I've plugged them shamelessly here many times. Hardware router by SMC, which is not free. It's a Barricade 4 port router/switch. Outpost Pro handles the software firewall end with excellent content blocking (scripts, cookies, Active X, such) and is the most complete and reliable firewall I've ever used - and I believe I've tested most of the major ones. It is rules AND application based and has the capability to "block most." This means that if it's not specifically allowed and there is no rule for it, it is silently dropped. It also allows me to set my mail and news ports to block all active content (scripting and such) for those applications. My firewall is paid for, but I still use its free version for the rest of the computers on my LAN and it has everything you need. The only reason I bought the Pro version is because it allows me to have multiple configurations so that I can change to a totally different set of rules "on the fly." I have a Games and Office setting that blocks all internet traffic for all programs. I have a LAN setting that allows me all my file sharing and LAN gaming and blocks the internet. I have a browsing configuration that blocks all LAN activity and only allows internet applications with rules for each. Free SlimBrowser browser extension for IE adds backup content blocking and makes it easier to delete the cache without deleting the cookies I really want. MailWasher cleans, thoroughly, all mail before it ever hits my computer. If it isn't addressed *specifically* and literally -character for character - to me, it is flagged for deletion and bounce. Much easier to look at the (by now) few suspect messages than to dig through the whole list lumped together. After deleting suspect mail at the server end, it hands it nicely to Calypso email. Calypso strips the HTML and crap, uses an encrypted addressbook, and, with the same, very powerful, regular expressions filters that MailWasher uses. This places all messages where they belong - sorted any way I wish - while deleting anything annoying that MailWasher *might* miss, and that isn't much. It deletes them instantly (not globally, but with REAL filters that you can set up on a case by case basis - no "all or nothing") without sorting through a "trash bin." Underlying all this is some good old fashion system maintenance and some more *policy*, because it's not ONLY a software solution!! I do the updates - Windows, AV (I use AVG, another good free one), Adaware, Spybot, and others - FREQUENTLY and do the required scans REGULARLY. I set IE privacy options for cookies to high, which eliminates a lot of the bad cookies, set my restricted sites zone to maximum security (disable EVERYTHING) and add sites to it whenever I see something pop up in the firewall logs that I don't like. I disallow all Active X, Javascript, referrers, and popups by default. I prompt for cookies (whatever's left from IE settings) and Java. I block first, then ask questions. If something doesn't work right, I evaluate how much I need or want to see it. If I can't live without it, all my programs can be set to override the settings *site by site* if I choose. All email attachments are renamed automatically by Outpost and Calypso (I believe in redundancy to avoid errors) and, to be honest, if an attachment comes from someone into my mail and I don't expect it, it's history - BEFORE it gets to my inbox. Calypso looks in the attachment field and if it sees *.* (which is any file as the DOS people know), it deletes from the server and discards it, doesn't throw it into the recycle bin, just dumps it. I have found that a majority of sites will work without all the garbage. I've learned that email doesn't need an extra three Kilobytes or more and annoying flashing things and pretties. I've learned that javascript is *primarily* used for popups, ads, address farming, trojan passing, spy tracking, and unnecessary garbage on web sites. I've also learned that no software is going to help you if you don't have it set up right. I had to do a lot of research to find out why my filters were not catching everything at first. I had to find out how internet protocols work in order to set up good firewall rules. I had to figure out what was an acceptable risk versus the perceived value of the software and internet sites I use. Everything I even think about downloading gets a good hard Google search first for spyware and adware. It's a multi layered approach. It takes effort and time to set it up, but it saves time and effort once you get it right. There is no effective "set it and forget it" wonder software that will keep you clean and safe. Anyone who claims there is doesn't know as much as they think they do. In all the haste to write my novella here, I forgot to mention the support of JV Tools' excellent registy cleaner (free) to clean up those strange registry items and those persistent softwares that never want to leave your system completely. I forgot, as well, to plug Microsoft Windows' own System Restore which makes it possible to totally test software and rid the computer of it completely if it doesn't work out. Using this approach I have run several machines with nary a reinstall, nary a virus, and very darned few malwares. The couple spyware/adware programs that managed to get in couldn't do much and didn't last long until they were hunted