Over the weekend I tried a few oldies: CHX-I 3.0: Previously I had trouble using this one with WPA2. Adding a rule to force allow 888e gets wireless working, but it is very slow to connect when the computer wakes up. As notebooks go to sleep a lot, I had to move on. Jetico 1: I had high hopes for this one, but it is not compatible with SuRun which I use to temporarily elevate to administrative rights on my machine. Too bad, and time to move on. Kerio 2.15: Much to my surprise this old bit of code worked flawlessly. I guess its the same old XP and the same old TCP & UDP despite 6 years of "progress". Why bother? I was using Comodo 3 with D+ turned off. Each of the above produced a commit charge that was 30 to 40 MB less than Comodo. When running GMER, the reduction in how the system was invaded was dramatic. By the way, individual line items in task manager don't mean anything. You have to look at the whole thing (commit charge) on a with and without basis. There have been many comments in this forum about how Comodo 3 is totally dependent on D+. D+ is too noisy for many users. It might quiet down after a while, but it never shuts up completely. For example, Comodo 3 has no protection against substitution of an executable when D+ is off. I am really not into the whole leaky firewall thing, but the point is, Comodo 3 is a rather complex piece of code. With D+ off, it might not be worth messing with, YMMV. What's the downside of going with the old stuff? As I mentioned above, there can be severe compatibility problems. Either you get a pass or not. No one will fix it for you. In the defense of Comodo 3, I have tested a lot of firewalls, and it has very low CPU usage when D+ is off. Not just low CPU usage by the firewall components that show up in task manager, but the system task as well, where several firewalls offload their work at the driver level. However, Kerio 2.15 manages to do a bit better. I would not go so far as to say Comodo 3 is bad, but the performance of old Kerio 2.15 continues to amaze me.