Operating System

[Jay T. Blocksom]

This is utterly *horrid* advice.

First, which flavor of Windows one uses has *NO* bearing on the need for
a proper outboard (commonly called "hardware") firewall which remains an
absolute requirement in ALL cases.

Secondly, in *NO* case is the "pseudo-firewall" supplied with WinXP even
marginally close to adequate.

Third, *NO* "firewall" program running on the same WinBox it is attempting to
protect can *ever* be trusted. Here is just the tip of the iceberg:

Explain yourself (to me it sounds like you dont have a full understanding
of firewalls or software based firewalls)
[snip]


ZoneAlarm/Symantic/(few others) Firewalls can do the job JUST AS GOOD as a
hardware router (that has a firewall)..

[snip]

you belie your own serious misunderstanding of the situation.

In the simplest possible terms... The whole point of a "firewall" -- even the
etymology of the term -- is to form an impenetrable barrier standing *between*
the threat and whatever it is you're trying to protect. The so-called
"software firewalls" you mention *cannot* do that, because (at least some
parts of) the target system is left directly facing (i.e., exposed to) the
threat.

Read the articles I cited earlier. In each case, they document methodologies
by which and incidents where these software pseudo-firewalls have been *shown*
to be about as robust as a tissue-paper screen. And of course, that list is
by no means exhaustive.

But beyond all of this, "Tim" had recommended going without *any* firewall,
which is just too silly for words.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Jay T. Blocksom]

Hi,

Go with XP

[snip]

No, don't. See my other f'up in this thread for the "why".

****up? Oh, followup Don't see it, sorry.

[snip]

For some at-this-point-unknown reason, a semi-random handful of my articles
written over the past day or two didn't get posted when I thought they did.
Fixed now. The one I referred to above (Message-ID:
<[email protected]>) was a direct f'up to the
OP's article which started this thread, and should be available well before
you see this.

ALL cases? So you recommend that EVERYBODY purchases a hardware firewall?

[snip]

Yes, actually, I do (although it may be *somewhat* less pressing for dial-up
users, presuming they have their house in order in all other ways).

Are you in the industry?

[snip]

What industry? Computer industry? Yes. Firewall industry? No.

Seriously, for 99% of home users a software firewall is adequate.

[snip]

No way. Not even close.

They are
not trying to protect commercially sensitive data in most cases.

[snip]

That's not the point, nor is it the primary or most serious threat.

By *far*, the biggest current issue is spammers planting proxy trojans on
unprotected WinBoxes hung off "residential broadband" connections, then using
these compromised systems to spew their crap (including DDoS attacks, and
still more trojans/virii/worms) to the rest of the world. Several of the
currently widely circulating WinWorms were written by/for spammers for this
precise purpose.

I don't think I'll bother reading them.

[snip]

In which case, two clichés, taken together, seem startlingly on-point:

"Ignorance is curable with Education. Stupidity is forever."
- Thomas B. Barker

"Willful ignorance is indistinguishable from stupidity."
- Unknown

If you were a company with sensitive data to protect, then I would
certainly recommend a hardware router/firewall. But that is not the case
for home users.

[snip]

As I said above, that's not the point. And in point of fact, home users are
at *more* risk than most corporate/commercial users, these days.

Suggesting home users purchase, set up and use a hardware
firewall is ridiculous and unnecessary in almost all cases.

[snip]

Not at all. In fact, it should be considered S.O.P. Suitable (if, in some
cases, less than ideal) models are widely available for under $200, often less
than $100 -- certainly a modest investment compared to either the cost of the
system as a whole, or the permanent loss of one's 'net connection when you get
TOSed.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Jay T. Blocksom]

[snip]

As you ("R") have hopefully seen by now, that is NOT a good choice -- or even
a rational one, given your acknowledged awareness of at least some of the
problems.

It's a service pack for XP geared around security.

[snip]

And with draconian DRM "features" shoved down your throat (not to mention all
the *other* problems endemic to WinXP).

The new firewall is
supposed to be quite good.

[snip]

And life "is supposed to be" fair. It isn't.

If you let Windows Update do it's thing, checking for critical updates and
installing them, then you'll probably be ok.

[snip]

Actually, you'll be abrogating control over your system to MS, who will
exercise that control based on *their* priorities, motives and desires, as
opposed to yours.

Of course, a virus scanner is
almost essential these days,

[snip]

s/almost/absolutely/

And that's nothing new.

Win98 is not a particularly good OS in terms of memory management and
multi-tasking. W2K and XP are MUCH better.

[snip]

In this specific context, very probably so. But it's not as black-and-white
as you might think. A *lot* depends on exactly which applications and drivers
one happens to need/use.

