WinXP and ICF

[Harry Johnston]

But everything is about speed bumps not absolutes and this version of
Microsoft Firewall is not as much of a speed bump as it could be (my personal
opinion only).

That's fine. There is no doubt that outgoing protection provides some degree of
protection, but the limited benefits need to be balanced against the
inconvenience, which is significant for the average user, because they don't
understand the questions the firewall is asking them. It may well be
appropriate for you to install more complex software.

If I was working on a computer as a user who is able to
install software but not as an administrator, in that security context, I'm
sure that call to CreateRemote Thread would not be such a simple thing to
accomplish into a hardened firewall.

You'd think, wouldn't you? Nope, CreateRemoteThread needs no special
permissions. Malicious software can still use it even if running with
non-administrative privilege. Of course, it couldn't use it against the
firewall software, but then again it doesn't want to; it wants to use it against
some ordinary application which has permission to access the internet. Internet
Explorer, for example.

Harry.