Well knowing that it is impossible to state a one-for-all solution here is some input on how to start getting along in a home windows environment without running a personal firewall.
It is certainly not complete, but feel free to add Your tricks to the list.
Note also that:
- The right things to do in the end depends on Your environment, habits and behaviour.
and
- There is no such thing as full security on the internet. Your level of security is something You come to a balance with, the key word being trust.
Okay, here we go:
- If possible put an NAT router/firewall device between Your internet-connection and Your PC.
It does filter out a lot of network traffic that is just pure noise, and it does provide a decent level of protection from "intrusion attempts" from the outside. If You are willing to invest a little money in security this is one of the best ways to do it.
- Disable unnescessary services
If directly connected to the internet, this part is *crucial*.
If behind a NAT router as suggested in point 1 however, this is less important as long as Your router does not forward any traffic.
The ideal would be of course if You can end up having no open ports at all. A PC configured like that can be directly connected to the internet just as safely as if You were using a personal firewall - and best of all, without all the noise from firewall pop-ups :-)
If You have a simple setup (like a stand-alone PC connected to the internet, without any special requirements other than normal surfing and mailing around) there are pretty straight-forward step-by-step guides available that can help You close all open ports on Your machine depending on the windows version You are running. Remember to check that Your ports actually are closed (the guide will probably tell You how to do that).
Otherwise search the internet for ways to close ports You don't need. (It's a good idea to write down which services You disable and how You do it. You might find that You need to reopen them again at a later time). Figuring out which services can be deactivated can be rather tricky. Search the net and seek help in relevant forums.
If for some reason You need to have services running (which should be the exception in most home environments), make sure that the software behind it is kept up to date (patched) which leeds us to the next item...
- Keep Your software pacthed.
This is true for windows itself as well as any other software You are running.
- Do not run programs You don't trust.
It may sound a little too simple, but it really is. Unless You have the source code and understand how to interpret it, there is NO way You can control what a programmer has decided to let a program do, so it all comes back to trust. If You don't trust the programmer or the program vendor, don't run it! The moment You run or install a program You have accepted to take a risk. It is just like driving a car. You know there is a risk, but You accept that risk in order to get quickly to point B.
If downloading programs from the internet, do it only from sources You trust.
- When surfing the web with Internet Explorer use it's zone-concept.
IE has a quite decent concept which allows You to regard any web-site You have not specifically acknowledged as being worthy of Your trust as unsafe. You do that by making sure You set the security level of the untrusted sites zone to the highest possible. That makes it quite safe to surf around. You will, as a consequence however, bump into a lot of sites that simply won't work properly under the high security level because only the simplest web-techniques are allowed to be used. As You go along You add the web-sites that You decide to trust into the trusted zone that has a much more relaxed level of security settings. An example: You will most likely not be able to do Your home-banking on a website classified as untrusted. But hey, if You don't trust Your bank's web-site why place Your money there in the first place. So You add that website to the trusted zone and from that on it works. I must admit that adding trusted sites to IE is a cumbersome job. But there are smart little apps available out there that will place buttons on Your explorer from where You can quite easily add or remove sites from zones. In the beginning when You have only a few trusted sites, surfing can be a pain, but eventually when You have added the sites You most frequently visit it actually starts to pay off.
Tip: I like SpywareBlaster. Why? Because it takes advantage of this build in facility by adding a list of known spy- and adware providing sites into Your list of restricted sites. Check it out.
- Before opening a mail that looks suspecious, think twice.
and when You are finished doing Your thinking, think once again. Don't open suspicious mails and don't open attachments unless You are confident what You do. Common sense is the most powerful firewall available.
I will stop here for now, well knowing that there are many issues left I have not covered.
I have only listed some tips on what to do, and generally not how to do it. Feel free to ask for further help or search the web for the info You need.
I know my tips aren't perfect, but I can say just as well as people in here are saying that they have been running PFW for years and not having problems that I have been surfing the net for years, WITHOUT resident anti-virus protection - WITHOUT resident spyware-protection and WITHOUT a Personal Firewall - without noticeable problems.
I ocassionally do scan my machines for viruses and other malware using free online scanners available. They seldom find anything but a few "suspicious" cookies.
Does that mean my machines are clean? - Impossible to tell, but at least I am not stressing my not too fast CPU's with unnescessary add-ons.
/B. Nice