[herbalist]

Quote

You're specifically subjecting PC's to malware, then you're pointing out how necessary the firewall is because it blocked the activity of the malware (and then only a paltry 3 or 4 times). I'm sorry - that does not constitute anything resembling a valid general use-case situation. If you have to force-feed malware to a win-98 system just to prove that your firewall saved the system, I think that's a pretty lame reason to run a firewall.

Twisting what I said into this is lame. If you had bothered to read it, you'll see I said the last time was about a year ago.

Quote

Not sure how you do that in Win-98. Do you go to Control Panel, select Security, then click on the "Default Deny" radio button?

Use the forum search. That's been addressed in several threads.
I see no point in continuing this "discussion". You've made your choice and I've made mine.

[Mijzelf]

JorgeA, on 08 June 2010 - 03:45 PM, said:

Help me to understand. You wrote that your ports are not vulnerable to attack even if a hacker knows which services you're running on which ports. What function/application would it be, then, that is protecting your services, and wouldn't that be called the "firewall"?

No, that is called a carefully written service. For instance I'm running lighttpd (a webserver). Literally thousands of people have been examining the sourcecode, and the last known vulnerabilities have been fixed in 2007. So I dare to expose that server to the internet.

Btw, a firewall won't add any security. You can compare a router with a telephone exchange. An open port is then an extension number. Without extension numbers it's impossible to call a particular phone behind the exchange. But all phones can call out.
When a port is open a peddler could call and try to sell the service (your daughter) an ipod. Maybe it's not a good idea to open that port.
A firewall could be a telephonist, which decides whether or not to connect in incoming call to your daughter. A peddler will never reach your daughter, but her friends can call freely.
On the other hand, when a friend turns out to be a peddler, you'll have a drain in your bank account. In that case you'll need a 'deep packet inspecting firewall', ie a telephonist which listens to the conversation, and pulls the plug when something goes wrong. When your daughter is called by her Chinese friend, the 'deep packet inspecting firewall' won't work because it doesn't understand Chinese.
Because there are many languages a firewall can't do much to protect a weak service when a connection is already made. It can only listen to the conversation (which costs *lots* of CPU power) and hope it will recognize it when the conversation becomes evil. (And hope it's not a false positive).

So you should only forward calls to a bullet-proof service. Your mother-in-law. No way anybody could sell an ipod to her.

Quote

Finally, and to go back to the question that started this thread -- in your view, and knowing everything we've discovered about this Westell 6100F, would I need another device in order to adequately protect the various PCs (including or especially the Win98 systems), or is the 6100F enough?

Your Westell is fine. Summarizing:
- All NAT routers have the same inbound protection, which is strong.
- A firewall in a consumer router can give hardly any protection.
So another router would not add any safety. It could only give you more options to arrange your network, but seeing your questions I don't think your are waiting for more options.

Quote

Remember that I don't intend to network the various PCs to each other, necessarily.

You already have a network, in which the router is hardly involved. The router only assigns IP addresses to all PC's, and after that all traffic between the PC's is handled by the switch.

[JorgeA]

Mijzelf,

Your reply illustrates the reason why I decided to help to pay for this forum. In fact (except for the heat that was generated for a couple of days) this whole thread has been highly instructive, and for it I thank you and everyone else who's pitched in. You really made things clear with the analogy to a telephone exchange in the house. LOL

Over the years, I've participated in many forums of all sorts. The level of helpfulness and interest shown to a non-expert on this forum is unrivaled in my experience.

--JorgeA

[dencorso]

wsxedcrfv, on 11 June 2010 - 06:52 PM, said:

Blocking Ad-Servers and click-trackers with a hosts file does more than just make the browsing experience more enjoyable. Increasingly it also functions to protect PC's from unnecessary exposure to potentially malicious code.

Quite true. And the best independent HOSTS file for this use is findable here.

[JorgeA]

dencorso, on 11 June 2010 - 08:08 PM, said:

wsxedcrfv, on 11 June 2010 - 06:52 PM, said:

Blocking Ad-Servers and click-trackers with a hosts file does more than just make the browsing experience more enjoyable. Increasingly it also functions to protect PC's from unnecessary exposure to potentially malicious code.

