> You are assuming that the malicious program has root privileges. That is
often not the case.
It definitely is the case. It's very typical to run a one-user system. When
you install a program on a system such as Trisquel, you most often do it with
root privileges. But even in cases you run the malicious program without
first installing it as root, it's typically done by the same user who has
sudo privileges. The next time this user enters his password to gain root
privileges by a sudo command, the malicious program can find out the
password.
> Telling people not to use a firewall is telling them to undermine their
security.
What I'm trying to say to people is, that installing a firewall on your
computer to block incoming connections ports such as 22 (SSH) or similar is
meaningless.
But I do care to learn of a good use case, where a firewall installed on my
one-user system can give me significant protection.