----- Original Message ----- From: "Robert Rolf" Subject: Re: [OT] Windows XP Pro SP2 Firewall & Stuff > Zonealarm is by FAR the better firewall. > M/S ICF only protects against inbound attacks and AFAIK Incorrect. Whether it is better/worse than ZA I can't say from experience, but from what I can tell helping friends resolve ZA problems, it is pretty similar in capability and far friendlier in the user interface. And yes, it can be disabled easily. > ICF can be turned off, but if you do NOT have a hardware Ah. The SP2 firewall is a big change from ICF. Probably you are thinking of ICF which is relatively useless. > firewall (and everyone SHOULD!!) two walls are better than > one since an attacker would have to compromise both to get > through. I'm not so sure that a firewall combined with an application box is all that much better than no firewall at all. Personally, I think there is a lot to be said for a separate box. The integrated FW does have the advantage of having visibility into the applications, but it has the disadvantage that, if you insist on logging on as an administrator which most people do, the bad applications can reconfigure the firewall for you, and many do. Plus, since there are basically only two choices, many of the worms know their way past. Let me beat my drum once more here. Make an account without privileges, and use that account to do your normal business. Only use the privileged account when you need to make changes such as installing new software. This is something the Linux guys have learned, and probably the biggest security difference between Linux and Windows. If you surf or email from a privileged account you are inviting an attack. In Win 98, it really didn't make all that much difference, but with XP, you can choose to be secure. Or you can choose to be stupid. --McD _______________________________________________ http://www.piclist.com PIC/SX FAQ & list archive View/change your membership options at http://mailman.mit.edu/mailman/listinfo/piclist