Where do you want to go next?here's for you :)about homeopathyassorted rantsVB and subclassingVB, screensavers and security concernsLet the Skriptkiddiots play...VB and pointersVB and the Windows shellVB and multitaskingVisual Basiclibrariessnakeoil and blatant liesZoneAlarmeSafefirewall basicsabout harmful codeIn Commerce' Service - sniffersabout spywarecookie jarabout PGPabout privacymain page

eSafe, which now comes from Aladdin, is a personal firewall for Windows. It belongs to the family of desktop-firewalls, but has some additional features which allow it to be configured for multiple users on the same machine.

Until now I haven't found out whether it's possible to trick eSafe. Well, that doesn't mean too much, since I didn't spend much time with it :)

It has the classical approach at filtering and deciding on what is allowed and what isn't, so the configuration is perhaps a little difficult for those not versed in the technique.

What is quite unique for a product free for personal use, is the fact that you can filter content as well as addresses.

On top of all, eSafe provides virus-scanning, so it's a wrap-it-all-up utility.

If you want to know which programs try to connect to the net, I'd use ZoneAlarm, too. This will allow you to decide not only over ports and addresses, but also over applications.

Here's some hints about configuration.

Those hints apply to most other firewalls, too, so read them even if you don't intend to use eSafe.

First of all, take notes of all sites you wish to use, such as your email-ISP's address, your news-provider and so on.

After this, disable _all_ access from and to your machine. This might seem a little harsh, but it's the only way to be sure.

Then go over the list of sites you want to allow and enable them again.

Let's say you don't want access to any POP3-machine but that of your ISP. You disable all traffic over port 110 (which is the well-known port for POP3) and then exclude the address of your ISP's server. That's all :)

You might consider routing all http-traffic (that is "browsing the WWW") over an anonymizing proxy. If you do that, you can disable port 80 (well-known for http) and allow solely the proxy's address. By this you make sure that no traffic from your machine isn't anonymous. But remember that a proxy might be down for various reasons, so provide yourself with a whole list. Look at DigitalOverdrive's site for such a list.

From time to time such a firewall gets a little uncomfortable. If, for example, you disabled all FTP-access, you might not be able to download the file you want. Now, what ever you do, _do_not_ disable the firewall to download the file. Rather append the address of the FTP-site to those you allow traffic to or from.

Another possibility is that you won't be able to access a certain port. Most programs that need to access certain servers, do so through unusual (that's not-well-known) ports to be polite to other applications. If this happens to you, _do_not_ disable the firewall, rather allow this single address for this single port, leaving all other ports and addresses untouched.