On Fri, 1 Aug 2003, Christopher L. Morrow wrote:
On Fri, 1 Aug 2003, Sean Donelan wrote:
In reality blocking port 135 is almost never sufficient. Its slightly better than waving a dead chicken over your PC.
its far less stinky than the chicken option though, you must admit that.
yep. If you want to be in loco parentis for users, most residential users should block *ALL* inbound connections using a statefull firewall. Most residential users do not intend to run Internet servers. Blocking port 135 is not sufficient to "protect" Microsoft software. There are lots of other holes. Practically, the best place to make this decision is as close to the user as possible. The ISP doesn't "know" what the user intended to do. Mind-reading customer care hasn't worked out as well as we thought. There are cheap hardware firewalls and free/cheap software firewalls that are easy and effective to use. Most places that sell PC's also sell personal firewalls, anti-virus, and even backup systems. Your own personal firewall can block everything out of the box, and can be changed locally (you don't need to wait for the ISP).