[Gareth]

I think you might be misunderstanding the difference between your firewall and your antivirus.

Your firewall only acts to stop things that you haven't specified otherwise from connecting outwardly or inwardly... that means, by default it will/should block all traffic unless you have specifically granted permission for it to be allowed through your firewall.

The two ways that a firewall operates are either at the application level - that is, you specify which applications are allowed access to the internet, and any communications irrespective of their destination and/or their port numbers (the way the application chooses to communicate) are permitted. Or, alternatively, permission is granted at the destination/port level, whereby any traffic is permitted as long as it is going to/coming from a specific address on the internet, or is using a specified port... irrespective of the application using that port/destination address, the traffic will be allowed.

As you can probably imagine, the application-based permission is easier for end users to get to grips with. But Zone Alarm does allow you to permit or block any traffic based on either rule set.

I'm sure that you can now see, however, that if you've permitted access to a trojan, to use your example, then the firewall will not really help you - after all, it assumes you knew what you were doing when you specified that the application should be allowed through the firewall, or it is using the standard ports that the firewall has been configured to allow traffic.

The antivirus, on the other hand, exists purely to see whether the files being accessed on your PC contain a virus, trojan, worm, etc... and are not attempting to determine whether access to the network should be allowed or not. An antivirus will quarantine and/or delete an infected file irrespective of whether it tries to access the network or not.