Ok, so is RAW sockets an API that programmers can use to make IP routable package to send data from your computer? Maybe that would be able to by pass the host firewall ? Would that program be able to listen / recive data also? By passing the kernell maybe ? http://www.linuxchix.org/content/cou...ty/raw_sockets
Guess some programming guru could write code to read data directly on the network level, to be able to send and recive, without the host firewall knowing this ? Or mabye this is not possible ? Anyway this gives me the feeling that an externall firewall (one that is not running on the host) is a good secondary "line of defence", in stead of just trusting a host firewall.

Gues its also very important to drop all ICMP trafic, so that a programmer is not sending real data in an ping package for instance?

Still the "biggest" threat would probobly be that a trojan is using a security hole in one of the allowed programs as you say.

In that sense a host firewall on a standalone client that is not connected to a LAN and is not running any network services, is really not protecting anything Its only good to alert if a trojan is opening its own tcp or udp ports maybe...

I have only one PC @ home, that is only running TCP/IP network service on my WinXP (I removed the default microsoft client/server, and the Quality of service that I dont know what it does) so I guess I dont really need a host firlewall at all, as I allow programs that use the Inet to bypass the firewall anyway

I think the OS programmers should do a security feature that prompts the user every time some program is set to autostart or is assosiated to run with some file extension. That way maybe it would be hard to get a trojan installed on a pc to autostart with windows? But then again there migt be countles ways to get a program running, other that the registry run, services, ini and startup folders, makeing it impossible to do that kind of security stuff.

Now I understand why our commpany network security guy is getting grey hair so soon :/
All those users installing strange stuff on their workstations, I wonder when a trojan is going undetected by our AV&fw