I think it's better to have the option, enabled by default, so that people see a warning pop-up the first time an app attempts internet access: "Freecell wants to access the internet. This could compromise your privacy or security. Press 'block' or 'allow' to continue." or whatever. Perhaps for the first time the message appears, the system could explain the risks in more detail, with a biohazard symbol or something. People could also choose 'block all' and allow an app only if it otherwise breaks. If you don't want a firewall, turn it off: simple. Otherwise, you are likely to be saddled with a large variety of malware. I'd rather have the firewall.