ZoneAlarm ForceField

Used by 25 people for 70 hours, 58 minutes and 34 seconds

Consider the case, spyware that cannot be detected by any AV/AS products cost starts from 100 USD. Working exploit that targets Windopws/IE with latest patches installed, starts from 3,000 USD.

So I could write spyware that will be not detectable and able to steal information for 5-10k, including bullet proof hosting and good spam attack. Price for phishing attack is even less. It will bring me more than 100k in profit easily. Seems to be good business with 10-20x times profit, with small entrance fee and no tax of course  That’s the reason behind emerging rise of spywares of all kind.

We started to think what kind of threats is most critical:
- Vast majority of threats comes from Internet;
- Protection against of 0-day attack dramatically damage usability and only experienced users could resist these attacks.
- Spyware could be installed seamlessly using exploits, BHO, ActiveX etc.
- Private information is mixed with regular information on computer and could be easily stolen.

That’s how ForceField was invented.

What ForceField is doing for you?

- It almost does not change your regular user experience providing highest security protection. Why this is so important for product? As regular user, I do want to be secure and continue regular work, and don’t spend time interacting with security software. I want bullet proof security installed on mom’s computer without explaining what is IT security and how she could identify phishing site.

- Core of the product is virtualization. Everything that happens in browsers stays in sandbox. All software that is installed inside browser like ActiveX, will stay inside the sandbox. What it means? I could visit any site and be 100% sure that nothing will be installed without my knowledge on my PC.

- Anti-phishing. We do use heuristics and phishing feed to protect you against of phishing attacks.

- Anti-spyware. Force Field scans all downloads that is going to be installed on your PC against of database of known good and known bad software.

- Anti-keylogger/Anti-screengrabber. Assume that you have some keylogging software installed on your computer. Will it be detected by AS/AV product? Probably, but you cannot be 100% sure. Even 0.1% of chance that you loose your bank account login and password way too high to take the risk. Therefore we block OS system calls that are used by keyloggers. We don’t detect them, we just block. Real example http://forum.zonelabs.org/zonelabs/board/message?board.id=ForceFieldBeta&message.id=21. Just no more keylogging and screengrabbing for any software.

- Private browser. Why do we need this mode if IE and FireFox have clean history? Answer is simple, why do I need to erase everything, if I want to erase only this session. We also encrypt everything that is written to disk and to the registry during this session. Even in the middle of session you will not be able to access any HTML page in browser cache. I don’t need to go to special menu and to perform clean, I just close browser – convenience.

- No security levels. Can you imagine that your car alarm has different security levels? Why the software should? The ForceField was designed with right security concept from the beginning. We don’t have levels and don’t ever reduce security in favor of usability.

ForceField is just usable 0day security for everyone, targeting most serious threats in current world. Simple as that.

Have a safe day,
FF team

Edit