Archived from groups: comp.security.firewalls (
More info?)
badgolferman <REMOVETHISbadgolferman@gmail.com> wrote:
> > Better idea: forget "Personal Firewalls". Just use the
> > Windows-Firewall.
> What if you do not have WXP?
Then there are other options. It is a good idea not to run any servers,
which listen() to the wild, of course. Unfortunately, Windows in it's
default configuration runs many such servers. Nobody knows why, of course,
because usually no-one needs or even wants them (most people even don't
know).
But these servers are the reason, why one will need filtering software
on a Windows box.
Switching off this software programs will result in not needing any
port filter software any more.
Unfortunately, Microsoft makes it difficult for Windows 2000 and Windows XP
users to switch them all off. This is why Torsten Mann created this very
useful script:
http://www.ntsvcfg.de/ntsvcfg_eng.html
If you're not used to deal with scripts, I hacked a small Windows program,
which does just the same:
http://www.dingens.org/index.html.en
If you're running Windows 9x, i.e. Windows 95, Windows 98 or Windows ME,
then it's very easy for you to switch those servers off: just unbind them
from the TCP/IP network protocol in the network settings.
Please test with:
C:\> netstat -an
wether there is no process LISTENING any more, which is not bound to
localhost 127.0.0.1, _before_ you connect to the Internet again.
If you're doing so, and if you're PC is nothing offering to the Internet
any more, then you don't need a packet filter any more.
If you want a packet filter, also Windows 2000 has one. It's a little bit
hidden, because Microsoft calles the user interface for it "IPSec" (which
of course usually is somewhat completely different ;-)
Yours,
VB.
--
"Es kann nicht sein, dass die Frustrierten in Rom bestimmen, was in
deutschen Schlafzimmern passiert".
Harald Schmidt zum "Weltjugendtag"