> > Personally I think the average user is not able to secure his Windows and > > will be infected in ANY case. See, the other day I have reinstalled a PC, > > Windows XP. I had the bad idea to have it pluged to the internet without > > being behind a nat or so. Guess, once the box was installed and all the > > patches applied (~120Mbytes), my PC was already infected by 3 viruses and 2 > > trojans. > > XP is bad...
You may think whatever you want about XP, the facts are here, users like it and (are forced, have no choice) use it ;-) > > I think we should filter some well known " unsecure ports", as 135-139 and > > 445 and so we do. No user complained so far. > > But you do it at the edge. Doing it in the core doesn't help that much > because then the users within your network can still infect each other. indeed, if you do it, do it at the edge, the same place where you *should* have your anti-spoofing filters ;) > If you do any kind of filtering please document it properly and publically > so when some poor support guy is trying to find out why this-and-that ain't > working here but there isn't left out in the dark. good point, we'll add that. Pascal ---------------------------------------------- [EMAIL PROTECTED] Maillist-Archive: http://www.mail-archive.com/swinog%40swinog.ch/