perhaps better described as Godzilla vs. Bambi. I have spent this evening experimenting with Kali Linux and Win2k KVM sessions. The Win2k VM is equipped with Outpost Firewall Free 6.51, with full paranoid settings - full system call interception, ask for all unknown executables, etc. To say that Outpost fails miserably would be a vast understatement. This is what I did: - Set up the IE exploit used in Operation Aurora: http://en.wikipedia.org/wiki/Operation_Aurora - Directed IE6 to the exploit page - Waited ~5 seconds for Metasploit to compromise the process - Migrated to another process - Got a view of the filesystem and uploaded an unsigned executable installer - Ran the installer - Ran the (also unsigned) program installed by the installer All of this was without a single notification from Outpost. Even when running unsigned, unknown, third-party executables. Not only did the EXEs run without complaint, they weren't even visible to Outpost - they didn't show up in its list of known programs after running. I'm not sure about other FW/HIPS software, but Outpost Free seems to be very broken. Next up, Sunbelt Personal Firewall. Let's see if that fairs any better. Edit: I'll probably test old versions of Online Armor and Privatefirewall after Sunbelt. Maybe System Safety Monitor or such as well. I would use WinXP and more recent versions, but I don't have a spare XP license; and anyway the Aurora exploit works on XP, and with newer versions of IE.