My theory revolves around the enhanced security that came about in Vista when the user tokens were split. A "user-admin" account in Vista & Windows 7 runs with a single user token. When full admin rights are needed, elevation occurs via consent.exe (UAC) and the 2nd token is obtained for the particular function requiring full admin permission. Only the single Hidden Admin user account (SID = x-500) runs with both user tokens in Vista & Windows 7.
Certain system services run under the "Local Account". The firewall drivers run in kernel mode under NT AUTHORITY\SYSTEM and can block local NETBIOS ports used by system services, resulting in APPHANGs, which after 30000ms, becomes an APPCRASH.
- Windows Explorer or IE8 screen background fading white
- small blue circle spinning endlessly
- The phrase "..Not Responding..." appears
- WERCON screen appears and asks about reporting, close program, check online for solution, restart the crashing app, etc...
In XP, all admin accounts run with 2 user tokens = full admin rights; hence the reason Zone Alarm, NIS, KIS, MIS, N360, et al., do not have problems. Only 1 level of security to deal with.
I have always held that the differing levels of security in Vista/ Windows 7 make it extremely difficult for Internet Security Suites to function normally (as in XP).
Food for thought!
J. C. Griffith