Black Ice Defender

Yes.

I`ve got some hints and tips on my site in case they`re of any use to you, ranging from firewalls to emergency virus checkers. Everything I link to is free, with the exception of Pest Patrol (and it isn`t even an affiliate link)

Perhaps you can tell everyone why you think its crap, versus the option of no firewall at all.

Moreover, reliance on any form of security software running on Windows as the only means of network security is extremely unwise.

The underlying networking software implementation in the Windows "operating systems" simply is not reliable enough as a basis for this.

Having a proper firewall, something based on a router or something running on a flavour of Unix is important in addition to a Windows solution.

Correct. But a home user running behind a NAT router with some kind of Windows firewall is likely to be OK.

I've not seen anything transit my NAT router, yet. And even when it does, it's going to be looking at a Unix based dedicated firewall.

Forget my comments - it seems it's within the remit for DIY!

Having a NAT router is a pretty good addition and cheap and easy to do. There are a couple of possible snags though:

1) Is that it is tempting and very easy to make holes in the FW to allow certain inbound connections. Examples of this are having ports open for chat applications, Skype (although that is not absolutely required) and games etc. The problem is that people will tend to open stuff up until the application works without really understanding what they are doing. The documentation with consumer grade routers, of necessity is fairly simple and doesn't say a lot usually. 2) Entry level routers can be susceptible to various kinds of DOS or brute force attacks. For a home user this is not that likely unless the attacker is aware of a prize and specifically targets the addresses.

Generally, the best approaches are to have as low a profile to the internet as possible and turn everything off that isn't needed. Then open up only the absolutely necessary services and accesses.

If a scanning program doesn't find you in the first place it helps as well. Although security by obfuscation is not absolute, it helps to a point.

As it was more than five years ago I doubt that my comments would be particularly pertinent, and as Windows XP now has a built-in firewall nobody need consider the "no firewall at all" option. It's just that at the time, as now, Zone Alarm seemed to receive more positive mentions than any other firewall product, which really didn't seem to be justified.

Yes, windows XP the last word in security....

Dave

OK. I need a source of Farine de Sarrasin, otherwise known as buckwheat flour. Can't find it on the shelves anywhere and only a few mail order hits via Google.

You have not looked very closely. You can buy it (organical) at Tesco.

(u.f+d.m went thataway ->)

[Buckwheat flour]

Thanks for that. We have a large Tesco locally and I have looked there twice without seeing it.

It's normal practice for a followup to have some relevance to the previous post ...

the average time between putting an umpached microsoft XP machine onto the net, and having a virus on it - even when when you don't touch the keyboard or mouse, is now less than 8 minuites.

At work we block literally tens of thousands of attacks / probes a day.

Rick

Remove the word security from the above sentence. It should read 'reliance on any form of software running on Windows' IMNSHO...

Windoze concentrates on glitzy looks & 'integrated' get it all now software with 100's of 'features' you'll never use.. Sadly it sacrifices security for that.

H

Just because the router NAT's IP addresses doesn't make it a good firewall. A router that's NAT'ing addresses and has port forwarding on to forward all inbound packets to a NAT'ed RFC private address is equivalent to havig no firewall...

The NAT'ing is irrelevant. Whether or not the ports are blocked is the relevant bit.

H

ISWYM, but I wasn't suggesting that the NAT'ing was relevant, just that a device called a "NAT router" would do the job. I stand by that advice, unless you can tell us about some real-world NAT routers that forward all inbound packets without the user having explicitly set them up to do so.

Not so.

Also untrue.

My point was just that asking for computer advice here is unwise, since most of us dont know that much about em. Same hapen when people ask electronics questions. Signal is buried under noise.

NT

There's a shade of truth both ways.

- If a single PC is located on the inside of a NAT firewall and inbound forwarding of all ports to that address is turned on, it will effectively remove the firewall shielding.

- This setting is often shown as something like a DMZ setting or some other term where the layman might well not understand the significance, especially with poor product documentation. Quite often this is a single setting with single IP address, and opens access to all ports with an inbound address translation.

- With poor documentation and lack of understanding on the part of the user, many people will simply turn things on in an attempt to get an application or game working and then not turn them off.

- Plenty of other compromises are possible. For example, many cheap router firewalls have a web interface for set up and the access is something like the name of the manufacturer or "admin". Usually the access is only allowed from inside the firewall but I've seen user interfaces where there is a non-obvious button along with a bunch of inoccuous ones which enables outside access. A quick port scan and the miscreant has router access. Cheap routers don't have multiple levels of privilege, normally.

- With ever popular wireless routers, a lot of people have difficulty with or don't understand security settings. WPA on some products has improved this, but the average man in the street is going to struggle when a WEP setting on one end is an alphanumeric text and on the other is N bytes of hex. Again they will probably take a short cut or not bother with wireless security. Then the miscreant neighbours have a free ride on the internet connection as well as a look at the personal files.

The security exploits are as ever was. People not understanding or being lazy.