I want to ask about myth3 as I dont understand it :/
"It is entirely unnecessary for a piece of mal-ware to listen on a "port", whatever that means"

I thought that if a program does not listen to trafic, it is not going to communicate, and if it opens connection even from time to time, that is opening a port that a software firewall should allert the user about ?

If the trojan is to communicate over the net, it has to use tcp/ip to be able to communicate over routers, and that means opening ports ? I do not know what port-less TCP/IP is, but on a hardware firewall one opens some ports and drops all other trafic. If some trafic is port-less, it should not go throug the firewall.

Im not saying it is so, just asking....

The nice thing about software firewalls is that it does not only look what port and IP is used to communicate, it also looks what program is communicating. So even if a trojan was to use a well known port, the firewall should alert the user because a strange program is using the net?

Or do you (slarty) mean that a trojan can operate in the same subnet (behind the same router) and that way somehow communicate without listening / opening ports ?

I do agree that software firewalls does not protect the home user 100%. But it should catch any new programs trying to communicate over tcp/ip.

Problem with this how I see it is that when I allow multiplayer games, ICQ etc. to use the Internet, someon can use the security holes of those allowed programs to do their malicious stuff

Please note that im not an expert on TCP/IP and im just asking about this.