Rubbish! Zone Alarm is spyware! It “phones home” every few minutes, and transmits a variety of your personal data to several companies. This is well-documented. ZA may block OTHER outgoing traffic, but at what cost?

Paul wrote:

I have upgraded to SP2 and the firewall is active and I also have zonealarm running at the same time.

I havent had any problems yet :)

If and when I do I will stop the new xp firewall.

Has anyone else had a conflict?

hi yeah my comp is now running xps sp2 and i can put zone alarm older vertion but then when i run it it wants to update then when updat is done and i restart comp i get blue warning screen saying it has halted xp if i then go to saft mode and delte the zone alarm it is well agen i really liked zone as you could tinker with it tweek it a little to ur own liking any info im running a phillips pre built comp from pc world 3200 mhz 800 fsb great little bit of kit my darling but not sure weather to turn of sp2 or have zone
many thanks to whome has any ideas

Buick6siX wrote:

SP2 windows firewall does block outbound traffic, unlike the original xp firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfexceptions.mspx

http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx

None of these pages makes any reference directly or indirectly to blocking outbound/egress traffic. I have found that the WinXP SP2 firewall supports only very limited blocking of outbound traffic (only ICMP).

Generally speaking, traffic is allowed outbound. Otherwise, how could you browse the web or send IM’s without making an exceptions for your web browser or IM client?

As a more technical example, the firewall blocks inbound but not outbound packets with an IP protocol of ESP (ESP is a protocol that is used by some IPSEC VPN’s). I have found no way to allow ESP inbound, so one could say that it always blocks inbound ESP. However, it always allows it outbound.

The only outbound filtering of which I’ve found the firewall capable is blocking certain types of ICMP. I have seen no way through the GUI or netsh interfaces to make it filter other kinds of traffic outbound.

Generally, it allows all outbound traffic and blocks all inbound traffic except by exceptions and “advanced” ICMP settings. Exceptions can only be made for TCP and UDP traffic, and again, only for inbound traffic.

The only two references on those two pages (and the other page in that set of pages) as of today 11/6/04 are:

http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx wrote:

When someone on the Internet or on a network tries to connect to your computer, we call that attempt an “unsolicited request.” When your computer gets an unsolicited request, Windows Firewall blocks the connection.

http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfexceptions.mspx wrote:

If you’re running Windows XP Service Pack 2 (SP2) the Windows Firewall is turned on by default. This means that most programs will not be allowed to accept unsolicited communications from the Internet unless you choose to list those programs as exceptions.

Both of these imply inbound blocking and session/connection tracking (the technology that lets the firewall tell when a packet is part of a stream related to some previous packets). That implies that the firewall will look at the packets that are going out, to help block future packets that could be related. It does not state or imply in any way that filtering is possible on outbound traffic, even if it is inspected.

To explain all of this in an editorial voice, I’d say that it is a personal firewall, and has more advanced technical limitations than some other personal firewalls. However, its interface and control is nice, including domain controls. If more advanced features are added, it could be a production-ready product. I like it, but it’s immature.

Buick6siX wrote:

SP2 windows firewall does block outbound traffic, unlike the original xp firewall.
http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfexceptions.mspx

http://www.microsoft.com/windowsxp/using/security/internet/sp2_wfintro.mspx ]]> http://www.tech-recipes.com/rx/561/xp_sp2_firewall_zone_alarm/comment-page-1/#comment-656 destroyer Mon, 13 Sep 2004 23:22:09 +0000 guid-fix-me!#comment-656 I think that the articles state that all internet connections are blocked (incoming and outgoing) except where exceptions are made. I may be wrong on this though, as you say, there is no specific mention to the outbound traffic (such as when ZA asks for permission and digitally signs each exe to prevent spoofing and allowing trojans, spyware, and such from connecting). But that's how I read into it. :) I think that the articles state that all internet connections are blocked (incoming and outgoing) except where exceptions are made.

I may be wrong on this though, as you say, there is no specific mention to the outbound traffic (such as when ZA asks for permission and digitally signs each exe to prevent spoofing and allowing trojans, spyware, and such from connecting). But that’s how I read into it. :)

maybe its your routers firewall???
did you open up the appropriate ports in the xp firewall program??