True, a service or exploited application with those rights could open a port. I might consider installing a firewall on that basis. I might set one up a bit later. edit: I'm behind NAT, and I know how to bypass that, but because of the NAT I'm not really too worried. I would like to get to the FW though eventually.