Precise security with "per application" security zones

Many personal security products divide the entire network into two main zones: Trusted and Unsafe. Trusted zone includes the computer under protection and (possibly) the local network (if any) and allows any network operations. These operations are expected safe because the zone is trusted.

Unsafe zone is the all the other network, that is unknown and as the result unsafe. This principle works fine but it could be significantly improved by "Application's Zone" approach.

Suppose that a computer has a number of applications (stand-alone or system dependant). The system itself (operation system) could be assumed as a special application too because it is independent participant of the network interaction providing disk and printer sharing and so on. Each of this application could have its own creation of zone safety.

Consider several applications in terms of zone trust

Internet Explorer (or another Web browser) needs to have the access anywhere inside the local network as all over the world too. There is no special trust difference between local and internet access of a web browser.

Outlook (or another e-mail program) needs the access to correspondent mail (POP3/IMAP/SMTP) server only. It could be strange (as the result unsafe) for access anywhere else.

Antivirus could obtain its updates only at the AV developers' site and nowhere else. For that reason, Antivirus's trust zone is only one host in the internet.

"System" application could be configured with disk sharing (for example) very precisely and be allowed accessing to (and separately from) several separately determined PCs in LAN.

As the result, Application's zone is more safe and reliable approach to protect your computer. It only expands the traditional method.

If you suddenly want to use habitual zone method, you could create only one zone that fully enables only local network traffic and apply that zone to all the applications.

Zone Override
Zone override also expands the traditional point of view. It is usually to have a "panic button" to disable all traffic and (vice versa) a button to disable the guard temporarily (enable all traffic). "Zone Override" can significantly expand this approach.

You can use a single zone to use with all the applications saving separate application-specific settings. If you set "Disable All" zone as Zone override you will block all the network traffic. "Enable All" disables all the traffic and stops the guard.

However, you could set "LAN Only" zone as Zone override and fill free only in the local network. More than that, you could use temporarily any zone including custom created one to trust temporarily in your "maternal" computer only.