I was reading through the Norton thread and noticed many people have hesitations about not using virus software. I wanted to contribute, but didn't want to hijack the thread, so I'll just say it here-Anti-virus programs are generally good to have, but if you are really after framerates and resources, they do tend to be hogs. Norton being the worst, Mcafee is up there- anyway-I need to say this: A firewall or router is MANDATORY. Even the built in one will work. Don't even think about plugging in your cable modem without some kind of port blocking. The cheapest way is to turn on the XP firewall. And yes it will block the 445 port inbound- but only on the external interface.If you are running Win 2000 instead, there is another way- It's called port filtering. If you go into the advanced settings of your NIC's TCP properties, under Options- you will find it. You can then block ports you maybe be suspicious about, such as telnet, and RPC.Be cautioned- If you are on a domain or network, you will kill connectivity to the other PCs. MS networks talk to each on many ports, that is why a hardware router or firewall is best- so that each of your computers have full connectivity to each other, but are safe from the internet. Note that I say firewall OR router. Any device that does NAT/PAT will protect you from incoming attacks. I won't go into the details of exactly how it works, but suffice it to say you are protected 100%. The real benefit of a firewall is SPI, but that really only comes into play with webservers and other blatant targets.If you do need to open ports, I recommend you try to configure non-standard ports (if possible). For instance, if you are running a webserver at home for your own personal use- have it run on port 8081 (or another port) instead of port 80. Then you will be able to access on that port, while most port scans won't pick it up.Of course, no AV program and firewall will save you from yourself. If you go surfing porn sites, clicking popups, and giving your e-mail address out for a chance to win a new Hyundai, you are making yourself a prime target.SUPRISINGLY, there is actually a way you can do this and have ZERO chance of getting a virus. The single best program MS makes is called Virtual PC- unfortunately, not enough people know about it, or have seen the great things you can use it for. It is an OS within an OS. An isolated, but fully functional computer that runs in a window, on your desktop- POST messages and all.If you feel the need to do questionable things, you can do this- Get Virtual PC, and load it with Windows 98 (small and not so much a resource hog). The virtual harddrive will be about 300 megs. Put IE6 and Outlook on. Shut it down, and make a copy of the Virtual Hard Drive. Now fire it back up and go nuts. Surf every site, and download every virus imaginable. What will happen? You will destroy your virtual PC- but then you simply shut it down, restore the copy you made and BAM- new PC in 2 minutes. This is GREAT for kids too- You don't have to worry about them destroying your computer. Just make them log in under there own accounts, lock the computer down, and start Virtual PC at login for them. You can even share a directory on your real computer with the virtual PC to pass files back and forth. You could save your kids virtual PC .pst and .doc files here, so that everytime they start it, they have a new, clean PC, but all their important e-mails and school papers are in a real directory to be backed up.The single best way to save yourself from trouble is to simply be prudent about your internet habits. Unless I am visiting AVSIM, MSN, or a few other sites, I do my surfing in a virtual PC.I don't even have AV software, and I don't need it. My framerates are good, and my computer boots in about 5 seconds, because of all the resources that I'm saving.Anyway, there is a demo of virtual PC- check it out- and if anybody still doesn't understand how a router or firewall protects you, I'll be happy to elaborate.

Thanks for the info... the virtual PC sounds interesting. Of course, I've had no problems with my router coupled with an AV and a RAM disk (where all the crap gets sent... a simple reboot and bye-bye junk).I'll check out the Virtual PC per your recomendation. Got a link (that MS site is a bugger)?Regards,Greg

Hi all,A strong word of caution here:Unless you set up the VPC so it can't see your real PC, you run the risk of getting your real PC infected. The default is AFAIR that it IS able to see the parent PC. I'm not talking about shared folders here, which is disabled by default, but if your virtual NIC can see the Internet, and your real PC can too AND HAS NO FIREWALL, then it will probably happen.A virtual PC is just like any other PC, and need the same kind of protection, unless you want to use it as a honeypot - but it also has the same potential to infect other PC's, whether they are virtual or real. So be careful out there!BRGDSSven Sorensen, EKCH

Blocking individual ports will do little good as there's a trojan or other nasty waiting on almost all of them.You'd have to block all ports and only allow the ones you want, which for most people is impossible to arrange (ever download something over ftp? you can say goodbye to that for example).And don't forget that most AV programs are integrated with the firewall software. Disable one and the other is gone as well.Nice advice...Yes, people who know what they're doing can survive without AV. But you'll have to be extremely careful.While the main source of infection is still pirated software and P2P networks there's a large group of infections now that come through seemingly harmless email messages. Unless you have a good block on those you may well get infected without ever noticing it until the complaints from your ISP come in about your machine being used as a DDOS or spam zombie.

