-{ Quote: "A chain is only as strong as its weakest link. That's doubly true when it comes to protecting computers that are connected to the internet. Anyone who thinks that a virtual firewall is enough to protect a PC from the dangers of the internet -- such as hacker attacks and unwanted contact with damaging programs -- is making a mistake" }-
Article (http://www.mg.co.za/articlePage.aspx?articleid=275381&area=/insight/insight_tech/)

From same article:
-{ Quote: "Filter rules should hand set to allow only absolutely necessary access from the computer to the internet." }-:thumb: :thumb: :thumb:

Well that's well know what is written in this article.
Resuming you can say, that the security on your PC is as good as you know what you are doing. Bad configuration, not following standard security measures, missknowledge can do more harm than good.

Lets put Internet Explorer in 'Trusted Zone' and everything will go ok :) And this buy the way is the risk of so called 'one-click' firewalls.

From that article:

-{ Quote: "Users who still prefer a firewall should first check whether they are using a router with firewall functionality. If so, then no firewall is needed, including the one build in to Windows XP, reports PC Professionell." }-
Now, we all know that a good security model is a layered one, as the article does indeed suggest. So which particular layer prevents software making unwanted calls home? Oh yes, the personal firewall. A router/firewall appliance cannot do this alone, as it stands.

I suppose then that a leaky dike is to be preferred to no dike at all...

I believe software-based firewalls have become a lot better the last couple of years, at least it´s better than nothing. And if I´m correct, HIPS can also be used to fight against malware trying to bypasss the firewall, just look at all those leaktests.

Very interesting article.

-{ Quote: "Not one of the six firewall programs the magazine tested, regardless of whether commercial or freeware, could prevent all attempts from the test programs at establishing outgoing connections between the PC and the internet" }-.

-{ Quote: ""If the attacker takes advantage of errors in the browser, then the best firewall won't help at all," " }-

-{ Quote: ""Desktop firewalls, as they are also called, are practically extraneous, presuming that you adhere to the basic rules of safe surfing," " }-

I guess the best recommendation is to know where you are surfing and make your PC act like a hermit. ;D

-{ Quote: "From that article:
Now, we all know that a good security model is a layered one, as the article does indeed suggest. So which particular layer prevents software making unwanted calls home? Oh yes, the personal firewall. A router/firewall appliance cannot do this alone, as it stands.
I suppose then that a leaky dike is to be preferred to no dike at all..." }-
Yep I picked that up as well.

Router firewall here but I still use a software firewall to stop MS programs phoning home.

there are few facts only words

Good article. Well here is my thoughts.

Good points are made nevertheless, my software personal firewall double checks that my NAT Router firewall is working correctly. No incoming attacks. A silent hard drive, when not in use. So it is best to have redundancy. :) I hate turning the PC on and off. Takes to long to come up even under the best of circumstances.

My desktop firewall is a gate keeper for the most part. Trusted programs are given full or partial access. Everything else :shifty: :thumbd: .

One (weak) link in the chain of PC security and I would agree not the most important. But even the weakest link will hold fast and not necessarily break. By far the best is to keep crapware off your machine with other security programs or secondary built in components in the firewall as in the suites.

If one is behind a hardware firewall blocking only incoming then there is no need to panic. As my firewall is set to be manually turned on after the occassional reboot. I have been without my software firewall on for as long as a week. Whoops I forgot to turn it on. :wacko: :-[ With no ill effects. :thumb:

Still I think I'll keep my Out Post Pro as long as it doesn't chew up too much resources. ;)

Since this article is meant for beginners, there are good points like to control emails, javascripts, to check auto configuration rules and to use additional software like AV.