No need to delete my email address, Chuck: with over 20,000 copies of it on the 'net, only the most incompetant of spammers would miss harvesting it even if it were never posted again.
:>Protecting yourself with a "personal firewall" can be worse than :>not doing so. My experiences with application level firewalls have :>been fairly discouraging -- if even I can't figure out how to get :>them configured the way I want, then my users haven't a hope.
:Well any application improperly installed, configured, or maintained, is going :to be a problem.
There was nothing "improper" about the way I installed, configured, or maintained the personal firewalls I tried: the ones I have tried plain didn't work, even when told to reject -everything-. Remove all the default rules, put in one that says deny all, and very little got stopped.
:But not having a security component, just because you fear you :might not know how to use it, is like not having a car because you fear getting :into an accident. How many folks don't have a car solely because they fear :getting into an accident?
There was a good article in roughly December 2004 in one of the magazines I read (probably Harper's), in which the author visited a professional testing track and tried out three or four kinds of vehicles -- includng an economy car, a SUV, and a high-performance sports car. The most responsive of the vehicles was the sports car -- but after driving the sports car, the author found that he was taking turns and allowing distances according to the capabilities of the sports car. The SUV was big and heavy -- people feel *safe* in the SUV, because there is so much metal around to protect them. And which car had the lowest accident rate? Answer: the economy car -- because people driving an economy -know- they don't have sharp handling or big steel around them, so the people in the economy cars drive most carefully. The accident rate in SUVs is *way* higher than in economy cars. The user, having installed a system they feel safe with, fails to take reasonable precautions, whereas the user who feels insecure is more cautious and so has many fewer incidents.
Have you not heard not heard the saying, "The only thing worse than not installing a firewall is installing one -- and then not monitoring it." ?
It happens over and over again: firewalls get installed, people feel safe, people get lax about security, people don't even notice they've been broken into... after all, "The firewall stops attacks, so it isn't worth checking for them." I fear that the majority of "personal firewall" users are likely to fall into this trap.