Quite true. And the best independent HOSTS file for this use is findable here.

dencorso,

Would this be used in addition to, or instead of, the two resident functions in Spybot (Immunization & TeaTimer)?

In other words, since I no longer do manual scans with Spybot (and you know why ), I'm looking for a way to replicate those two functions that doesn't involve using that resource hog.

--JorgeA

[dencorso]

I think, JorgeA, that it would replace the HOSTS file created by SSD during Immunization.
Right now I'm not quite sure whether Immunization only creates a HOSTS file or if it does more things in addition to it.
However, I, myself, do not swap HOSTS files. I make a backup of my current one (which I know is working well), then merge the new URLs to the old file, a time-consuming task I perform using Beyond Compare, so I don't do it as often as I'd like to.
Then, I substitute the new one for the old one, keeping my eyes wide-open to hunt down any URL that may prevent my accessing places I trust (it's rare, but has happened in the past). As always, YMMV.

[JorgeA]

dencorso,

It does sound like an interesting (if labor-intensive) alternative. I'll look into it further.

Muito obrigado!

--JorgeA

[Mijzelf]

@dencorso: Doesn't using such a giant hosts file give a serious performance hit in name resolving actions? I don't think the name resolving system on W9x is designed to cope with such a database.   

[lightning slinger]

@Mijzelf. I have never encountered any problems with a large hosts file on 98SE. I have at present 137269 entries using Hostsman v.3.2.73 with MVPS, hphosts(all three files) and Peter Lowe's AdServers all enabled.

[triger49]

Yo Dencorso;

You are a gentleman and a scholar. I had been tinkering
with Hosts file for a couple weeks with limited success.

That download you listed did everything I was attempting
and a whole lot more including be able to use IE6 again
here on MSFN.
No more page obliterating, dancing crap on Yahoo!

Also, a quote from the included readme file ...

"[Important Notice - 2K/XP/Vista/Win7 Users]
In most cases a large HOSTS file (over 135 kb) tends to slow down the machine. This only occurs
in 2K/XP/Vista. Windows 98 and Windows ME are not affected"

Thanks
Jake

[JorgeA]

triger49, on 14 June 2010 - 07:32 PM, said:

No more page obliterating, dancing crap on Yahoo!

triger49,

I hear you about Yahoo! All that animation was distracting, and it took forever to finish loading on my Win98. That's why I switched search engines to Google a few years ago. Much cleaner look and faster page loading.

Then I found out that Google doesn't exactly have a stellar record when it comes to privacy, so now I'm using Ixquick for my Web searches.

--JorgeA

[triger49]

JorgeA, on 14 June 2010 - 08:02 PM, said:

triger49, on 14 June 2010 - 07:32 PM, said:

No more page obliterating, dancing crap on Yahoo!

triger49,

I hear you about Yahoo!
--JorgeA

Actually, there is a method to my madness...so to speak...

[Rant]

My wife's penchant for hording recipes may possibly be
without rival. I mean we're talking no dust on the book
shelves because dust could not find the shelves. Of course
this spilled over to Internet recipe sites and daily recipe
emails. Saving grace arrived in the form of Yahoo's unlimited
email accounts. Hence the regular visits to Yahoo.

While Google's reputation over privacy is a gray area, I
sometimes find myself thinking it would be cool to let
Google index this apartment...maybe I would find some stuff
that's been missing for years ..
[/Rant]

Jake

[JorgeA]

triger49, on 14 June 2010 - 09:26 PM, said:

Actually, there is a method to my madness...so to speak...

[Rant]

My wife's penchant for hording recipes may possibly be
without rival. I mean we're talking no dust on the book
shelves because dust could not find the shelves. Of course
this spilled over to Internet recipe sites and daily recipe
emails. Saving grace arrived in the form of Yahoo's unlimited
email accounts. Hence the regular visits to Yahoo.

While Google's reputation over privacy is a gray area, I
sometimes find myself thinking it would be cool to let
Google index this apartment...maybe I would find some stuff
that's been missing for years ..
[/Rant]

Jake

Jake,

That's terrible... and funny!!!

