Story: SP2's firewall is not good enough

Posted by: Sean Vickery (Friday 10 December 2004, 7:28 AM)

ZoneAlarm has what you would call 'cloak mode' .. Zone Labs call it 'stealth mode'. Nice feature. It's in the free version.

ZoneAlarm's stealth mode is imperfect: it makes DNS lookups on the IPs of incoming probes. A sophisticated attacker could get access to these DNS packets and determine from them that your computer exists. Zone Labs do not provide a way to provide feedback directly to them about their free product -- only via forums, and the non-employee zealots there deny that this is even a problem -- so I am stumped how to log this as a bug with them.

ZoneAlarm is compatible with Norton AntiVirus. ZoneAlarm actually keeps an eye on AntiVirus's definitions file and warns you if you don't have the latest definitions.

In case I misunderstood your question, I guess ZoneAlarm is INcompatible with Norton Personal Firewall (NPF). I tried NPF, though, and found it considerably lacking compared to ZoneAlarm.

While I write this, I would like to thank Joe Smith for his comment on this topic. Neil Roy's unsubstantiated comment threw into doubt for me whether SP2's firewall blocks outgoing traffic or not, even though David Berlind is quite clear that it doesn't. I am keen to learn what exactly SP2's firewall does before deploying it on clients' computers. I think I am clear now: SP2: no outbound blocking; ZoneAlarm: outbound blocking.