First, automatically downloading and installing windows updates is a very *bad* idea. It means your computer may automatically reboot or change configuration without your knowledge. A *far* better approach is to have windows notify you of updates, even to download them when the network resources are not busy, but never to install any new software without first giving you the chance to look at the update and decide whether it is appropriate for your situation.

Updates are new software and they sometimes introduce more bugs than they fix. Take a look at the problems the update is supposed to fix before installing it.

Second, hardware firewalls are much more durable for hish-speed always-on connections like DSL and cable modems. Many good hardware firewalls ship with wireless access points. They only work if configured properly, but the cardinal rule for WAP/firewall combos is to change the manufacturer's default access password. I've lost count of the number of times someone properly configured the firewall and was hacked anyway--or locked out of their own WAP--because they never bothered to change the password.

Configuring a firewall and not changing the password is like locking the deadbolt on the only door to your home and leaving the key outside in the lock when you close the door.

[ reply ]

Link to this comment: http://www.securityfocus.com/comments/columns/220/34690#34690