ADN

It is a good idea, but it took this long before someone decided to limit a programs access to ones registry? I like the idea of what the article talks about and I will try the 2 programs mentioned, but talk about too little, too late.

most software has previously taken the "block the bad stuff allow everything else" stategy. The flaw in this approach is when the bad-stuff traffic and activity becomes as frequent as the good stuff requested activity and traffic, it gets increasingly more difficult to filter appropriately.

The alternative approach, assume it is all bad stuff and only allow the apps and processes necessary for the task you are try to accomplish at that moment to get throug the barrier(s) of defense, is much safer because you never have to worry about malware etc being able to get through a port that has been left open just because it was not used to initiate any attacks previously.

It is my prediction that software virtualization of hardware is going to explode over the next couple of years and it will soon be very common to be running layers of Operating Systems within one another that can be disabled or suspended dynamically depending on the work being done. For example a browser layer that when active will not be able to access your mission critical database server layer because it has been suspended and it is not even visible to the browser.

Yes, I have tried the "allow only when I need it" approach and hate it. Every time I want to do something I have to find the ports, allow them on my modem/router, check it, then troubleshoot where I screwed up. I am going to try the DropMyRights program later this weekend. Anyone know anything about it from personal use?