It's amazing how LITTLE faith we (yes, me too) put in other peoples patches and how MUCH faith we put in other peoples Tools.

Case in point, software firewalls.

I doubt that there is a single person who posted to this thread that couldn't programaticly get around a software firewall. Anything from trapping it's kernel calls to flat out bypassing them.

I guess another thing is we all tend to be leary of patches, but call something an IAT rebuilder and you'll see 300 downloads an hour.

I'm not saying people should write their own firewalls, or that we shouldn't run IAT rebuilders without disasm'ing them first.

I'm just pointing out that this is actually part of the human condition. A patch is giving you something for free, and we are all ingrained from birth to distrust "things that are too easy or too good to be true".

A mild distrust is normal and can be very healthy to the life of your computer. Taking apart a patch and diffing what it does to the target should be 2nd nature.

But I would emphesize a little less faith in software firewalls. If the target your working on stands a chance of calling home, pull the ethernet cable OUT of the computer before launching into the debugger.

Maybe I'M the paranoid one...