Since McAfee Desktop Firewall seems to be the topic of the week around here, I just wanted to mention that it COULD have some issues that might not make it suitable for some users. Some of the things I have noticed when I tested it today (for fun) but you should try for yourself if necessary because I only tested for couple hours and I could be wrong and I won't be the one using it: I think it may have the same local proxy issue that Sygate has. If you run a local proxy and have the proxy enabled in Internet Explorer, for example, and a firewall rule to allow the proxy (ie. Proxomitron), any application can also use the proxy unhindered, even if firewall rules exist denying the application. Tested using Windows XP Search (uses explorer.exe to access internet) and also with NetInfo 5.5 (accesses internet when first opened). IF you don't use the Application Creation Monitor/Application Hooking Monitor, you can try this. Pick an app that already has a firewall rule created for it. Flashget, for example. Then download Leaktest, rename it flashget.exe and copy it to Flashget folder (make a backup of original first) and run it. It uses the rule you've already got that permits Flashget, not recognizing it as a different application! I also wonder about the PC Flank stealth tests. TCP FIN/XMAS/NULL/PING weren't stealthed when I had intrusion detection disabled. When I enabled intrusion detection the site wouldn't finish loading to give me the results. I may be wrong here, but I would like to see results of TCP FIN/PING/XMAS/NULL done without the UDP going with it (not using PC Flank)...something is not right if you can't stealth your computer from these packets when the intrusion detection is disabled, when your firewall has block rules at the bottom blocking inbound TCP/UDP/IP. I wonder if maybe the intrusion detection blocks the PC Flank ip address when it sees the UDP packets but would otherwise allow the TCP packets to go through undetected. You could also experiment with the intrusion detection "block until removed/block for xx minutes" settings, and see what this means exactly. ie. If you block for 1 minute while PART of the PC Flank test is being done but isn't complete, what happens when the minute is up and the intruder's ip address disappears from the policy? etc. etc. I tested this firewall's predecessor a long time ago when I was using AtGuard and some of the things I didn't like about it at the time are still there, almost like somebody from McAfee has added a module or two without doing a complete redesign. The way the Application Creation Monitor/Application Hooking Monitor works reminds me of the "update" Blackice did in moving beyond v.2.9. (something old/something new/something borrowed/something blue). Personally, I don't want a firewall to prompt me whenever non-internet applications run, like Notepad or a card game or something. I just want to know when the hash of an internet application changes so that I will know if it has been altered. I don't want to make anyone mad if this was their favorite firewall, since there are issues that bother some people for ALL the personal firewalls...just if these things affect you you might want to test them further in case I missed something (which wouldn't surprise me).