Discuss various technical topics not related to Mozilla.
7 posts • Page 1 of 1
I am running IIS on my XP machine and Windows Firewall was blocking other users on the network form viewing the site in my IIS home directory. I allowed an exception on port 80 and this fixed the problem. What I am unsure of is how much I am opening myself up threatwise allowing port 80 as an exception. Any ideas?
Well, from a personal standpoint I'd say it all comes down to how smart a trojan is and whether you'd get one on your system. At least, as far as security threats go.
I'm not sure how secure IIS is but disregarding IIS for a moment, I'd say the only way you could really be invaded then is through IE/Outlook or a trojan that used port 80.
I recommend strongly using a firewall that allows you to set per application rules. There's a lot of programs out there, including spyware/malware that use port 80 to transmit. Sure you can uninstall them as soon as they're on your system but they'll still get off that initial transmission and who knows what they're sending.
Could be anything from your current processes, to your cookies or even a tree of the hard disk it's on. One never knows. So from a privacy standpoint I don't like having port 80 open at all and I only open it for the applications that need it.
I'd say privacy is the biggest issue here, over security.
Oh and yes, I really am that paranoid.
If you're worried about security, drop ISS now and get Apache. As for port 80, I personally don't see a problem except for ISS.
"When you say 'I wrote a program that crashed Windows', people just stare at you blankly and say 'Hey, I got those with the system, *for free*'."
-- Linus Torvalds
Gentoo: Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.7.5) Gecko/20041210 Firefox/1.0
I second that. Drop IIS and get Apache.
I'm not entirely sure about IIS, but I would only open up port 80 for Opera, Firefox, your personal webserver and maybe some other programs, but nothing more.
I support the Apache move, I run Apache here and it's very secure, it's also incredibly easy to use (I can help you set it up, if you like) and due to its incredible support of PHP (and circularly, MySQL), I reckon it makes the best server -- even on the Windows platform.
I still say that you're not free of privacy worries though without a good software firewall stopping those bits of spyware from transmitting who-knows-what.
7 posts • Page 1 of 1
Who is online
Users browsing this forum: No registered users and 4 guests