Hello again Dwien.

I dont think you understand the whole picture. Just because you have managed to get a trojan on peoples computers does not mean that the antivirus or the firewall are useless. There could be many reasons why you have succeeded with this. My thoughts are that one of the main reasons are user errors. For example, out of date AV, poorly configured firewalls. If on windows i would for example have ZA running, and i get this trojan and ZA tells me that a programm wants to bypass my firewall and i would have no idea what all this was, then i would most probably accept it. Hence : i would be infected by that lame trojan. As for the antivirus, a trojan does not have to be known to an antivirus. Some are known, some not. However, if you do know some basics about security, then believe me, your little trojan would not work. Just to get my point clear to you, a firewall and an antivirus are useless if the person who wants to use them has no idea what he is doing. Best example is, your trojan would not do ANYTHING whatsoever to my systems. Im not saying my systems are 100% safe, no such thing, but i assure you that a trojan like that cannot even get in to my systems. Also, i mentioned user error. Well, you had to get that trojan on the victim some how. So its the victimes fault (maybe not knowingly), but the victim has chosed to accept that file (email attachment, dcc, whatever). People who know a bit about security will not rely just on a AV application to identify the trojan, and also they would not rely on a firewall that can be messed with. Allow me to go into detail using my security as an example. First of all, you cannot even connect to my firewall. My firewall is a dedicated linux computer with 2 ethernet cards. The 2 cards are bridged meaning that no IP is assigned to them at all, not the internal one, and not the external one. This makes it impossible to connect to or from the firewall itself. Then, my firewall runs of a live cd, meaning its read only, so no rules can be changed since the medium where the firewall is is not writable. Then let us say just if that trojan could get on the firewall (i really dont see how), then it would take root (administrators) priveleges to do anything. Since im a bit aware about security, i never do much as root anyways, so using a normal user privelege can not harm the firewall if i were to execute the trojan as a normal user, (since the firewall is run by root). Now then. Since the original purpose of this thread is what is the best software firewall, we see a clear example that 90% of the firewalls mentioned here so far are crap. In my opinion, a firewall must be configured and from there on it should not allow any changes to the rules in any way unless you specifically allow the changes and are 100% sure of what is going on. ZA, sysgate, mcaffee, norton, and all these firewalls are crap. I hope you understand now.

cheers.