This sure as hell has gone off topic a few times. Regaurdless of if you guys don't like each other, or each other's opinions, the fact remains that this has turned into one of the best discussions this front page has seen in a while about running a firewall.

Catch is a pal of mine, and I do think he is very intelliget, and if you don't like him, well, super, but he has gotten a lot of responces, turning this into a great discussion. The original question started out with should a home user install a firewall, and now we have a whole thread showing the upside and downaide of doing so.

Doesn't matter if anyone in this thread likes anyone else in it, the fact still remains that I think it is an awesome thread for anyone who wants to know a little more about both sides of installing a firewall.

Now, for me personally, I have a software firewall on all of my boxes in my LAN. I went through about 8 of them before I found some I liked, and now, all the Windows boxes here run Macfee with customization done by me, and my Linux boxes run a mix. Mainly IPtables, but SuSE and Mandrake systems run the firewalls they come with, as think they are good at what they do.

The router I use also has a firewall built in, and again, those settings are all customized by me for my particular LAN environment.

I do have services running on my Linux boxes, as I use those for when I'm at school, and have forgotten to grab my homework for example. I can just log in and grab it through a Secure shell.

I have a web server and FTP server running too, and use it mainly for backing up things across the LAN. I have yet to read manuals for either, but got them working, and had TheHorse check them out for me to see how well I did. according to him I did a good job, and even better considering it was my first time setting up FTP and HTTP, and not reading any manuals.

The point I'm going to try and make, is that it really depends on a lot. I run firewalls, and think it's a good idea, not just for the usual reasons, but what about someone who is running an older OS? They could be nuked and crashed, where a firewall would prevent this.

In my opinion, if you are running Windows 9X, then get at least a port blocker, and updated anti virii, that way trojans and virii won't allow a remote compromise, and the port blocker can stop other attacks.

windows 9X has great security, as it was not made for networking, and so it doesn't have a lot of built in services running. I think this makes it a bit secure in THAT respect, because well, it doesn't have much to go after in the form of a compromise. (Hacking exposed 3rd edition).

People who still run DOS, probably don't worry about much. Most versions of DOS have no way of having multi users. Heh, sort of funny how a lack of features can be a great thing for security huh?

As for catch saying a firewall can be bad, well, I understand what he means, as the more code you have running on your system, be it a text editor, an AIM session, or a firewall, it still gives more chance for a compromise.

I'm not the type to say a firewall is bad, because I think with proper configuration, they can be set up great and actually used properly. As for not running one at all, well, me for example, I could do that, but I would never be putting a machine into my DMZ, because my router gives more protection to my LAN.

Anti Virii I do think is a must, in at least SOME form. Even if you don't install any, you should at least go to Macfee or Norton's site and do the online check every few days. If you do this, and take the proper meassures, you could get away without installing an ounce of Anti Virii.

I think the problem with Catch and Chsh going back and forth is because they both know they know what they are talking about, but both have had experiance in different areas where one idea is good for one area, and bad for the other.

It's a clash of knowledge, just you two quit ****ing around before you core dump.