It can be argued that no, it's not necessary. Depends on your configuration. For home systems, for example, you normally have a limited number of systems inside the network, and those few systems are in turn shielded by a NAT'ed router.
ZoneAlarm does offer more refinement and reporting of what is running and trying to access the network, though. As I recall it was more involved to set up (it would prompt me when any new program or updated program was trying to access network functions) and you would allow/disallow individually; it gave statistics on what is running, and you could "shut down" network access for everything with a click.
Windows firewall works, but reporting tends to suck, and it's not quite as fine-grained.
It's been awhile since I used ZoneAlarm but that's what I remember of it. I often wished the controls to Windows' built-in firewall were like ZoneAlarm. I thought of it as kind of like Process Explorer from Sysinternals is to Task Manager. They both perform similar functions, but man...process explorer is nicer. But not necessary, per se.
Plus ZoneAlarm gives you more control, which means it's more confusing for the layperson. Techies, sure. Average users will just click through whatever pops up. So it's not something to install on Mom's computer and walk away.
If you want to keep people out then the Windows firewall is just fine (arguably you don't even need that if you're behind a NAT'ing firewall/router).
Where Zonealarm or other firewall products step in is to give you better visibility and control over what's making connections, in particular outbound connections.
As Bart points out, the down side is that you can get bombarded with "Do you want to allow xyz.exe to access the internet" and it can be confusing for a technical person, let alone someone who just wants to surf the web in peace and safety.
Two words: egress filtering. Blocking inbound connections, as the Windows firewall does by default, is great, but best practices include filtering outbound traffic as well. Yes, sometimes this is annoying for users, so choose your software firewall solution or suite carefully, and spend some time up front allowing your known good applications the outbound access they require. Automate this or use configuration files where you can if you have a lot of systems to configure this on.
Zonealarm was a great suite a few years ago, but we evaluated endpoint security software options recently for our company and found Symantec Endpoint Security to have the most hassle-free, hands-off firewall setup. It's remarkable how well it recognizes legitimate traffic ad how little it bugs you. Having said that, we went with ESET Smart Security for a variety of other (good) reasons, and while ESET's firewall is nice, it's a LOT more likely to throw up annoying Allow/Deny confirmations to users than Symantec.
It can be argued that no, it's not necessary. Depends on your configuration. For home systems, for example, you normally have a limited number of systems inside the network, and those few systems are in turn shielded by a NAT'ed router.
ZoneAlarm does offer more refinement and reporting of what is running and trying to access the network, though. As I recall it was more involved to set up (it would prompt me when any new program or updated program was trying to access network functions) and you would allow/disallow individually; it gave statistics on what is running, and you could "shut down" network access for everything with a click.
Windows firewall works, but reporting tends to suck, and it's not quite as fine-grained.
It's been awhile since I used ZoneAlarm but that's what I remember of it. I often wished the controls to Windows' built-in firewall were like ZoneAlarm. I thought of it as kind of like Process Explorer from Sysinternals is to Task Manager. They both perform similar functions, but man...process explorer is nicer. But not necessary, per se.
Plus ZoneAlarm gives you more control, which means it's more confusing for the layperson. Techies, sure. Average users will just click through whatever pops up. So it's not something to install on Mom's computer and walk away.
If you want to keep people out then the Windows firewall is just fine (arguably you don't even need that if you're behind a NAT'ing firewall/router).
Where Zonealarm or other firewall products step in is to give you better visibility and control over what's making connections, in particular outbound connections.
As Bart points out, the down side is that you can get bombarded with "Do you want to allow xyz.exe to access the internet" and it can be confusing for a technical person, let alone someone who just wants to surf the web in peace and safety.
Two words: egress filtering. Blocking inbound connections, as the Windows firewall does by default, is great, but best practices include filtering outbound traffic as well. Yes, sometimes this is annoying for users, so choose your software firewall solution or suite carefully, and spend some time up front allowing your known good applications the outbound access they require. Automate this or use configuration files where you can if you have a lot of systems to configure this on.
Zonealarm was a great suite a few years ago, but we evaluated endpoint security software options recently for our company and found Symantec Endpoint Security to have the most hassle-free, hands-off firewall setup. It's remarkable how well it recognizes legitimate traffic ad how little it bugs you. Having said that, we went with ESET Smart Security for a variety of other (good) reasons, and while ESET's firewall is nice, it's a LOT more likely to throw up annoying Allow/Deny confirmations to users than Symantec.