There is much talk about Trojans or Viri, but I've been on the Internet since 1976, and have _never_ had one on my system. Since 1992, been online 6-12 hours a day, and my computer is online 24/7... Even when I did not have a router, which has only been the last three years. Never saw a virus, because Im very careful what I download and where. My wife is on every day also, and has never had one. First, even though we have a router, I have Norton, she has Macafee. But neither have ever found a virus. Until we bought a computer about five years ago, with it installed, never even had a virus checker. But, we both use an off system email address. Both are on Yahoo, which also has a virus checker, and from time to time we see email with a heading, they have removed one. By getting email ONLY on Yahoo (also have hotmail add) we figure that adds another wall between our system. So we only download stuff from relatives or friends after Yahoo or Hotmail has cleared it. My only other downloads come from Avsim or Flightsim.com, and CNET... which all check for virus' When I installed XP SP2, it auto installed a firewall, is it necessary or a waste to have it and a Router? Will it speed up Internet connections to websites by removing it?

If you have a router you don't need the XP2 firewall- unless you have other PCs on your network that you're afraid of getting viruses from, or you are afraid what you might accidentally do to your computer. Yes, it does slow things down."Blocking individual ports will do little good as there's a trojan or other nasty waiting on almost all of them.You'd have to block all ports and only allow the ones you want, which for most people is impossible to arrange (ever download something over ftp? you can say goodbye to that for example)."that's wrong- TCP filtering only blocks incoming ports, not outgoing. Same with the XP firewall. You can use it to close every inbound port, and still be able to get out on any of them. The XP firewall will block both ways, so if you are worried about viruses getting out, then go ahead and use it, but it should not be your only firewall, since you want to disable it when you are gaming. But I think you have other issues to deal with at that point. If you do want to block the ports individually- type this NETSTAT -A in a command prompt. It shows all active TCP and UDP port states on your machine- both established ports and listening ports. The listening ports are the ones you want to be concerned about. And there should only be about 15- less on XP home, which I haven't mentioned yet is a much better OS for users without a domain, since it doesn't have as many services to exploit. And it seems that many people have the misconception that a virus can connect to any port- simply not true, there has to be a service listening. You should definately shut down any unecessary services, such as telnet (unless you use it). With telnet shut down, you can't establish a connection on port 23, so quite frankly it doesn't matter if it's open or not. Same with FTP- blocking ports 20 and 21 inbound will still allow you to establish outbound connections. There are inherent services in 2000/XP such as Remote Procedure Call that you are helpless to do anything about since Windows won't like that being shut down. Sven is correct, it's prudent to be careful what you do in your local network. However, XP's built in firewall WILL block traffic from your virtual PC to your real PC. So- Turn on your XP firewall (don't forget to check the exceptions list), and go nuts with virtual PC.Bottom line is- If you have a router or firewall doing NAT, with no inbound ports open- you are protected 100% from internet threats. This is what most people need be concerned with- as long as you are smart about what you "willingly" expose yourself to. This is why I recommend virtual PC- Running Zone Alarm, or XP's firewall on your real PC, and getting your e-mail, and doing your surfing in a virtual PC will make your real PC a virtual citadel against any possible virus, spyware, malware, or hijack attempts.Again, I don't run the XP firewall, or any other local firewall because they are software firewalls, and eat up precious clock cycles. And I don't surf porn sites, use P2P, or do other dangerous things on my PC. And I've been in this business long enough to recognize an e-mail virus. I can assure you, nobody would actually send a "windows shortcut" as an e-mail attachment.I recommend Virtual PC because it is a relatively cheap way to avoid not only investing in another PC, but not having to worry about what happens to it. Set it up once, save the virtual hard disk- and you're done. It runs on your current hardware, so you only have to upgrade one machine, and you don't have to have all this extra crap installed on your sim PC. Installing Norton, AVG or anything else on the virtual PC to protect your kid's from downloading attachments or other possible viruses is a no-brainer because once virtual PC is closed, so are all those other programs. Then you just turn off your XP firewall and enjoy your lean mean gaming machine. Heck, if you've already bought them another PC, then it makes even more sense- run virtual PC at login, while the real PC remains clean and uncluttered.My intention is not to tell people they should be less safe, but that there are alternatives to having to bog down their PCs to be safe. And this will make you safer than you imagined.http://www.microsoft.com/windows/virtualpc/default.mspx