Additionally driver support
for Win9x is fading... it's the past - it's 9 years old now, we've come a
long way.

[snip]

Perhaps some new batteries for your calculator are in order?

<http://www.microsoft.com/presspass/press/1998/Jun98/98AVALMA.asp>

[2004-05-08] - [1998-06-25] == less than six years. And WRT driver support,
we really *should* be counting from the date new OS licenses ceased being
available from MS:

<http://www.microsoft.com/windows/lifecycle/default.mspx>

So that's:

[2004-05-08] - [2004-03-31] == barely over ONE MONTH.

Your gullibility for MS marketing hype is showing.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Ben Pope]

It's a service pack for XP geared around security.

[snip]

And with draconian DRM "features" shoved down your throat (not to mention
all the *other* problems endemic to WinXP).

Yeah, ok. But presumably only for Windows Media Player...

The new firewall is
supposed to be quite good.

[snip]

And life "is supposed to be" fair. It isn't.

Who says life is supposed to be fair? Who says you are entitled your
existence? Blimey, stop feeling sorry for yourself and get on with enjoying
it.

If you let Windows Update do it's thing, checking for critical updates

and > installing them, then you'll probably be ok.
[snip]

Actually, you'll be abrogating control over your system to MS, who will
exercise that control based on *their* priorities, motives and desires, as
opposed to yours.

OK Mr. Paranoid. Stop using any commercial software then... use only Open
Source from now on so that you can verify what it does. Recommend everybody
switches over to Linux.

You are saying that security is a big issue, but not to apply security
updates from MS in case they "take control over your computer". You still
get the choice of whether or not to install the updates, so "abrogating
control over your system to MS" is hardly correct.

Of course, a virus scanner is
almost essential these days,

[snip]

s/almost/absolutely/

And that's nothing new.

Win98 is not a particularly good OS in terms of memory management and
multi-tasking. W2K and XP are MUCH better.

[snip]

In this specific context, very probably so. But it's not as
black-and-white as you might think. A *lot* depends on exactly which
applications and drivers one happens to need/use.

Well of course, but the architecture is better, which means that things like
applications now can't directly access hardware, a common cause of many
problems on Win9x.

Additionally driver support
for Win9x is fading... it's the past - it's 9 years old now, we've come a > long way.

[snip]

Perhaps some new batteries for your calculator are in order?

<http://www.microsoft.com/presspass/press/1998/Jun98/98AVALMA.asp>

[2004-05-08] - [1998-06-25] == less than six years. And WRT driver
support, we really *should* be counting from the date new OS licenses
ceased being available from MS:

<http://www.microsoft.com/windows/lifecycle/default.mspx>

So that's:

[2004-05-08] - [2004-03-31] == barely over ONE MONTH.

Your gullibility for MS marketing hype is showing.

OK, separate the "driver support is fading" comment from the "Win9x is old"
comment, it should have been in a separate sentence.

Windows 9x is old... we've come a long way in terms of multitasking support,
memory management etc. OK, so it 8 and 3/4 years old, not 9. And the
memory management was probably tweaked between Win95 and Win98se...

Ben

 

[Dr Teeth]

Win 98SE has trouble with anything over 256Mb of ram and doesn`t fully
understand DDR ram.

Utter rubbish!

Cheers,

Guy

** I may not be perfect, but I'm
** English, and that's the next best thing!

 

[Jay T. Blocksom]

(2) Western Digital Raptor

[snip]

I don't see this as a "make or break" item; but since you're looking for
opinions...

Are you (mostly) looking for speed, or size? Either way, the WD360GD
model is (currently) hard to beat on the "bytes/buck" scale,

Eh? It's 36GB for like £90,

[snip]

You're quite right. After looking up the specs, I somehow slipped a decimal
point when doing the arithmetic.

I can get a drive 4 times that size for less money.

[snip]

Yes, but not with anything like that level of performance.

Passable? It's probably the second fastest ATA drive available.

[snip]

Which is still only "passable", as compared to a good high-end SCSI drive;
probably less so if compared to an array.

No single drive is a match for a RAID array? Well, duh...

Stick two Raptors in RAID and you HAVE a match for a SCSI RAID array

[snip]

I don't think so. The underlying raw mechanicals may perform similarly; but
the as-installed *system* performance will still suffer due to the extra
overhead imposed by any flavor of IDE (granted, SATA may be *somewhat* less
given to this than the older incarnations; but it's still significant).

- in terms of price/performance.

[snip]

Well, if you sufficiently weight the comparison by price, then the
three-year-old clunker you pick up for $5.00 at a garage sale can "win"; but
it's a pretty pointless comparison.

