Re: Alternatives to using a Personal Firewall

Thank you very much for taking the time and trouble to help us novices. I've tried to make constructive use of Sebastian's terse comments, but they seem to be directed to people with a lot more knowledge of operating systems than I have. Not only am I not an OS expert, but I don't have the time to take on another major hobby, which this seems to require.

The point I keep getting stuck at is the part about "disabling unnecessary services". On my machine right now, there are 109 services listed, of which 61 are running. In the past I've tried disabling various ones, and often discovered some time later that some application or other has stopped working properly. I never get an error message that the reason is due to a stopped service, so end up burning a lot of time discovering that, then figuring out which one(s) I have to restart. I see that I could easily spend a very great deal of time doing this "disabling unnecessary services" bit which the experts toss off as a trivial matter.

My main machine is behind a hardware router and is on all day every day. So far, nothing malicious has gotten in. So I'm satisfied with the security the router provides. Like some other folks who've commented here, I like to know what's "phoning home" and often prohibit it -- Windows Media Player, Windows Genuine Advantage Notification (every time I boot), PGP Tray, Real Player, and on and on. Windows (the MS DTC Console) even tries to call home every time I compile a VB program. This is maybe not a security issue, but neither is closing my window shades at night when everybody walking by can look in -- and I do that, too. A number of desktop firewalls give me the ability to stop at least some of this "phoning home".

My main concern is my laptop machine, which I take when I travel. It has ample opportunity to pick up malware from the various wired and wireless networks I connect to when on the road. Without the benefit of a hardware router, it needs some kind of protection. Like my other machines, I keep it backed up. But it would be a genuine nuisance if it picked up some malware then distributed it to the other machines on my home LAN when I brought it back and hooked it in. So a layer of protection beyond the router for all the machines on my LAN seems prudent. My laptop, like my home machine, isn't just an email-and-surfing toy, but one with a large number of applications and the need to be able to ftp files to and from my web site, download software and patches, and the like.

So, is there any methodical way to close ports and disable unneeded services other than try this and that and see what it breaks, and "Search the net and seek help in relevant forums"? When faced with the task of doing that for 61 running services and another bunch of automatic ones which can be started without my explicitly starting them, I'd just about as soon take my chances with a personal firewall. It has been adequate so far, Sebastian's constant derision notwithstanding.

Relevant Pages

  • Re: Windows 98 box is owned
    ... I still strongly believe in a personal firewall, ... this and included a personal firewall; the Windows Firewall; in XP ... > services that are not needed and probably use a hardware router ... If you decide to install Windows 2000/XP use a PFW ...
  • Re: internet connection sharing
    ... A Redhat box can easily be configured as a router however you would be ... much better off just buying a hardware router. ... have for Linux and an absolute necessity for your Windows box. ...