I know what you are trying to say, but a STANDARD firewall monitors network traffic and stops connections, an active anti virus stops exe's from running and registry entries from being edited. What you said about anti virus applications only scanning for items in their database is wrong, most modern anti virus software uses heuristics to scan for things which "look" like a virus, much the way a HIP does, as it uses pretty much the same system. Basically what would have solved this entire argument is to specify that you were using a HIPs based firewall, which in laymens terms is basically a firewall which runs like an active anti virus as well as fulfilling its firewall duties. I have used a few comodo products and found them far too intrusive for my liking, the default block can get very annoying. My issue was when I allowed, and whitelisted a program or connection, a few days later it would pop up asking me to allow the same connection or program. Anyway, back to the article. It seems a sloppy move by Samsung to allow this sort of thing to happen, its a PR nightmare, if they can't even stop worms getting on their SDcards, then what's to say they didn't slip up with other areas relating to the handset.