You should probably be running a plugin/extension that turns off flash and javascript, and let you selectively enable for individual sites. On firefox/iceweasel, these would be flashblock and noscript. I also have adblock plus installed. With careful use, this will cull out most of the malicious stuff.
As for needing a firewall, if you run as few network services as possible, you really don't need a firewall, or at least minimal rules. For instance, my laptop has the following ports: PORT STATE SERVICE 22/tcp open ssh 5666/tcp open nrpe 8010/tcp open xmpp If you are on a public wifi, you can turn off ssh server (the client will still work) and nrpe (the Nagios client). On the other hand, if you turn off password auth in ssh, you should be relatively safe leaving ssh running. xmpp is the jabber client, and if you are not using chat, then that should be turned off. --b On Mon, Jan 3, 2011 at 5:02 AM, Jari Fredriksson <ja...@iki.fi> wrote: > On 3.1.2011 11:55, Russell L. Harris wrote: > >> >>> The major threats are web browser security holes (update often) >>> especially through flash and java plug-ins, and pdf. >> >> Flash and java are in most web pages. Does a firewall not protect >> against these threats? or are browser updates necessary even with a >> firewall? >> > > Most web sites today do NOT have Java Applets. Javascript is NOT Java. > Totally different concept, and that is very common, almost 100% of web > sites do has Javascript. > > Firewall does not protect from Web Browser vulnerabilities, browser > updates are must. > > -- > > Tomorrow, this will be part of the unchangeable past but fortunately, > it can still be changed today. > > > -- > To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org > with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org > Archive: http://lists.debian.org/4d219ed2.60...@iki.fi > > -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/aanlkti=3n7bgcxicqvqck1h32bephtbw7aasqspfr...@mail.gmail.com