<snip over-zealous rantings about windows security>

We all know Windows isn't great in terms of security, but keeping it up to
date with Windows Update and a using an up to date virus checker is
generally enough for most people.

[snip]

No, it isn't. Not even close. That's why *the* biggest source (by a wide
margin) of spam and virii/worms/trojans are the vast numbers of compromised
WinBoxen hung off "residential broadband" connections.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Jay T. Blocksom]

It's a service pack for XP geared around security.

[snip]

And with draconian DRM "features" shoved down your throat (not to mention
all the *other* problems endemic to WinXP).

Yeah, ok. But presumably only for Windows Media Player...

[snip]

You "presume" wrong.

If you let Windows Update do it's thing, checking for critical updates

and > installing them, then you'll probably be ok.
[snip]

Actually, you'll be abrogating control over your system to MS, who will
exercise that control based on *their* priorities, motives and desires,
as opposed to yours.

OK Mr. Paranoid. Stop using any commercial software then... use only Open
Source from now on so that you can verify what it does. Recommend
everybody switches over to Linux.

[snip]

Somewhat extreme, but a good approach, if you can pull it off. Unfortunately,
relatively few folks can; and even fewer *believe* that they can, or are
willing to make the effort to try.

You are saying that security is a big issue, but not to apply security
updates from MS in case they "take control over your computer".

[snip]

No, that is NOT AT ALL what I said, or am saying.

You still
get the choice of whether or not to install the updates, so "abrogating
control over your system to MS" is hardly correct.

[snip]

I take it you haven't read your EULAs lately.

Win98 is not a particularly good OS in terms of memory management and
multi-tasking. W2K and XP are MUCH better.

[snip]

In this specific context, very probably so. But it's not as
black-and-white as you might think. A *lot* depends on exactly which
applications and drivers one happens to need/use.

Well of course, but the architecture is better, which means that things
like applications now can't directly access hardware, a common cause of
many problems on Win9x.

[snip]

It may be "a common cause of ... problems", but it is hardly the root of all
evil. The WinNT code base has its own set of foibles and weaknesses; and many
of the more recent (and most nasty) WinWorms/trojans/exploits/etc. target
those weaknesses *exclusively*. For example:

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx>


--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Jay T. Blocksom]

[snip]

How many of those 40$ routers have been exploted by back doors (serious
question)

[snip]

None that I can think of off the top of my head. There have been a couple of
"incidents" where buggy or ill-thought-out code in the router/FW itself caused
problems; but these have been *very* few and far between. And that's the
point, really: No one (least of all me) is claiming that a consumer-grade NAT
router/firewall is a panacea, or can be 100% effective against all possible
threats. Such "magic bullets" simply do not exist, at *any* price. But even
the very crudest such devices (such as the hypothetical $40-wonder you cite)
have an *inherent* advantage over all so-called "software firewalls"; and can
(when properly used) provide orders-of-magnitude *better* protection. And
that's the best you can ever hope for.

Yea, Highly possible that one..
Granted.. NAT has a real downfall.. From gamers not being able to host
games, to some SSL sites refusing connection (Is what I hear, never seen a
explanation)..

[snip]

Probably because what you "heard" is an old wive's tale, with no basis in
reality.

Webphones wouldnt work (unless they are going through a
registration server) and TONS of other stuff..
It would mean you cant host your family webpage, nor run your email server,
or really run ANY server..

[snip]

All (with the unlikely but just-barely-possible exception of "webphones", the
operational details of which I have not investigated) completely untrue.

Please do not spread misinformation based on nothing more substantial than
whatever semi-random "stuff" you may "have heard".

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Jay T. Blocksom]

[REPOST: Apparently, the original copy of this article did not propagate.
Apologies if duplicate.]

(2) Western Digital Raptor

[snip]

I don't see this as a "make or break" item; but since you're looking for
opinions...

Are you (mostly) looking for speed, or size? Either way, the WD360GD
model is (currently) hard to beat on the "bytes/buck" scale,

Eh? It's 36GB for like £90,

[snip]

You're quite right. After looking up the specs, I somehow slipped a decimal
point when doing the arithmetic.

I can get a drive 4 times that size for less money.

[snip]

Yes, but not with anything like that level of performance.

Passable? It's probably the second fastest ATA drive available.

[snip]

Which is still only "passable", as compared to a good high-end SCSI drive;
probably less so if compared to an array.

No single drive is a match for a RAID array? Well, duh...

Stick two Raptors in RAID and you HAVE a match for a SCSI RAID array

[snip]

I don't think so. The underlying raw mechanicals may perform similarly; but
the as-installed *system* performance will still suffer due to the extra
overhead imposed by any flavor of IDE (granted, SATA may be *somewhat* less
given to this than the older incarnations; but it's still significant).

