XP SP2 Firewall vs Zone Alarm

Contributor Icon Contributed by MickeyMouse Date Icon August 11, 2004  
Tag Icon Tagged: Windows

This recipe explains the major difference between zone alarm and the firewall that ships with XP Service Pack 2.


With SP2, XP finally has a built-in firewall. Great for the internet as a whole; bad for the companies that produce other software firewalls.

Now that XP comes with a firewall, should the average user uninstall and forget about their favorite software firewall?

No! Software firewalls do something that SP2’s firewall does not do–block and filter outbound connections as well. The quote from Microsoft: “Windows Firewall will automatically allow all outbound connections, regardless of the program and the user context.”

Why block outbound connections? Software packages send information back to “home-base” all the time. Spyware can collect information and send it back to the author. These are invasions of your privacy that Zone Alarm and most other software firewalls stop.

SP2’s firewall will be good because it will decrease the number of targets for hackers and authors of spyware. Users who are not experienced enough to install a software firewall will have an easy option available to them and turned on by default. SP2’s firewall be also be very unlikely to have a lot of conflicts on the long run.

Should you run both? I do not think anybody is going to recommend that. You are just asking for troubles and conflicts.

Most experienced users will and should prefer a software firewall over the one included in SP2.

You May Download ZoneAlarm Pro Here

Previous recipe | Next recipe |
 

Viewing 13 Comments

    • ^
    • v
    gotta ? for ya..

    is this firewall an improvement in the current one? (i run xp professoinal build 2600)

    or a totallly new application?

    just curious, i guess i'll find out in ... 24 minutes.. hehe...

    good recipes, again! helpful for us xp sp2 noobs.. haha..
    peace
    • ^
    • v
    <ul id="quote"><h6>seamonkey420 wrote:</h6>gotta ? for ya..

    is this firewall an improvement in the current one? (i run xp professoinal build 2600)

    or a totallly new application?

    just curious, i guess i'll find out in ... 24 minutes.. hehe...

    good recipes, again! helpful for us xp sp2 noobs.. haha..
    peace</ul>

    The firewall is much better than the default firewall. For example, the old firewall would not work if you were on a home network. The other firewall just blocked some ports and did not request permission (a la zone alarm) like this one does.

    I am still using Zone Alarm 4.5... but when I upgrade my family's systems, I'll probably just install SP2 and forget about it. It's good enough for your average system.
    • ^
    • v
    I have upgraded to SP2 and the firewall is active and I also have zonealarm running at the same time.

    I havent had any problems yet :)

    If and when I do I will stop the new xp firewall.

    Has anyone else had a conflict?
    • ^
    • v
    There shouldn't be any conflict. You are just introducing an extra variable in the equation that doesn't have to be there.

    I think most people agree that zone alarm is much better. Why put yourself through the chance of it causing trouble? Plus, it's an added component... and extra thing running slows down your computer just a little.

    If you really want duplicate protection, get a hardware firewall to compliment your software firewall. You just don't gain anything by using two software firewalls.
    • ^
    • v
    SP2 windows firewall does block outbound traffic, unlike the original xp firewall.
    http://www.microsoft.com/windowsxp/using/securi...

    http://www.microsoft.com/windowsxp/using/securi...
    • ^
    • v
    <ul id="quote"><h6>Buick6siX wrote:</h6>SP2 windows firewall does block outbound traffic, unlike the original xp firewall.
    http://www.microsoft.com/windowsxp/using/securi...

    http://www.microsoft.com/windowsxp/using/securi...>

    I didn't see that fact in either of the pages that you referenced... I am pretty sure that the new firewall does not block outgoing traffic.

    Can you quote the information where it says that the new firewall does, please?
    • ^
    • v
    i still ran my webserver... with sp2..

    maybe its your routers firewall???
    did you open up the appropriate ports in the xp firewall program??
    • ^
    • v
    I think that the articles state that all internet connections are blocked (incoming and outgoing) except where exceptions are made.

