I have to disagree with Beau, when he says to leave ICF alone in Springboard. Sitting in Blaster support earlier this year, helping a grandmother clean up her machine really opened my eyes to the inherent problems of “normal” end users and computer security. I say beef it up - make it a Fort Knox. I’m tired of continuously sending out emails to every family member whenever we issue a new security patch. I’m really tired of hearing that one of them actually took their computer to Best Buy and pay to have a virus removed.

I recommend anyone who writes network software read the recent MSDN post (thanks Joe for the link) which outlines what developers are going to need to know to write ICF friendly software.

For example, the “application white list”: Prior to SP2, applications needed to call the ICF APIs to enable the necessary listening ports to be open to send and receive messages. This proved difficult in peer-to-peer situations when the port was not known in advance. Further, it was up to the application to close the hole in the firewall, which could lead to unnecessary openings in the firewall should the application terminate unexpectedly. Additionally, these holes could only be opened by applications running in the security context of a local administrator. In SP2, an application that needs to listen to the network can be added to the Application White List. An application on the white list will have the necessary listening hole created automatically. By having an application on the white list, only necessary ports are opened, and they are only opened for the duration that the application is listening on it. This prevents an application from opening up a port it’s not using and either deliberately or inadvertently exposing another application or service to network traffic from that port. Further, this also allows applications listening to the network to run as a regular user. Applications that work with stateful filtering do not need to be placed on the white list. Only administrators can add an application to the white list.