OK, I changed my AV to Kaspersky Anti-Virus (KAV) to test how much impact it had the resources of my PC (AMD64 3200, 1G RAM). It was quite un-noticeable. However, I was surprised that KAV managed to bypass my firewall rules and update itself automatically, without asking me whether it could access the Internet. My rules are only outbound but I noticed in the activity monitor that kavsvc.exe was being allowed inbound on a udp port ... of course I could block this inbound activity, but my greater fear is that some untrusted process could be able to do the same! Any ideas: I'll try to summarize the firewall rules later as I have to go to church.