decide whether or not to allow privileged action. Although the user has a chance to see more information about these libraries the information there is useless and contain no important information for the user to make a correct decision. Another example is the alert of inbound protection control which asks user whether or not to allow an untrusted application to act as a network server. However, if the user denies the action the application will still run as the network server and the user is asked again when a network client connects to this server. In fact these imperfections do not present any security problems but should be revisited by a vendor and improved. And this is why ZoneAlarm Pro did not receive 100% but 95% in Easy of use classification.
习惯性应用和控制
ZoneAlarm Pro的控制面板设计得和它的各种组件同样出色。所有的用户都很容易上手,根据使用习惯进行设置或者对一些细节进行设定。安装完成后,ZoneAlarm默认在学习模式下运行,并可以随时切换到全自动模式,它还包括了阻止一切网络活动的一键锁定功能,以防止被侦测到的恶意软件与互联网的实时通讯。但是,在进行普通运作的时候,我们也发现了一些瑕疵:某些情况下,ZoneAlarm的对话信息并不准确有效甚至会误导使用者。我们提到过程序控制警告,能够告知使用者关于可信任软件的中的一个新的程序档案库并询问是否许可放行,尽管用户可以了解到更多的该程序档案库的信息,但是这些信息对于用户的正确决策都是无足轻重或者根本无效的。另一个例子是入站保护警告,即询问用户是否允许将一个未信任的应用程序设为网络服务器,即便用户选择不允许,这个程序依然会作为网络服务器运作并且当有网络客户端程序访问这个服务器的时候,用户将再次被询问同样的问题。上述的弊病虽然从实际应用上不会表现为任何安全方面的问题,但确实需要开发者的检讨和改进。这也正是为什么在易用性环节ZoneAlarm未得满分而只获得95%评分的原因。
Security
The most important thing on the security product is the security. This is the part of the analysis in which we pay extreme attention to all details to find every possible security vulnerability. As we can say ZoneAlarm Pro is outstanding or at least better-than-average in all other parts we can also say that this product totally failed during this part of our analysis. The first phase security testing of ZoneAlarm Pro resulted in unexpected amount of bugs. We have found over 30 bugs in which about 15 are critical. This would be simply too much even for the extensive analysis of ZoneAlarm's source codes but we have found so many bugs in the first phase of our analysis testing only a limited set of situations and features with our own methods and tools without any source code of ZoneAlarm Pro leaving the most common personal firewall problems to next phases. It looks like ZoneAlarm Pro was not betatested at all for the security issues. Its programmers lack important knowledge needed for writing security products for Windows NT operating systems. Our conclusion is that the level of security protection offered by ZoneAlarm Pro is insufficient for any kind of utilization. You can see public information about ZoneAlarm's bugs in the following sections below.
安全性
作为安全类产品来说,安全性是最重要的性能指标,也是在这个测试中我们投入了特别精力部分,我们针对所有的细节去寻找每一个可能的漏洞。我们可以将ZoneAlarm评价为一款出色的,或者至少目前在其他所有方面(安全性除外)都超越了平均水准的产品;但我们也可以对它作出这样的评价:在我们的安全性分析环节,ZoneAlarm完败。对ZoneAlarm的第一轮安全性测试就暴露出了出人意料多的Bug,在我们发现的超过30个的Bug中有15个属于关键性Bug。也许利用ZoneAlarm的原代码进行大量的分析的方法,取得结果也许会更加的简单,但是我们在第一轮的安全测试中只使用了我们自己独特的方法和工具,并且只对测试环境进行了有限的设置,而排除了对ZoneAlarm Pro的原代码的测试,(和参加测试的其他防火墙原码相比),这些原代码同样存在的普遍性问题将面临下一轮的分析。(从第一轮的分析结果看),似乎ZoneAlarm Pro并没有针对安全性项目进行全面的测试,它的程序员缺乏为Windows NT操作系统编写安全类产品所必须的重要知识。我们的结论是:ZoneAlarm Pro所提供的安全水准并不能覆盖所有类型的需要,在下一部分您将看到有关ZoneAlarm的Bug的公布信息。
Open private bugs
The following list contains open bugs that are private. This means that their names, descriptions, testing methods and testing programs are not available for free. You can buy private information about a single bug or you can buy the full analysis. The following list is sorted by the bug penalty, the higher penalty means the more dangerous bug. Check the methodology reference for details about used terms.
公布的隐私信息Bug
下面的列表列出的是具有隐私性质的Bug,也就是说表上的每一个Bug的名称、描述、测试方式、测试项目都不是免费使用的。您可以选择购买单个Bug的分析信息或者购买全套的分析信息。列表按照Bug的危害性进行了归类分级,级别越高意味着这个Bug的危害性越高。(略掉细节,仅仅罗列Bug名称和危害等级)
BUG00000P000ZA BUG00012P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bugs 关键性Bug
BUG00032P000ZA BUG00020P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bugs 关键性Bug
BUG00019P000ZA BUG00017P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bug 关键性Bug
BUG00018P000ZA BUG00026P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bugs 关键性Bug
BUG00030P000ZA BUG00025P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bugs 关键性Bug
BUG00031P000ZA BUG00007P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bugs 关键性Bug
BUG00024P000ZA BUG00024P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bugs 关键性Bug
BUG00021P000ZA BUG00028P000ZA
Risk:Critical bugs 关键性Bug Risk:Critical bugs 关键性Bug
BUG00013P000ZA BUG00001P000ZA
Risk:Serious bugs 严重性Bug Risk:Serious bugs 严重性Bug
BUG00010P000ZA BUG00011P000ZA
Risk:Minor bugs 微小性Bug Risk:Minor bugs 微小性Bug
BUG00003P000ZA BUG00004P000ZA
Risk:Serious bugs 严重性Bug Risk:Minor bug 微小性Bug
BUG00016P000ZA BUG00034P000ZA
Risk:Minor bugs 微小性Bug Risk:Minor bug 微小性Bug
BUG00009P000ZA BUG00015P000ZA
Risk:Minor bugs 微小性Bug Risk:Minor bug 微小性Bug
BUG00023P000ZA BUG00027P000ZA
Risk:Minor bugs 微小性Bug Risk:Minor bugs 微小性Bug
BUG00014P000ZA BUG00022P000ZA
Risk:Minor bugs 微小性Bug Risk:Minor bugs 微小性Bug
BUG00022P000ZA BUG00005P000ZA
Risk:Minor bugs 微小性Bug Risk:Unimportant bug 非重要性Bug
BUG00033P000ZA BUG00008P000ZA
Risk:Minor bugs 微小性Bug Risk:Minor bugs 微小性Bug
原帖转自绅博论坛
[ 本帖最后由 govyvy 于 2007-10-21 16:17 编辑 ] | 
发表于 2007-10-21 15:54
|
楼主|
发表于 2007-10-21 15:58
|
陕ICP19026207号—2 陕ICP备20004035号
