I guess before I can even start with my question, I should ask what firewall signatures do. Every so often certain software firewalls like ZA and Sygate get a signature update, and I wonder is that for updates in intrusion detection or patching or something else? Main Question: What advantages can be gained by setting your own advanced rules? I assume it is to further lock down certain types of communication? While I havent looked into too many sites of advanced rules (dont really know many good ones ) I have looked at CrazyM's posts of advanced rules configuration and the look n stop one (both which i think are really nice), and it made me wonder... Shouldnt most firewalls now be already configured to handle some of these "advanced rule entries." Especially with the newer versions and newer builds. Is it still necessary to add some of these... like the ones for Nimda, WinNuke, and Subseven?