This is not strictly a firewall issue, but I found this resource and it is one of the best around for running LUA: http://nonadmin.editme.com/HowDoI As most of you know, my approach is to use a router with SPI (with a few ports shut off), a strong AV (KAV, NOD, McAfee, or Bitdefender), limited user account, an alternative browser with Java disabled (Firefox or Opera), and a few sysinternals utilities to check on things, very few running services, and nothing else. [If I had a laptop (wish), I would use CHX-1 instead of the router, when using it off my home network.] I do this because it is far more important to me to keep the baddies off my computer in the first place, than to hope to find them after the fact with an application aware software firewall, much less by hoping to detect malware that impersonates "trusted" applications. Besides, the whole thing can be bypassed with a driver. The LUA prevents the accidental installation of most malware. It allows one to run programs that are not supposed to install anything with relative safety. It especially prevents the installation of hidden program elements. Remember the No. 1 rule, know what you run. More problems have been caused by free screen savers, or other strange free stuff than all the drive-by downloads in the world. If it is not on souceforge, its probably be no good.