I've been playing around w/ X-Wall firewall which has support for NOD32 integration. Although NOD32 scans incoming traffic at the socket level, X-Wall promotes the idea of added security by making it scan traffic at the TCP level, potentially catching something that might try to slip past NOD's normal method of scanning. I was trying to get it to work right when it occured to me that PG might block the access needed to perform such a task. Am I correct in thinking this, or would it be worth it to research other areas of interest before reaching a conclusion? My very elementary guess here is that if something could gain direct access to the TCP/IP stack (or use it's own stack), it could open a raw socket to avoid detection.. although I have yet to read much of anything about raw sockets. My thought here is that either of these methods would probably require low level access that would be prevented by PG. Am I even in the right ballpark here? Do you have any search terms that might lead me in the right direction to understand these things?