?"Every kind of Firewall"? ANY firewall is OK. Routers are (usually) Incoming Only, MS is DEFINITELY Incoming Only (AFAIK) and is a "pain" to set up the "blocks" (look into the "TCP Filtering" on you NIC), but it's a -good- thing to replace MS' with one that does Incoming+Outgoing. "Error Reporting" is kind of irrelevant (but perhaps an unnecessary Service) since it just "disturbs" you to say "NO, don't send my Crash to MS". Mine's still on and I don't worry about it - usually it's IE6 that goobers (nope, haven't "upgraded" yet). Other than that, all of the above (in some form or another).
About "Error Reporting" ... this thread mentions Windows XP so it is absolutely un-necessary to have that feature enabled since nothing is ever going to come of any crash reports sent to Microsoft. Indeed they could use the reports as a clue as to how to kill Windows XP even quicker if they were so inclined. Moreover, there are reports now of Error Reports being potentially used by hackers to identify exploitable bugs. Truthfully I don't know if this has been completely fleshed out ( i.e., does disabling the feature in the GUI or killing the service actually stop Watson from actually writing the file or just transmitting it ). But I think killing "Error Reporting" is a step in the right direction on Windows XP, though you are probably right that it isn't a critical security checklist feature with what we know so far.
About Routers ... they are not incoming only, perhaps such devices exist but I have never seen one. Even in the simplest firmware there are broad parental controls, but there is much more than that on most. You easily can manage your network per chassis ( via MAC ) or as a monolith blocking outbound comm via ports, protocols, services, or to specific sites by address or even using keywords found on a site ***
( good for parents, you can drive your know-it-all computer geek kids crazy
). The point is that the Router ( HUB/Firewall/Wi-Fi ) is truly a configurable I/O firewall these days, and is absolutely vital. And perhaps the most important reason of all is that all filtering/blocking/logging/everything is done off the computer, hence no computer CPU or I/O bandwidth or storage or anything is ever spent. Anything accomplished there is a "freebie" ( well after you spend the $50 ) that spares computer resources and performance. There is no software firewall or any kind of software that can do anything without using the computer resources and must by definition lower performance. Routers should be viewed are kind of a home super-PBX that deals with all incoming/outgoing comm traffic but with value-added features like wireless and details management, or, they can simply be seen as a super filter standing between the broadband modem and the computer/network. Truthfully I cannot imagine a single good reason to NOT have one considering what is going on these days. DISCLAIMER: I do NOT sell routers. ***
that last example, "block site by keywords" obviously has an inbound component to it as well. Indeed it is almost splitting hairs talking about Inbound/Outbound since they actually overlap. A good router design should block the outgoing comm to
a banned site so that the request never gets there ( better for the overall Internet too ) rather than sending the request to the banned site and then blocking the received pages. I think the only difference to the end-user will be what error page or feedback they receive. Kind of interesting subject though ( "What is the best way to do this kind of thing?" ).
Edited by CharlotteTheHarlot, 20 January 2014 - 04:11 PM.