Of XPSP2 and Proxies
As readers of my .plan updates know (wow, I've done a few ever since I've gone through all the Simpsons quotes at http://www.snpp.com), I've had a long-standing conflict with my school board's methods of censorship and oppression on the computer network.
Who am I kidding. I have probably very few legitimate reasons to access any ports other than 443 or 80 from the school network; but when I do, I'll just blame Neil and attempt to go on without it.
So I'm investigating a few programs before school begins. My long standby has been a tricky combination of CGIProxy and WebRSH to remotely administer my system; along with an FTP server for file transfers. Because apparently the "MP3" mime type has been blocked from download or something, I've had to scrap together a .zip compression script in PHP that compresses the files on the fly and allows the McAfee web download scanner to process it, ensuring better transfers.
But then I noticed a few programs called htthost and httport, as well as a few other SOCKS-like proxy server clients, that could simultaneously run on port 80 along with a webserver, and get rid of NetSweeper's interfering censoring of the word "game" in the URL.
I'll be testing those out before September to hopefully have a complete Remote Desktop or VNC tunnel over HTTP/HTTPS to Blackbird. Right now, I'm using ABC and PHP4ABC to remotely control BitTorrent downloads; that's kind of a niche solution. Playing a game of Starcraft or something over the network would be really wicked though.
Whatever I do, I'll have to watch out for the XP Service Pack 2 firewall. (Ha. Yeah, right.) I've had Release Candidate 2 installed for a month or so now, and I just upgraded to the RTM version yesterday. The firewall is much improved from its previous version, and Automatic Updates promises to cut into my PC repair revenue (although I'm sure the scumbag adware producers will find a way around the frantic Auto Updates as well.)
But the funny thing is when you get a "program request" from XP, the firewall allows the first outgoing connection initially and indefinitely, until you select the explicit "Deny" button or "Allow" button. It makes sense, but I hate when I get stuff like this and I'm just trying to play an online game.
In response to this "allow all outgoing traffic by default until user interferes" policy, some people and companies have said that people still need an outgoing traffic firewall solution, which basically means "Buy our/someone who advertises with us' product." I've tried ZoneAlarm; I've tried the other firewall programs. They're even more of a nuisance than the Microsoft solution, because stuff doesn't work.
It's a hassle to get users to even consider a firewall in the first place, unless they've been visibly hacked and scared of the Internet. One of my clients ran XP Gold on a moderately unpatched box for several months and then got enraged when the cable provider cut them off for spam. It's a huge hassle to convince people that putting up with ZoneAlarm's aggravating permissions is worth it. With SP2, the technology for the firewall is there and possibly the least-intrusive application of a firewall around. Why is there this stink about outgoing traffic? This update is much more security than Microsoft has typically offered -- for free -- and with future Automatic Updates, there will be even less need for the typical desktop user to have an outgoing traffic firewall. Of course advanced users wouldn't trust Windows' firewall for bottom line security. I'm personally behind two routers (BEFSR41 and a WRT54GS) plus the built-in SP2 'wall. Anti-virus programs should take over the role of the outgoing firewall: nuking suspect programs before they even have a chance to get out.
The other real reason I like the Windows firewall is that File/Printer Sharing over my LAN is configured properly; MSN Messenger is configured properly; all built-in Windows apps have a setting of some sort to interface with this. I neither want to, nor care about, most obscure Windows services that do something important (DHCP address, for example.) I'd rather not be told about this because I don't really need to know.
In any event, any machine with XP on it now that I have to fix will be getting the SP2 upgrade. It's going to fix a lot more things than it'll "break".