[raesene4]

For me, I don't think that applications like this are targeted at "Joe End User" more at technical people who would like more information about what network connections are happening from their machine.

Personally I've been looking for a little snitch equivalent for Windows for a while now and this one seems like a good starting point.

I think that the problem you might have with IDS/IPS for end user machines is similar to the problems that end users would have with this kind of software. Namely when it blocks/alerts it's very hard to translate the reason for the block (a SNORT rule) into something that's meaningful for a non-technical user.

the alternative is just to silently block, but that leaves the user with a problem whenever there is a false positive (which is a fairly large problem with network IDS/IPS in my experience)

[drzaiusapelord]

You could say the same thing about AV software. Just log events in a tray application. False positives are simply going to happen. They happen with everyday AV. Well written rules won't have this issue often and for end users it'll be edge cases they don't have to worry about. If it is a serious case they can call their tech savvy son for help, just like they do now with all other issues.