    I may be wrong on this though, as you say, there is no specific mention to the outbound traffic (such as when ZA asks for permission and digitally signs each exe to prevent spoofing and allowing trojans, spyware, and such from connecting). But that's how I read into it. :)
    • ^
    • v
    <ul id="quote"><h6>Buick6siX wrote:</h6>SP2 windows firewall does block outbound traffic, unlike the original xp firewall.
    http://www.microsoft.com/windowsxp/using/securi...

    http://www.microsoft.com/windowsxp/using/securi...>
    • ^
    • v
    I just read and am attempting to apply the tech-recipe on same topic. The only way I can regularly access websites is to turn off Zone Alarm (v5), although previously I had security setting for XP set to turn off SP2's firewall. Found a conflict between the two with the SP2 version off... Odd. Have invested in ZA and want to use it. Can you help?
    Drew
    • ^
    • v
    I have just installed SP2 and I cannot use my wifi network to ftp files outward when Zone Alarm is running even tho I have disabled the SP2 firewall. But if I shut ZA down I have no probs.
    • ^
    • v
    <ul id="quote"><h6>Buick6siX wrote:</h6>SP2 windows firewall does block outbound traffic, unlike the original xp firewall.
    http://www.microsoft.com/windowsxp/using/securi...

    http://www.microsoft.com/windowsxp/using/securi...>

    None of these pages makes any reference directly or indirectly to blocking outbound/egress traffic. I have found that the WinXP SP2 firewall supports only very limited blocking of outbound traffic (only ICMP).

    Generally speaking, traffic is allowed outbound. Otherwise, how could you browse the web or send IM's without making an exceptions for your web browser or IM client?

    As a more technical example, the firewall blocks inbound but not outbound packets with an IP protocol of ESP (ESP is a protocol that is used by some IPSEC VPN's). I have found no way to allow ESP inbound, so one could say that it always blocks inbound ESP. However, it always allows it outbound.

    The only outbound filtering of which I've found the firewall capable is blocking certain types of ICMP. I have seen no way through the GUI or netsh interfaces to make it filter other kinds of traffic outbound.

    Generally, it allows all outbound traffic and blocks all inbound traffic except by exceptions and "advanced" ICMP settings. Exceptions can only be made for TCP and UDP traffic, and again, only for inbound traffic.

    The only two references on those two pages (and the other page in that set of pages) as of today 11/6/04 are:
    <ul id="quote"><h6>http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx wrote:</h6>When someone on the Internet or on a network tries to connect to your computer, we call that attempt an "unsolicited request." When your computer gets an unsolicited request, Windows Firewall blocks the connection.</ul>
    <ul id="quote"><h6>http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfexceptions.mspx wrote:</h6>If you're running Windows XP Service Pack 2 (SP2) the Windows Firewall is turned on by default. This means that most programs will not be allowed to accept unsolicited communications from the Internet unless you choose to list those programs as exceptions.</ul>

    Both of these imply inbound blocking and session/connection tracking (the technology that lets the firewall tell when a packet is part of a stream related to some previous packets). That implies that the firewall will look at the packets that are going out, to help block future packets that could be related. It does not state or imply in any way that filtering is possible on outbound traffic, even if it is inspected.

    To explain all of this in an editorial voice, I'd say that it is a personal firewall, and has more advanced technical limitations than some other personal firewalls. However, its interface and control is nice, including domain controls. If more advanced features are added, it could be a production-ready product. I like it, but it's immature.
    • ^
    • v
    <ul id="quote"><h6>Paul wrote:</h6>I have upgraded to SP2 and the firewall is active and I also have zonealarm running at the same time.

    I havent had any problems yet :)

    If and when I do I will stop the new xp firewall.

    Has anyone else had a conflict?</ul>

    hi yeah my comp is now running xps sp2 and i can put zone alarm older vertion but then when i run it it wants to update then when updat is done and i restart comp i get blue warning screen saying it has halted xp if i then go to saft mode and delte the zone alarm it is well agen i really liked zone as you could tinker with it tweek it a little to ur own liking any info im running a phillips pre built comp from pc world 3200 mhz 800 fsb great little bit of kit my darling but not sure weather to turn of sp2 or have zone
    many thanks to whome has any ideas
 
close Reblog this comment
Powered by Disqus · Learn more
blog comments powered by Disqus