Q. How does your method measure up against Comodo or ZoneAlarm?
A. I am strongly opposed to HIPS firewalls, which are intrusive to the most savvy at best, and useless to the average user at worst. While some are aware that I support UAC, which only alerts the user when a task requires adminstrative privileges; HIPS firewalls are suspicious of the slightest anomalies, and have historically proven ineffective in the event of an attack during installation of a new program, as users are conditioned to routinely click "allow" and "allow always" in a flurry of alerts to make the firewall "pipe down and get on with it." My method can leave users vulnerable during tasks like printer driver installation, which necessitates either unlocking the kernel or logging into an account that stays unlocked; the good news is that you can disconnect your PC from the Internet before installing the printer (or disconnect your modem from the Internet before installing a wireless printer), which I highly recommend if you are running XP or earlier.