"ZoneAlarm does for the computer itself what it was already doing for the network," she said. The Vista firewall tracks 30 different behaviours, such as API calling, logging keystrokes or injecting code, then decides if what it's seeing is safe. If not, it shuts down the process in the same way as a more traditional firewall shuts down access to the internet when it spots a rogue.
ZoneAlarm's delay had nothing to do with the brouhaha last year over access to the kernel in the 64bit version of Vista, Yecies said. Last autumn several security vendors including Check Point rivals Symantec and McAfee pressed Microsoft to back off its PatchGuard kernel-protection technology. Eventually, Microsoft agreed. In December, Microsoft released draft APIs.
"Interesting questions, but it was a separate issue," said Yecies, who then launched into criticism of PatchGuard and Microsoft's APIs.
"They won't solve the problem [of hackers cracking the kernel]," she said. "If there is some new unknown threat in the future, the APIs won't help you. [Microsoft] would need to react, update and distribute the APIs to millions."
Yecies drew a line in the sand. "We're going to do whatever it takes to protect customers, even if it means hacking PatchGuard."
The free ZoneAlarm firewall is available for download from the Check Point site. ZoneAlarm Internet Security Suite 7.1, priced at $39 (£21) is also available.