Thread: NAsty Message
View Single Post
  #11 (permalink)  
Old 03-25-2007, 02:30 PM
Leythos
Guest
  
Posts: n/a
Default Re: NAsty Message
On Sun, 25 Mar 2007 09:23:59 -0500, Michael B. Trausch wrote:

> On Sun, 25 Mar 2007 09:14:14 -0500, Leythos wrote:
>
>> On Sun, 25 Mar 2007 09:08:00 -0500, Michael B. Trausch wrote:
>>
>>> All you really need are a pop-up blocker (Firefox has one built-in that is
>>> reasonably good--and you can pretty easily get an ad-blocker for it, too,
>>> that prevents a good deal more of crud from being able to get in), a
>>> decent anti-virus program (AVG Free does a decent job and also detects
>>> many types of malware), and HijackThis, which is a Windows utility to help
>>> find things that have installed themselves into places like the Windows
>>> registry.
>>
>> All you really need is to secure the machine and install a firewall for
>> the internet connections that filters crap out of HTTP, HTTPS, SMTP, POP3,
>> FTP sessions and 99% of the Windows people will be free from trouble.
>>
>
> Software firewalls aren't that effective, particularly when they are
> running on the machine that they're designed to protect. If one must run
> Windows, all that is really needed is a little bit of thought and the three
> programs that I mentioned above. Most Windows users are sitting behind a
> NAT, which takes care of blocking incoming connections, and those that
> aren't behind a NAT, probably should be.

You misunderstood - I don't consider software solutions running on
non-dedicated servers to be firewalls. I was speaking of a firewall
appliance, although I could have better stated that.

NAT appliances don't filter HTTP, HTTPS, SMTP, POP3 or FTP content, but a
firewall with those as proxy services can remove content.

> Also, you can't really filter HTTPS through a firewall. You would need a
> proxy for that, because all the firewall would see is a stream of
> encrypted packets. Systems should be secure enough, anyway, to not
> require filtration of the protocols that people use on the
> Internet, anyway.

Many firewalls have HTTPS proxy services, but you are completely correct,
most would not be able to filter content in HTTPS.

--
Leythos
spam999free@rrohio.com (remove 999 for proper email address)

Reply With Quote