An immensely grateful thank you to Gman! and Don101! for such a prompt and comprehensive reply, I have printed both, PLUS the Test results from Shields Up (very scary) and shall shortly sit down to study them all. However, a very quick question please, What type, and specification of Router should I seek?? (The ISP is providing a free modem, which I think is probably plain vanilla) Roger W.. On 3/08/2008 4:21 p.m., Gman wrote: > Roger, > Broadband's high-speed 'always on' access is not something to fear, nor > should you waste precious energy calling it names. In fact, dial-up user > accounts are nearly just as valuable to most crackers as faster connections > because either type can be used as part of a 'bot-net' for launching DoS > attacks, sending out Spam, etc.. It's just that broadband accounts are more > likely to retain the same IP over much longer periods of time, making them > easier to control once they've been compromised. > > Having said all that, there are a few things that will work in your > favor to help prevent this type of bot ownership of your system. First of > all, you will be getting your signal through an external modem, which may or > may not also include a router or router-like functions. In case you're not > already aware, a router is like an armed checkpoint where all incoming > packets must stop for inspection. If any given packet doesn't pass muster, > it is rejected. Although I have never been completely sure of what 'muster' > means, rejected means the packed is immediately eaten by the router's > hardware firewall. The poor malformed packet isn't even given the chance to > call home to report its inability to do whatever it was sent to accomplish. > In addition, every computer has roughly 65,000 different ports and a > hardware firewall such as the one provided by a simple router guards every > one of them. If anything tries to get through that isn't explicitely > allowed by the rules, it is eaten (these router guards are not only vicious, > they're insatiably hungry as well). Better yet, the outside world can only > see the IP address being used by the router. Your own computer will be > assigned an internal IP by the router that will never be broadcast to the > outside, making your computer invisible to other systems across the > internet. > > Does this mean that their defenses are completely insurmountable? Of > course not. But it makes them so much less desirable as a target compared > to all of the unprotected systems 'out there' (crackers nearly always take > the path of least resistance). The only type of fool that would work > diligently enough to possibly gain entry past the router guards would be > someone targetting your system personally. Since I cannot possibly imagine > a reason for such a fool to exist, I'm going to go ahead and declare early > victory for the good guys. > > > Still, hiding your system behind a router is not going to prevent the > actions of any nasties that you accidentally invite into your computerized > home. There are plenty of examples of downloadable programs and utilities > that carry more baggage than they claim. These are called Trojans for a > reason. While you're trying to install a great sounding toolbar that will > add smilies to all of your online email, the installer is also downloading > and installing stuff to make ads appear, even when offline, track your > movements across to internet to better target you with those ads, or > installing the latest version of SubSeven, a remote control that gives the > cracker full control over your system, as a rootkit. For these reasons (and > MANY more), you will still need to have a well coordinated collection of > security utilities at your disposal to deal with these possibilities. > Everything that we have already discussed in the recent past applies equally > to dial-up and broadband users, so there's really little more I can add. > > > However, I will remind everyone that the partial saying "Love like > you'll never get hurt" also applies to internet use. If you're going to be > over-cautious about the whole affair, you will be missing out on the vast > repository of information and enjoyment that is The Internet. Yes, there > are bad sites, bad downloads and some bad people that you'll meed in forums, > chat rooms, and other gathering places, but these events and people are such > a tiny percentage of what's 'out there' that they cannot be allowed to > dictate how you approach the net any more than a bad person should be able > to spoil a great sporting event in a stadium full of good people. The trick > is to learn the best ways to block out the bad stuff while keeping yourself > open to the rest. The pursuit of this happiness lies in our never ending > quest to stay on top of Windows security Updates (the critical ones), keep > our AV and anti-younameit app's definition files updated as well as stay on > the lookout for word from other good people who have tested new utilities > that may work better than the ones we already run. > > > I just recently listed the apps I use to keep my system safe (all are free > except for my AV) and I'm already accessing the net through an always on > broadband connection through a router. If you choose to mirror my setup, > great! There's little else you would need to do other than stay on top of > any updates for those apps and keep your eyes open for any changes I make to > mine. On the other hand, there are plenty of other folks who are running > completely different sets of apps that protect them just as well. But I > HIGHLY recommend using a router, even if you only have a single computer to > connect. > > Peace, > Gman > > > --------------------------------------------------------------- Please remember to trim your replies (including this sentence and everything below it) and adjust the subject line as necessary. To unsubscribe or change your email settings: //www.freelists.org/webpage/pctechtalk To access our Archives: http://groups.yahoo.com/group/PCTechTalk/messages/ //www.freelists.org/archives/pctechtalk/ To contact only the PCTT Mod Squad, write to: pctechtalk-moderators@xxxxxxxxxxxxx ---------------------------------------------------------------