--JorgeA

[the xt guy]

It's just as possible to use a large hosts file with 2K/XP as it is with 9x/Me, with no slowdown. My 2K box has a hosts file of about 4.5 megs, the identical file on 98 is about 3.7 megs. (Win2K uses 127.0.0.1, and 98 uses 0 or 0.0.0.0)

I'm using MDgx 's hosts file merged with an old hosts file I've been using for 10+ years.

[triger49]

the xt guy, on 15 June 2010 - 01:21 PM, said:

It's just as possible to use a large hosts file with 2K/XP as it is with 9x/Me, with no slowdown. My 2K box has a hosts file of about 4.5 megs, the identical file on 98 is about 3.7 megs. (Win2K uses 127.0.0.1, and 98 uses 0 or 0.0.0.0)

I'm using MDgx 's hosts file merged with an old hosts file I've been using for 10+ years.

Hi;

Somebody correct me if I'm wrong here, but I think
127.0.0.1 has been the standard loop back address ever
since the days of Dos....

Attached File(s)

•  Clipboard01.jpg (26.78K)
  Number of downloads: 3

[lightning slinger]

Just about every answer to every question you could ask about hosts files including the pro and cons of using 0.0.0.0 and 127.0.0.1 on all OS's is discussed MDGx at http://www.mdgx.com/hosts.php

[dencorso]

lightning slinger, on 16 June 2010 - 01:16 AM, said:

Just about every answer to every question you could ask about hosts files including the pro and cons of using 0.0.0.0 and 127.0.0.1 on all OS's is discussed MDGx at http://www.mdgx.com/hosts.php

I was about to post just this, when I read your post! Way to go!
I must add, however, that I don't actually use MDGx's HOSTS files myself, because I find them way too much restrictive. I prefer the one I linked to some posts above, as the basis of my HOSTS file, and have been adding to it more addresses slowly. But for the in-depth explanation, MDGx's page is the best resource on the web, for sure.

@wsxedcrfv: one sure way of determining which cookies' URL's are needed for a specific site is to disable the HOSTS file, then use NirSoft's IECookesView to destroy all cookies, then access the desired site and do whatever you want to do there, and then return to IECookesView and jot down what was added. Then comment out those url's in the hosts file, enable it back again, test, and finally uncomment each url alone, to find out which are really needed. With patience you can determine precisely which urls are needed for that site and decide whether to leave them commented-out or not. I'm not sure whether IECookesView works with 9x/ME, because I've been doing this in XP, so this procedure needs to be tested under 9x/ME.

[rloew]

dencorso, on 16 June 2010 - 02:46 AM, said:

lightning slinger, on 16 June 2010 - 01:16 AM, said:

Just about every answer to every question you could ask about hosts files including the pro and cons of using 0.0.0.0 and 127.0.0.1 on all OS's is discussed MDGx at http://www.mdgx.com/hosts.php

I was about to post just this, when I read your post! Way to go!
I must add, however, that I don't actually use MDGx's HOSTS files myself, because I find them way too much restrictive. I prefer the one I linked to some posts above, as the basis of my HOSTS file, and have been adding to it more addresses slowly. But for the in-depth explanation, MDGx's page is the best resource on the web, for sure.

@wsxedcrfv: one sure way of determining which cookies' URL's are needed for a specific site is to disable the HOSTS file, then use NirSoft's IECookesView to destroy all cookies, then access the desired site and do whatever you want to do there, and then return to IECookesView and jot down what was added. Then comment out those url's in the hosts file, enable it back again, test, and finally uncomment each url alone, to find out which are really needed. With patience you can determine precisely which urls are needed for that site and decide whether to leave them commented-out or not. I'm not sure whether IECookesView works with 9x/ME, because I've been doing this in XP, so this procedure needs to be tested under 9x/ME.

Just checking the Cookies generated by a site may not be sufficient to determine what Sites have to be unblocked. Necessary pages may not leave any Cookies.
I use a DNS logger to track activity and to adjust my Hosts File.