There are a number of devious ways hackers get past an inbound firewall. But, an outbound and OS-level firewall can stop them by:
Stopping unknown or untrusted programs from transmitting to the Internet
Detecting suspicious behavior
Hacker tricks that only outbound and OS firewalls can stop
Inbound-only firewalls can’t stop these hacker activities.
Someone who uses your computer may be deceived into installing a seemingly safe download, such as a screensaver, which hides malicious software in it. Such trojan horse malware can be used to set up a “back door” security hole for hackers. Some trojans set themselves up to receive connections from the outside so a hacker gains access. The ZoneAlarm OSFirewall, however, is designed to detect and alert you to this kind of behavior so you can stop it.
A spoofing attack is a situation in which a person or program masquerades as another by falsifying data in order to get past the inbound firewall. Once the intruder is in, only an outbound and OS-level firewall can protect you by detecting and blocking his suspicious behavior.
A security exploit is a program crafted to take advantage of a security hole or “back door” in an application or operating system. Hackers also use “vulnerability scanners” to quickly check computers on a network for such known weaknesses.
A rootkit is a collection of programs that enable hidden privileged access to a computer or network. Typically, a hacker installs a rootkit after accessing your computer by exploiting a vulnerability or cracking a password. Or, the rootkit may even be hidden on a CD or DVD. Rootkits are difficult to get rid of because they activate each time your computer starts up. They may be discovered by good antivirus software, but they are difficult to detect before they do harm. This is why the ZoneAlarm OS Firewall works hard to stop the rootkit from even being installed---by detecting behavior that indicates a rootkit installation is being attempted.
Real world example
In late 2005, Sony used a rootkit on some music CDs for a legitimate reason--to hide digital rights management software from users to deter them from bypassing or removing it. However, hackers discovered the presence of the rootkit and exploited it for attacks. A trojan attack used the rootkit to hide on user’s computers. However, users who had a purchased version of ZoneAlarm firewall were alerted to the installation of the rootkit and given the choice to stop the process. The ZoneAlarm firewall also allowed users to halt the rootkit when it attempted to launch. These layers of security protected them against the rootkit and any viruses, Trojans, worms or other attack methods written to take advantage of its cloaking ability.