CheckPoint Tries Adapting ZoneAlarm Brand to Hardware Router

Throughout this decade, the basic ZoneAlarm software-based firewall package has been one of the single most downloaded pieces of general-purpose software in history - our FileForum running tally on the current version of ZoneAlarm Free doesn't do it justice. So when Zone Labs' corporate parent, CheckPoint Software Technologies - which, despite "Software" being its middle name, is currently most noteworthy for its perimeter and endpoint security appliances - announced last week it's co-opting its ZoneAlarm brand for a consumer-oriented 802.11g wireless router with firewall, our first thought was, "They're putting ZoneAlarm into hardware!"

Not really. Instead, CheckPoint is working to co-opt the very popular ZoneAlarm brand as a consumer hardware brand. That's not to say its ZoneAlarm Z100G wireless router is some ordinary device with an extraordinary brand slapped on it. In a market where wireless routers are selling for around the $50 mark, CheckPoint's USD $199 price tag ($149 markdown until the end of December) suggests it needs something over and above the ordinary router.

And that's a hard case to make, because wireless routers do tend to have firewalls built-in. The premium case CheckPoint is trying to make centers around the relocation not of the ZoneAlarm we've come to know, but a different class of security software into hardware: anti-virus software.

At the router level, BetaNews was told, the Z100G will use behavioral analysis to detect whether incoming traffic has malicious intent, and can supposedly stop it cold before it reaches the network. (By contrast, ZoneAlarm software's key features are preventing unauthorized traffic from generating responses from installed software, and disallowing unauthorized software from performing unknown activities on the network.) How the Z100G will be able to detect malware without the aid of an operating system isn't quite clear, and is frankly something we'll want to see for ourselves before we pass judgment.

"Part of that intrusion prevention is looking at the traffic, making sure it's the expected use of the protocol, that it meets the specs of that protocol, that it's not having malicious traffic," CheckPoint marketing representative James Mabie told BetaNews. While typical intrusion prevention is addressed by the on-board firewall, he said, the Z100G's "VStream" technology will examine all traffic that takes place on port 80 - the most open gateway for Web browsers - to determine whether it really follows HTTP or FTP protocol. If it doesn't, it won't get through.

While the Z100G doesn't represent the relocation of ZoneAlarm off of Windows, it does send one more signal of a continuing trend in all of computing: a reduction, if not near-elimination, of reliance upon the operating system (read: "Windows") as the software upon which the security and integrity of the computing system depends.

One of the consumer benefits of the device, CheckPoint director of product management John Gable told BetaNews, is that its logs - such as its Monthly Security Reports - try harder to make sense to the layperson. "What we found is that consumers actually appreciate knowing that their security's doing something," Gable told us. "So at the end of the month, if you look at our security report, you'll see it's very, very end-user oriented - very nice graphs, pie charts, to give that consumer a clear idea of the threats that have been trying to go after their machine, and the fact that they've been stopped...This lets them know what it's doing, why it's valuable, and gives them a much better and accurate set of security as a result."

As security engineers - among them, Zone Labs' own CEO, Gregor Freund - have mentioned publicly, it seems almost ridiculous for consumers or businesses to invest tremendous amounts on security preventative measures, when their network logons are basically in the clear. Microsoft has been the company most faulted over the years with leaving the front door wide open, though more recently, the blame has shifted elsewhere.

As John Gable explained, "A lot of times, that's caused by some of the other router manufacturers, whose main purpose is to make it easier to get connectivity. So by default, they've got the wireless access turned on with no encryption, and someone who's not very sophisticated with security or even computing plugs it in, 'Hey, everything's working,' and that's all they do. So everyone who's driving by can get access to that access point and into their network."

The Z100G is actually a combination wired and wireless router, with the wireless mode turned off by default - it has to be engaged manually - and with encryption over the wireless connection enabled by default.

As a router, the Z100G supports the so-called Super-G transmission mode, at 108 Mbps, though it's not a "pre-N" or a "draft-N" router. CheckPoint's representatives couldn't tell us yet whether a "Z100N" model is in the works. The company also boasts of an "extended range," which is wide enough to raise eyebrows, if not entire heads: a reported maximum outdoor radius of 1km.

So is it time for the company to drop the "Software" moniker from its name? Surprisingly, CheckPoint general manager Laura Yecies told us, they perceive this new device as a kind of vehicle for software. "Even if we, as a company, deliver more and more hardware, the hardware isn't the interesting part of it," she remarked. "This device...is delivered to consumers as physical hardware. But all of the things that we talk about [concern] the software that's on it, and its various features, its real-time nature, and how it's updated over time. I think of it as software, although of course, it's a physical box."

With that attitude, we at BetaNews should perhaps start looking at more hardware as just software in a different kind of box.