> When running any server attached to the Internet, all unnecessary ports > should be blocked, and every piece of software that handles connections > on that server needs to be patched regularly. If you have the > capabilities and understanding, blocking outbound ports that aren't > necessary can also be a benefit. For instance, often times the initial > infection installs an IRC client and uses that to download additional > software from an IRC channel or at least announces itself as being ready > for exploitation.
On my personal email server I have Comodo Firewall running which not only blocks any new applications from getting out, but also blocks known apps with new parent apps calling them. Very cool and free. I've also been using Spyware Terminator, also free. It does a great job with it's real-time shield against anything I haven't explicitly given permission to run. Both are a real pain in the ass the first few days and will stop everything until you get through giving permission, but it stops being a problem once all your apps are accounted for. Those and my anti-virus make me feel much safer knowing that nothing new can get out or even run without my permission. Doug To Unsubscribe: http://www.ipswitch.com/support/mailing-lists.html List Archive: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Knowledge Base/FAQ: http://www.ipswitch.com/support/IMail/
