ZoneAlarm Anti-Ransomware review

ZoneAlarm Anti-Ransomware is a standalone tool which runs alongside any antivirus package to keep your system ransomware-free.

The program doesn't use signatures, or waste your time and bandwidth with constant updates. Instead, it monitors process activities to detect and block anything suspicious, allowing it to catch even the very latest ransomware strains.

It can take time to understand what a process is doing, which means some files may be encrypted before the threat can be stopped. But ZoneAlarm Anti-Ransomware covers that eventuality, too, by tracking file changes and automatically recovering anything you might have lost.

• You can sign up for ZoneAlarm Anti-Ransomware here

There is one notable issue here, and that's the cost. While many anti-ransomware tools are free, ZoneAlarm's app costs £1.99 ($2.50) a month – £23.88 ($30) a year – to cover a single PC. To put that in perspective, Webroot's SecureAnywhere AntiVirus is a full antivirus package, with a specific anti-ransomware module, and its first year of protection will cost you only £22.49 ($28).

ZoneAlarm Anti-Ransomware clearly isn't for bargain hunters, then, but could it be worth the premium price? That’s exactly what we’re going to find out.

• These are the best free anti-ransomware tools

Setup

ZoneAlarm Anti-Ransomware offers a 30-day trial, but getting hold of this takes a little work. You must register with the company, hand over your payment details and set up a subscription before you can download the product. There's no charge for the first month, though, so as long as you cancel during the trial period you won't pay a penny.

Once you finally get hold of the installer, setup is straightforward. Download, run, a message tells you that you're protected and there's nothing more to do.

Checking ZoneAlarm's executables revealed a mess of files from various products and developers, some digitally signed, some not. We've sometimes found this to be an indication of a package with unexpected vulnerabilities. That seems less likely from such an experienced developer, though, and our test attacks weren't able to stop ZoneAlarm's processes or delete its files.

ZoneAlarm Anti-Ransomware uses a little more system resources than some of the competition, with at least three background processes grabbing almost 50MB RAM. Still, that's unlikely to have any significant impact on most users.

Operating the program is easy, mostly because it has barely any controls at all. Right-clicking the system tray icon displays options to turn protection on or off, double-clicking shows an About box, and the feature list stops there.

This could be a little too basic. In particular, we'd like to see some form of whitelisting system to deal with software which is incorrectly blocked. Still, ZoneAlarm Anti-Ransomware's simplicity does have a lot of appeal, and most people will probably be able to install it on their system and forget it's even there.

Performance

ZoneAlarm Anti-Ransomware promises it can ‘ransom-proof’ your PC, but does it really deliver? To find out, we installed it on a test system, and then introduced it to Cerber, one of the most dangerous ransomware types around.

Most security tools block Cerber almost immediately. ZoneAlarm Anti-Ransomware took a couple of minutes, but it got there eventually, closing the Cerber process, removing the executable and restoring any encrypted files.

Oddly, we didn't see any alert while this was happening, or afterwards. Security software should be able to make important decisions on its own, but if a user has somehow downloaded and run ransomware, they need to know about it.

Our next test involved RanSim, an interesting tool which simulates 10 types of ransomware behaviour, and tells you how many were blocked.

We launched RanSim, then watched as the tests ran to completion and the program told us nothing had been blocked. Was this a ZoneAlarm failure? No: as with Cerber, the program had just been taking its time to make a decision.

A few seconds after RanSim ended, ZoneAlarm Anti-Ransomware displayed an alert, listed the affected files and offered to repair them. It also removed the RanSim executable and instructed us to "reboot as soon as possible to fully treat ransomware", exactly the kind of warning users need. We don't know why this wasn't shown during the Cerber test, but presumably it was some bug or other temporary issue, and not ZoneAlarm's standard procedure.

Finally, we turned to RanTest, a ransomware simulator of our own. This is extremely basic and makes no effort to hide what it’s doing, but as we've never released it, we also know it's not something ZoneAlarm Anti-Ransomware would have seen before.

We launched RanTest and waited for ZoneAlarm to kick in. And waited, and waited, and waited. Unfortunately, it ignored RanTest entirely, allowing it to encrypt more than 6,600 files in our test folder tree.

There could be reasons for this. RanTest isn't real ransomware and it didn't reach out beyond its test folder tree, so ZoneAlarm could argue that ignoring the program's activities was the right thing to do.

On balance, we think this was probably the wrong decision. Allowing an unknown, unsigned program to encrypt thousands of files within minutes seems to us like too much of a risk, which is probably why most other anti-ransomware tools stop RanTest immediately.

Still, the fact remains that ZoneAlarm Anti-Ransomware blocked our real-world ransomware, and we can't mark it down too much for ignoring a simple test app. Whatever its failings, the program protects you from at least some ransomware, and could easily save you from a major data disaster.

Final verdict

ZoneAlarm is very easy-to-use, and successfully blocked real-world ransomware attacks during testing. But we're not convinced that it offers more protection than you'll get with the free anti-ransomware competition.

• We've also highlighted the best antivirus