firewall on budget ?

Out of interest, what do you mean by bot net ?

Is it a malicious server / trojan that receives a command, and then could cause trouble to other machines, maybe acting as a client sending spam mail through a mail server that lets anybody in ?

If it is indeed a server that receives a command, then a NAT router would prevent it from receiving an incoming connection.

I see if it's a malicious client program, then a NAT router wouldn't stop that.

There a alot of malicious server programs around though e.g. malicious smtp servers. Other comps then connect to the compromised one send spam through it. The user at the compromised machine then gets contacted by his ISP saying 'stop it or your get DCed/disconnected'. A NAT router stops that other users getting attacked, and in the process, stops that poor user from getting an email threat from his ISP.

And you seem to be trolling by picking a small item and saying that it invalidates everything else.

It sure can. What you seem to be missing is that I made my LUA point in response to Leythos claiming that any program could poke holes (open servers) in the WF. As a limited user you cannot do that, my point being that the fault is not in the WF but in users running with admin rights.

I dunno ... I archive about *everything* in the groups I visit. I'm quite sure I'm not the only person who does.

Then there's Google Groups ....

Large hard-drives these days are CHEAP.

LOL

And you failed to understand that MOST people run as Admin level users. Anyone smart enough to run as a limited user has a very reach chance that they also know more about security than the zillions of ignorant users with computers.

Additionally, as a limited user there are many things that you can't do, and even people that run as a limited user login as an Administrator from time to time.

So, again, for the masses of ignorant users, a NAT Router is a very good option to protect their computer, to protect us from them, and provides better logging and opportunity to remain clean and even to block outbound than does Windows firewall.

A net of bots.

Most bots dial in themselves to receive commands from the controller. NAT won't stop that.

Actually, if you go back you'll see that the only topic I wanted to discuss was Leythos' claim that the WF was a bad concept. Suddenly Leythos brought NAT into the discussion and later firewalling technology. And know he calls me a troll :-)

interesting about the bot nets. Agreed that NAT won't stop malicious clients like that. And I guess there'd be redundant 'controllers', and they'd be hidden behind proxies.

The windows firewall won't stop them either.

But nobody claimed that NAT would, or that it was the be all and end all in security. However, it does stop incoming. Alot of problems nowadays are plain malicious servers.

A NAT router is harder to take down, whereas machines with a windows firewall are getting taken down quite often, and neatly, one may not even notice. "At least" with PFWs, they probably put up a bit of a fight and crash in such a situation!!

NO! - I do NOT fail to understand that! I'm just pointing my finger at this being wrong! You're twisting things over and over to make yourself look smart and to get the final word.

Them educate those ignorant's, instead of supporting status quo by promoting damage control and gap-stopping solutions.

This has been discussed already.

Stated like this it makes some sense. But this is not what you stated earlier.

I'm sure that you once said you run as an Administrative user.

you use forte free agent? where's the option in it to do that? does it do it in plain text too? (though opening it in forte is cool enough) how many years have you done?!

if you're a techie, it's a hassle to not run with admin rights.

Leythos has a point that in practice, although both the WF and other PFWs can be taken down or circumvented, the WF is so far more cleanly. It's small/simple, more common, built for programs to add exceptions in.

Actually, the thread is about "Firewall on a budget" not about "Windows Firewall". So, when you look at Budget you have to consider the flaws in WF and the fact of how most users are using it - meaning that most users are running as a local admin, have no idea that it has exceptions/holes, have no idea that simple programs can created holes without their permission, etc...

The NAT router, a non-computer controlled device, non-OS controlled device, is a simple method that provides MORE protection than the Windows Firewall and even offers MORE options for filtering than the Windows firewall.

The trolling comment was because you keep going around in circles for some reason I can't fathom. You have suggested that because of one example, a very small example with your flawed idea, that NAT is not a better solution. I can't really believe, unless you are Chilly, that anyone is missing all of these points by accident.

If you could educate people that don't want to be educated there would not be a problem and we would not be having this discussion - like drugs, people are going to keep doing stupid things and ignoring security until it bites them in the ass enough for them to take notice of what they've been told for at least 10 years.

Until that all changes we can implement simple things that are already available for NO COST that will provide protection better than what they currently don't use properly.

And even at home I sit behind $4000 of firewall and security measures, just like the secure networks I design. Having used and designed systems for 30 years I've never once been compromised on any network that I've maintained, not once.

We're talking about the ignorant masses, the ones that don't want a clue, the ones that think that P2P software has no issues, the ones that have never looked at the Windows Firewall panel for Exceptions, the ones that think CD/USB drives, DVD/PDA/Cell, etc.. are not a threat to their computers....

Funny thing is, in this thread I never argued NAT vs. WF. I don't know where you got that from.

Funny thing is that I mentioned it because of the poor ability of Windows Firewall to protect users in the default mode that MS installs users/windows on systems.

Funny thing is that I mentioned it because it's the cheapest, already in place on most areas, method to implement to get the most protection against one of the largest problems with Windows systems.

Groups -> Default Properties -> When to purge Set both read and unread messages to: Without bodies: When message is no longer available With bodies: Never Groups -> Default Properties -> What to purge Clear all check-boxes under "When to purge" and "When to compact databases" (Do your compacting manually. When files get big, it can take a LONG time.) Set the checkbox saying, "Ask before purging, compacting, or emptying trash"

About nine years, since 1998. I LOST about five years before I realized Agent (or FreeAgent) was tossing stuff more than so old. DAMN ;-{

I also lost somewhere between three and six months of stuff when a disk crashed and my last backup had been months earlier. My own bloody fault, but ....

I still weep sometimes about lost things. A lot of the stuff I lost before '98 was stuff Google (then DejaNews) hadn't started archiving. Damn, again.

Yes, I only archive TEXT; and I *do* delete anything I consider SPAM.

Even so, some of my archives go over 4 gigabytes (maximum file size) so I have to save them off in separate directories to be accessed separately. An annoyance; but I don't need things more than four years old very often.