My search for a good no hidden phone home FW continues. ZA Pro was eliminated in favour of CFW 2.4. I pulled CFW off my PC because it keeps fouling up my rules so I have temporarity put PC Tools FW Plus v25 in to ensure I have a FW. It is being developed in the "lab" so we can view it as a beta. I just found this list from Webroot so lets start with this one. Note PC Tools not on the list no doubt beta's are excluded as they should be. (IMHO). It's interesting the Webroot's own desktop FW is not mentioned. I tried it and it made my system unstable so I got a refund! The following Firewall products have been tested by Webroot Software Inc. for compatibility: Norton Internet Security 2007 rejected ( bloated) McAfee Total Protection 2007 rejected ( bloated) Windows Firewall (XP version rejected as a IN only 1 way FW) Zone Alarm (rejected, due to hidden phone homes) Trend Micro's PC-cillin Panda AV + Firewall 2007 Sygate Kerio Sunbelt Armor2Net (omitted by technology or my error!) Tiny (CA) Commodo (testing of 2.4 deferred till V3 released) AVG Internet Security This produces my (mine, not yours ) shorter list: Trend Micro's PC-cillin Panda AV + Firewall 2007 Sygate Kerio Sunbelt Tiny (CA) Armor2Net AVG Internet Security So, here is my question now to Stem and other open minded posters, which of these 7 meet the following criteria: 1) No hidden phone homes to the mother ship even if OFF options on auto updates are applied. 2) Solid 2 way FW for outgoing and incoming packets. 3) Stable and actively supported by vendor 4) Can easily backup rules and settings without reverting to a special script 5) Placed the router/modem in the "internet zone" 6) Allows user to apply universal blocked sites by table list that applies to ALL applications 7) Can allow disallow application access BY application browsing or scanning Other, that I have forgotten WEBROOT EMAIL SCANNING, FIREWALL WORKAROUNDS The following email scanning work arounds were provided by Webroot. They are off interest to me since my BD assumes euro standard ports for email in out that differ from my ISP and I have to use SS to check outgoing email for me "Some personal firewall applications may block Spy Sweeper connections, and one may not be able to send/receive E-mail messages. In this case, the user can try the following to troubleshoot the issue: If the personal firewall provides whitelisting capability (the addition of Trusted programs), SpySweeper.exe and SpySweeperUI.exe should be whitelisted (Trusted and granted bidirectional access). Uninstall the firewall product and then re-install it after the installation of Spy Sweeper (the order in which the products are installed may cause conflicts). Disable the personal firewall (this may be a component of a larger suite). Only perform this task if a different firewall will be turned ON in place of the one that was turned off (such as enabling Windows Firewall if disabling a third party firewall, or if your computer is behind a router capable of providing firewall protection). Disable Spy Sweeper's E-mail Attachment Shield if necessary. This can be done in two different ways, the first approach will literally turn the shield off while the second approach will render it incapable of accessing the commonly used e-mail ports: To completely disable the E-mail Attachment Shield, follow the directions below which will result in a "X of X Recommended Shields OFF" message: Open up Spy Sweeper and go to the E-mail Attachment Shield tab. Remove check box from shield to disable. To prevent Spy Sweeper from accessing the commonly used E-mail communication ports (25 and 110) for POP3 and SMTP traffic, follow the directions below. This will prevent access to these ports and render the shield inoperable (unless using AVG). Please be cautious when performing this change since no warning message will be presented that this shield is essentially OFF: Open up Spy Sweeper and go to the E-mail Attachment Shield Options. Change to the POP3 port from 110 to 10110, and SMTP port 25 to port 10025. Modify the POP3 and SMTP ports used in Spy Sweeper's E-mail Attachment Shield to redirect communication to allow the shield to scan e-mail communication that may not be on the common ports of 25 and 110 (for example AVG redirects traffic from POP3 port 110 to 10110, and SMTP port 25 to port 10025, and the E-mail Attachment shield in Spy Sweeper will need to be modified to use these new ports). "