- in terms of price/performance.

[snip]

Well, if you sufficiently weight the comparison by price, then the
three-year-old clunker you pick up for $5.00 at a garage sale can "win"; but
it's a pretty pointless comparison.

<snip over-zealous rantings about windows security>

We all know Windows isn't great in terms of security, but keeping it up to
date with Windows Update and a using an up to date virus checker is
generally enough for most people.

[snip]

No, it isn't. Not even close. That's why *the* biggest source (by a wide
margin) of spam and virii/worms/trojans are the vast numbers of compromised
WinBoxen hung off "residential broadband" connections.

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Jay T. Blocksom]

[REPOST: Apparently, the original copy of this article did not propagate.
Apologies if duplicate.]

It's a service pack for XP geared around security.

[snip]

And with draconian DRM "features" shoved down your throat (not to mention
all the *other* problems endemic to WinXP).

Yeah, ok. But presumably only for Windows Media Player...

[snip]

You "presume" wrong.

If you let Windows Update do it's thing, checking for critical updates

and > installing them, then you'll probably be ok.
[snip]

Actually, you'll be abrogating control over your system to MS, who will
exercise that control based on *their* priorities, motives and desires,
as opposed to yours.

OK Mr. Paranoid. Stop using any commercial software then... use only Open
Source from now on so that you can verify what it does. Recommend
everybody switches over to Linux.

[snip]

Somewhat extreme, but a good approach, if you can pull it off. Unfortunately,
relatively few folks can; and even fewer *believe* that they can, or are
willing to make the effort to try.

You are saying that security is a big issue, but not to apply security
updates from MS in case they "take control over your computer".

[snip]

No, that is NOT AT ALL what I said, or am saying.

You still
get the choice of whether or not to install the updates, so "abrogating
control over your system to MS" is hardly correct.

[snip]

I take it you haven't read your EULAs lately.

Win98 is not a particularly good OS in terms of memory management and
multi-tasking. W2K and XP are MUCH better.

[snip]

In this specific context, very probably so. But it's not as
black-and-white as you might think. A *lot* depends on exactly which
applications and drivers one happens to need/use.

Well of course, but the architecture is better, which means that things
like applications now can't directly access hardware, a common cause of
many problems on Win9x.

[snip]

It may be "a common cause of ... problems", but it is hardly the root of all
evil. The WinNT code base has its own set of foibles and weaknesses; and many
of the more recent (and most nasty) WinWorms/trojans/exploits/etc. target
those weaknesses *exclusively*. For example:

<http://www.microsoft.com/technet/security/bulletin/ms04-011.mspx>


--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

 

[Jay T. Blocksom]

[REPOST: Apparently, the original copy of this article did not propagate.
Apologies if duplicate.]

[snip]

How many of those 40$ routers have been exploted by back doors (serious
question)

[snip]

None that I can think of off the top of my head. There have been a couple of
"incidents" where buggy or ill-thought-out code in the router/FW itself caused
problems; but these have been *very* few and far between. And that's the
point, really: No one (least of all me) is claiming that a consumer-grade NAT
router/firewall is a panacea, or can be 100% effective against all possible
threats. Such "magic bullets" simply do not exist, at *any* price. But even
the very crudest such devices (such as the hypothetical $40-wonder you cite)
have an *inherent* advantage over all so-called "software firewalls"; and can
(when properly used) provide orders-of-magnitude *better* protection. And
that's the best you can ever hope for.

Yea, Highly possible that one..
Granted.. NAT has a real downfall.. From gamers not being able to host
games, to some SSL sites refusing connection (Is what I hear, never seen a
explanation)..

[snip]

Probably because what you "heard" is an old wive's tale, with no basis in
reality.

Webphones wouldnt work (unless they are going through a
registration server) and TONS of other stuff..
It would mean you cant host your family webpage, nor run your email server,
or really run ANY server..

[snip]

All (with the unlikely but just-barely-possible exception of "webphones", the
operational details of which I have not investigated) completely untrue.

Please do not spread misinformation based on nothing more substantial than
whatever semi-random "stuff" you may "have heard".

--

Jay T. Blocksom
--------------------------------
Appropriate Technology, Inc.
usenet01[at]appropriate-tech.net


"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
-- Benjamin Franklin, Historical Review of Pennsylvania, 1759.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Unsolicited advertising sent to this E-Mail address is expressly prohibited
under USC Title 47, Section 227. Violators are subject to charge of up to
$1,500 per incident or treble actual costs, whichever is greater.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -