[pdonis]

The problem with all such applications on Windows was (and probably still is) that it was too easy to install something that could bypass them at the network layer.

The other issue was that their blocking wasn't fine-grained enough; you couldn't, for example, do what others are describing elsewhere in this thread, allowing an application like firefox to connect to a particular site on a particular port only. You could only allow or block the application itself. You could tell the firewall to explicitly ask you on every request, but of course that wasn't feasible for apps like Internet Explorer. So anything that wanted to get around the firewall could just script Internet Explorer to send its request in the background and you would never see it.

[dikei]

> allowing an application like firefox to connect to a particular site on a particular port only.

Eh, this is such a basic task that even Window's built-in firewall can do it. They just do not make it very obvious in the UI.

[pdonis]

> even Window's built-in firewall can do it

If it can now, that's progress. Windows didn't even have a built-in firewall back when third-party firewalls like ZoneAlarm were popular.

[joshuaissac]

Zone Labs released ZoneAlarm in 2000. Microsoft shipped Windows XP with the built-in Internet Connection Firewall (later rebranded to Windows Firewall) in 2001. ZoneAlarm was far more intuitive to use, but there was only one year when Windows did not have a built-in firewall while ZoneAlarm already out.

[dikei]

To be fair, Window XP's firewall cannot block Outgoing connection, only Incoming. Vista SP1 and later versions of Windows include a firewall with Outbound blocking.