UPDATED! Well, this one should come as no surprise: I've just verified that Microsoft knew about the problems caused when installing Windows 2000 Service Pack 1 (SP1) on a system with a personal firewall, such as ZoneAlarm. But Microsoft declined to fix the problem, telling beta testers that these products were using undocumented features that could change. And as promised, these features were indeed changed in SP1, breaking ZoneAlarm, BlackIce, and other similar programs. Microsoft said that the issue would be discussed in the release notes, but I was unable to find any mention of this in the SP1 documentation that the company made available yesterday. In fact, a scan of each of the several "learn more" documents on the SP1 Web site unearths no information about this problem at all. So people heading to microsoft.com to download SP1 would have no way of knowing about this problem ahead of time. And when an SP1 system with ZoneAlarm is booted up for the first time, the user will be unable to get online or access the network.
According to beta testers that contacted me this week, Microsoft refused to fix the problem despite numerous complaints during the lengthy SP1 beta, and deferred the issue to application writers such as Zone Labs, makes of ZoneAlarm. I'll be following up with Zone Labs today.
But regardless of blame, Microsoft should have been more open about any problems with SP1. If the company knew about this issue, why isn't it mentioned anywhere on the SP1 Web site? A thorough search of the documents listed at the site for phrases such as "personal firewall", "firewall" or "zone" turns up nothing relevant or, in most cases, nothing at all. Even the 38-page "SP1 Installation and Deployment Guide" doesn't mention this at all. One tester referred me to the Microsoft Knowledge Base (KB), which is a support tool on the Microsoft Web site. But the KB, like the MS support site in general, is going to be accessed when users are having a problem: It's unlikely that anyone would head there before installing a product. Regardless, I was unable to find any information there either, using search phrases such as "SP1 Zone" and "ZoneAlarm".
In the end, a user protecting their system with ZoneAlarm will install SP1, reboot, and suddenly find himself or herself unable to access the network or the Internet. Without proper communication, this person will assume that SP1 caused the problem and will probably uninstall it if they were lucky enough to choose the backup option. And, as expected, this is will cure the problem. So is the problem really with SP1 or ZoneAlarm? It almost doesn't matter, since the customer will be out of luck either way. But Microsoft knew about the problem months ago and shipped SP1 without any fix or corresponding documentation regardless.
UPDATE: Since this article was originally written, Microsoft posted a fix for the problems described here. Please head to the Microsoft Knowledge Base (KB) Web site for more information