regarding security, yes, i might suggest changing to linux, but unfortunately this wont be an option for most on this board, unless they decide to write exclusive linux games to make it more attractive for gamers ,-)

the problem with software firewalls is simply that its running on the wrong machine. it should be in front of your computer and not on it, its like a security door in the middle of your living room. some programs might be polite enough to knock and use the door, but others will just walk around it.

as for programs, thats the problem. imagine a trojan, not only could it tunnel past it, it could just assume that you allowed ie to connect to the net for obvious reasons and call itself iexplorer.exe or if the programmer knows a couple of fw just add the right code to shut them down (some even replace them with dummies so you think its still running). they are too easy to get around from within to really offer much security.

and from the outside: they helped against msblast (a security problem that ms should be ashamed of for the next 2 or 3 decades, especially considering their lousy exploit oriented multiple patching). but just like msblast was using a bug in dcom, another worm could use known bugs in a firewall. every software listening on a port is a risk, even if its a firewall. so closing the ports (ie not running anything thats listening on them) is the better solution. and for the few you really need make sure they are halfway decent and secure.

so if it makes you feel better you can of course use them, just never ever lean back and think youre safe because of it. yes, they might increase your security, but only very little and considering how some of them screw up your system or cause trouble it might not be worth it.


for rpc dcom. the first description i found made it sound like ms took something that was already there (again), ruined it (again) and built it into windows (again). google should return a lot of stuff on it, but for home users its useless most of the time (i have it disabled for 2 years and never missed it). its short for distribute com, should allow components to communicate over networks etc.

disabling it:
run dcomcnfg and under default properties uncheck it. for win2000 with sp2 or less this setting is ignored (but nice that its there anyway). here it helps to remove all protocols under default protocols.

http://www.kssysteme.de/s_content.php?id=fk2002-02-02-3414
its in german but has a lot of images, explaining how to get all your ports closed and disable unneeded stuff (for most home users, companies might have different needs ,-) )

and think about hl2. if they werent kidding how it happened then even though they have written 1 1/2 great games they arent the "best" when it comes to security. once installed it was too late (and kind of shocking to hear about root kits to hide processes, files and registry entries), but it should never have been installed in the first place. lesson to learn: never ever open your mail in ms software.