That may be your opinion, but firewalls have many more functions than the black and white situations your present.
Like what? Be objective.

[quote]All through your posts. Intrusions are acceptable if the value of the data is outweighed by the cost of protecting it. That may be suitable for governments, but perhaps not everyone else holds their data to such low standards.[quote]
You know what? You are absolutely correct, home users need the absolute highest security availible, because any intrustion is one too many. First we are going to deal with the system itself... I suggest a nice XTS-400 system with the tempest shielded case. Obviously you'll want a random speed fan on to keep the acoustics in the room unpredictable, don't want attackers being able to tell what you are typing... need I go on?
The fact is, home users work exactly the same way, if the loss of data is equal to one hour of effort in a complete compromise, and a complete compromise is only expected once a year, I don't think your home user is going to want to spend $200 million in protecting that system.
If you spend more on protections than the asset is worth, then you've already lost more then you would have if you were compromised. Does this not make sense to you? If you ever want to be some sort of corporate decision maker and not just lackey, you'll want to read up on this stuff.

No, I fail to see how it fits within any modern commonly-accepted home computer security model. I invite you to examine the two linked SANS documents in the previous post. Even if you find SANS to be a complete joke, you should at least do the courtesy of actually researching the material I present, as I have done for you.
You have not done for me as you still haven't a clue about how to manage risk. The modern, commonly accepted home security models are wrong. Why are the wrong? Because they make the assumption that the home user does not have free access to the level of expert found on sites such as this one. They assume that home users will need to just set it up themselves with help at best from programmer friends or system administrator friends or other people with perhaps a high level of skill in implementing policy, but not developing it.
If I wasn't willing to help these people, I'd tell them to just use an app firewall, cause if they don't plan on implementing the other security elements required in lieu of that... well at least the app firewall in that case helps mask poor configuration.

And yet you continue to dodge providing me a tangible reference to the examination of how a firewall decreases the security of the overall system in a practical sense. If theoretically you are correct, it should be trivial to provide numerous examples of it, should it not?
Fine you want an example:

System A. All ports closed, all client software compartmentalized.
System B. Same as system A plus firewall X.

Zero day exploit for firewall X is discovered. System A is still secure, system B dies a horrible death. You want actually real world examples? Look up any application firewall for past exploits. The benefit of appliance firewalls is that if they are exploited, the systems they protect are not compromised (though they may be eventually if the attacker is lucky and careful) however application firewalls need to run at a low level on the system, their compromise tends to lead to catastrophic failure.

To sum up much of the rest of this, you would resign yourself if I was able to find a single exploit in any personal firewall? Because that is all it takes to have them be less secure than not running one. A quick look through securityfocus will indicate a large number of known exploits for personal firewalls, and it is important to remember that even the local exploits are dangerous as a user may run an otherwise harmless malware that utilizes the local firewall exploit into leveraging more power as the firewall is prolly running under SYSTEM which would have more power than a normal user.

There are countless examples of these personal firewall exploits, what more proof are you looking for? Should I pick out a specific exploit and walk you through an attack?

I don't quite understand what that would gain anyone. The box will be infected with one of a dozen viruses within a matter of moments of it being put online. What point are you trying to prove exactly?

All this will prove is that default installs aren't secure on Windows 2000.
In that case it should be a snap right?

I submit that the system will not be infected with anything and the only thing that will change is the contents of the one folder and the logs (which I will post as well).

catch

Edited for: typos and suggested corrections to tune this down a smidge.