down and eradicated cleanly. I am nearly certain that no address in my addressbook has ever successfully been harvested for *whatever* reason. No system slowdowns, no mysterious files, none of those things. There are tradeoffs. You won't be able to successfully view porn sites. They won't work as a rule without allowing security vulnerabilities. Launchcast and some Yahoo stuff (not all) won't run because I won't stop blocking their adservers and "partners" referrers. If you want to send me a file, I need an email first to tell me it's coming. I can't message in color. I can't put little trucks and cowboys around my messages - as if I'd want to anyway. I can't send you Yahoo Groups' advertisements in full living color - just a blurb of uninteresting text. Sometimes to get a site that I want to work to do so, I'll have to dig around a little to find out why it's being blocked. I can't forward your email address to any website that wants it or advertise it to every trojan that's making the rounds. Sorry. All I can do is use my computer reliably, with good speed and clarity and reasonable peace of mind pretty much every day. I like things simple even if it's a little hard to do at first. On 8/27/2003 at 8:52 AM a whisper was heard, and the one known as James LaBorde was rumoured to have uttered.... | Wyatt, | | I don't know about others but I would be interested in what | software/hardware you have setup to feel this secure. Free | software that is | reliable is a goldmine! If you would be willing to do so, | would you share | what you have set up so that others can benefit from your | efforts as well. | | James | | -----Original Message----- | From: Wyatt M. Portendt [mailto:nunyabidness6@xxxxxxxxx] | Sent: Tuesday, August 19, 2003 2:55 PM | To: pctechtalk@xxxxxxxxxxxxx | Subject: -=PCTechTalk=- Re: what's this? :VSMail mx3 | | | I personally wouldn't feel bad about taking a reasonable | precaution. The | firewall and mail security here has caused me to miss the last | ten major | virus attacks even though I was exposed to them through | mailing lists and | casual surfing. I don't argue with people who say they don't | need them. I | know that soon enough they will be silent for a time and a | little more | open-minded shortly after (the virus hits them). | | I have a layered approach to security. The router is the | outer shield, a | properly configured (and configurable) firewall is the next | layer. A text | only email with an encrpted address book (and *real* filters | built in) | filtered with a regular expressions mail handler protects the | email. | Content blocking and script control keep IE from getting | naughty. It | sounds cumbersome, and it wasn't a peach to set up in the | beginning, but it | works flawlessly now. Good stuff gets in, bad stuff doesn't, | and | questionable things can be forensically traced to find out | exactly what | they *are* doing behind my back. | | Foolproof, no. Damned difficult to casually breach, without a | doubt. All | of it was free and it's working exceptionally well. I just | listen politely | to the people who say it's unnecessary and doesn't work and | smile while I'm | surfing and mailing with no problems for about three years | running now. No | crashes, no reinstalls, no cleaning, no worries. | | On 8/18/2003 at 12:47 PM a whisper was heard, and the one | known as Michael | Scott was rumoured to have uttered.... | | | Hello All, | | With the panic re the blaster worm I checked up | on my | | Microsoft Updates again and there was "Security | Update | | Microsoft Virtual Machine". What doodad is this | for and is it | | necessary or will my world end if I don't do it. | It is over 5 | | megs and I must have the worst server in the | world because I | | keep dropping out and this could take forever. | | | | I did however go to CNET and downloaded the | w32.blaster | | removal Tool and was tickled to find I'm clean. | | | | It seems that if you have a firewall, you are | much safer. I | | know so many people who think I'm a twit because | I have one on | | my PC............ they wouldn't!! Hope I run | into some of | | them and they tell me they have the worm. OK, I | know I'm | | being nasty....... but ........ Lyn | | | | To unsub or change your email settings: | | //www.freelists.org/webpage/pctechtalk | | | | To access our Archives: | | http://groups.yahoo.com/group/PCTechTalk/messages/ | | //www.freelists.org/archives/pctechtalk/ | | | | For more info: | | | //www.freelists.org/cgi-bin/list?list_id=pctechtalk | | | ********* And So It Was *********** | | To unsub or change your email settings: | //www.freelists.org/webpage/pctechtalk | | To access our Archives: | http://groups.yahoo.com/group/PCTechTalk/messages/ | //www.freelists.org/archives/pctechtalk/ | | For more info: | //www.freelists.org/cgi-bin/list?list_id=pctechtalk | To unsub or change your email settings: | //www.freelists.org/webpage/pctechtalk | | To access our Archives: | http://groups.yahoo.com/group/PCTechTalk/messages/ | //www.freelists.org/archives/pctechtalk/ | | For more info: | //www.freelists.org/cgi-bin/list?list_id=pctechtalk Powered by Calypso Email - Control by Outpost Pro and MailWasher Email should not be stressful! To unsub or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ For more info: //www.freelists.org/cgi-bin/list?list_id=pctechtalk