Is windows firewall enough?

by default it will block all incoming. This means if nothing on your machine request a connection, it will be blocked.

I would recommend a $50 hardware unit anyway. smc, d-link

Also you NEED to have virus scanning turned on when accessing the internet, no way around it. Virus scan can be turned off (Exclude) for you audio folders, or disabled when not connected, and have Almost no impact on your recording and mixing performance.

Also run Spybot every once in a while to make sure nothing it detects has not crept in.

In my dayjob, I've consulted in network security for many years, and I'll share my thoughts, fwiw.

The main problem with most host-based firewall programs is they allow all outgoing connections. While Windows Firewall is good, you need more protection than simply the Windows firewall.

The best defense strategy is a defense in layers. Ideally, you block malware at more than one level of entry, and if one barrier fails, then perhaps the next will block the bad packet.

Let's start at your network border: how do you connect to the internet? Many small routers designed for home broadband use have built-in firewall programs. If so, learn about yours and turn it on.

The best way to go is to use a stand-alone firewall device, that sits between your router and your LAN. These require both knowledge and maintenance, and require more effort than the casual user wants to exert. However, if you understand networking at a basic level, you can configure a hardware firewall as today's firewalls have sophisticated administration programs that make it easy.

Finally, what does your ISP offer? Some will filter most malware for you as they don't want that garbage on their networks either--it sucks up a sizeable percentage of bandwidth. However, large ISPs, like the telephone companies or AOL, have tens of thousands of users, and many of them sources of malware. If they're already on the WAN, then you have to filter them.

I like smaller ISPs for this very reason--they have a limited customer base. Also, the folks who run these outfits are very savvy when it comes to virus and malware threats.

My ISP blocks most malware at their gateway. Look for a local ISP who will provide this service. Even if it costs more, it's worth it, believe me.

What's my network look like?

Because I live in the west with it's wide open spaces, I dont have wired broadband to my front door. In my area, and all over the country, really, there are alternate, wireless connections available. I have a microwave link to my ISP that gives me 1Mb/sec bandwidth, and it's very affordable compared to copper wire-based T1 or even DSL service.

My ISP filters many nasty packets from the network. Then at my router, I use a Sonic firewall device to block almost everything. I have servers and expose a few standard service ports, but these reside on a separate network, called a DMZ, that has routable addresses. These servers are used simply to accept mail or serve webpages. They have no sensitive data. I use another router to serve NAT to my private LAN, from which I work. Behind this router is yet another firewall, and the LAN machines all reside on private addresses. Of course, each machine on the lan is configured securely, ie, they use standard devices like Windows file security and passwords, as well as running Windows Firewall, anti-virus and anti-spyware type programs to trap anything that might reach this area.

By the way, you should be running the Automatic Updates service on your Windows machine, as security updates are released weekly (on Tuesdays) as they are resolved from the mothership in Redmond.

I realize there were some buzzwords in there, so ignore what you don't need, but note the defense in depth. Layered defenses that trap or prevent specific attacks are essential to keeping clean in today's networked environment.

I'd also recommend that everyone read the introductory information on www.microsoft.com/security.... and remember, when you are out at night, wear white.

If you can pass https://www.grc.com/x/ne.dll?bh0bkyd2 this test of your firewall then you're fine, but if not then you really need some hardware/software solution that can.

Just stay away from the porn sites this time and you'll be fine.

Okay thanks for that - I will.
Its hard though, very hard!

I would suggest a big NO to zone alarm. Dodgy program in my opinion. It once cause my computer to consistently give blue screen of death. Ive heard a few probs with it here and there. There are plenty more out there. Zone alarm probably would work fine, but i think its just safest to leave it alone.

Sygate i do like. It has graphs that show all your details which can it can be usefull at times. Nice program sygate is i believe. That and windows should be fine. Also running spybot every now and again is a good idea.

Goodluck!

For more info on this subject & more, have a butcher's at this thread.

Another thought on the subject. In my setup, I use three partitions; Windows, Linux and Data. The Windows partition is used for my DAW. It is not connected to the Internet. The Linux partition is my main work partition, and we browse the Internet, write papers, watch DVDs, etc. In fact, I am viewing this thread and posting while using Ubuntu Linux (and we have a similar setup on the laptop). The third partition is Data, formatted in FAT32 so it can be viewed by both the Windows and Linux OS.

As Linux is not as wide spread as Windows, as well as some underlying coding, the chance of getting viruses, spyware, etc is significantly less in Linux. On the Windows side, since I don't access the Internet, I can turn off networking as well as other 'services' and that makes my DAW more efficient (considering it is a 5 year old Athlon XP 1GHz).

If you go this route be advised Linux is different from Windows - not better, not worse - different. It operates differently. it takes a little time to learn it and understand how you do different things. Ubuntu (www.ubuntu.com) is a good distro to start with. It helps lower the learning curve.

Just a thought

I agree with Sonic,

Your DAW for Music creation shouldn't touch the internet. Have a cheap PC for internet access and request your updates and software registrations via e-mail. I don't dare use my DAW for internet use, even for updates unless it is a necessity, and I have not had to exercise that necessity yet.

I don't have Zone Alarm, or Virus protection on my Main DAW, but for every other PC in the house, 8 total, they each have ZA and Norton Virus protection with the XP firewall turned on as well. If I share a file, it is downloaded to a test PC then scanned at that point. From there I transfer it to a server and then transfer it over to the DAW.

My DAW is connected to the network using a Static IP Address and Subnet mask while the rest of the PCs on the network are DHCP server assigned.

Separate your music machine it as much as possible.

Peace

ORIGINAL: jrmunday

Slightly off key with this but just a thought
I have just had to rebuild my DAW after a major problem - luckily nothing lost.
Occasionally I let it access the web.
I used to use the windows firewall AND Sygate Pro to protect.
I found Sygate a little tricky and not very transparent at times and so have not installed it.

Do you think the Windows one alone is safe enough?
I sometimes leave the machine unattended for long periods when sharing filles with my writing partner.

that depends on whether you plan to download spyware. if you don't, then windows firewall is adequate in "no exceptions" mode.