On Wed, 23 Jul 2003 02:36:27 GMT, in <alt.privacy.spyware>, tony@well.com
wrote:
>
> On Tue, 22 Jul 2003 12:37:19 -0400, Jay T. Blocksom
> <usenet01+SPAMBLOCK@appropriate-tech.net> wrote:
>
> > But you'd still be far better off with a
> >true hardware-based firewall, provided that you could gain some clue on
> >how to use it properly.
>
> Yes, I'd like to learn more about that (and maybe some of the other
> readers would too). I'm listening.... particularly since this is one
> alternative that's not mentioned very often.
>
[snip]

Well first, the single biggest reason you want a hardware-based firewall is
so you can really put your computer(s) *behind* it. That is obviously
impossible with a software-based firwall running on the same box(es) that
it's trying to "protect". Combine that with Windows' legendary inherent
insecurity, and, well... It becomes effectively not much more than a
"tissue-paper wall". A secondary benefit is that this means there is (at
least) one less program running (and thus inevitably sucking up memory,
system resources, CPU cycles, etc. -- not to mention the potential for bugs)
on your "real" system, which is an unmitigated plus -- i.e., there's no down
side to this.

Second... As little as one-two years ago, at least most off-the-shelf
hardware firewalls were either too expensive (the pro gear) or too lame (the
consumer gear) for serious consideration by most users. So the only really
good AND cost-effective alternative was to do a "roll-your-own" based on an
old leftover '486 or somesuch running under *nix (typically Linux), then
place that single-purpose box between your other computer(s) and the 'net
conection. But this approach, while still potentially valid, requires a
fair amount of expertise in not only security issues in general, but also
*nix and the pertinent *nix apps/utilities you'd use for this in particular.
Hence, it has never been a very popular approach.

But things have changed.

Go read up on things like the D-Link DFL-80 and the NetGear FR328S or maybe
even the NetGear FR114P (which is not quite as flexible or as capable as the
other two; but it's still not bad, especially for the buck). The full
User's Guides for each of these is downloadable (in .PDF format) from their
respective manufacturer's web sites, and will give you a good idea of their
capabilities. For something around $200 (or less, perhaps much less), you
now can get a nicely packaged off-the-shelf device which not only rivals (or
perhaps even exceeds, depending) the capabilities of the typical
roll-your-own Linux-based router/firewall, it also fits on a small shelf,
consumes very little power, needs very little maintenance (other than
keeping the DENY tables current, of course), has a factory warranty, and
will in general be MUCH easier to deal with for most typical Windows users.

> >I would suggest that you start with a visit Sponge's Anti-Spyware
> >site at <http://www.geocities.com/yosponge/>, then simply follow the
> >(8-step) step-by-step directions you will find there. They're far from
> >perfect; but they'll at least get you off Ground Zero.
>
> A suggestion I will certainly follow, thanks.
>
[snip]

Good. But remember, that's still really only a stop-gap measure.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
NOTE: E-Mail address in "From:" line is INVALID! Remove +SPAMBLOCK to mail.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -