OK Don wrote: > A firewall that only allows outbound connections fixes that -- >
Not really. I've seen machines behind such firewalls completely choked up with spyware, either from users installing stuff they downloaded or from rogue websites taking advantage of IE vulnerabilities. Once the spyware is on the machine, of course, it can make all the outgoing connections it wants...say, to an IRC server where some hacker is waiting to tell it what to do. Unfortunately, in this day and age, I don't consider any Windows machine with a web browser on it completely secure.
