"Introducing the Ransomware Economy"
https://www.backblaze.com/blog/ransomware-economy/

"Ransomware continues to proliferate for a simple reason—it’s
profitable. And it’s profitable not just for the ransomware developers
themselves—they’re just one part of the equation—but for a whole
ecosystem of players who make up the ransomware economy. To understand
the threats to small and medium-sized businesses (SMBs) and
organizations today, it’s important to understand the scope and scale of
what you’re up against.
Today, we’re digging into how the ransomware economy operates, including
the broader ecosystem and the players involved, emerging threats to
SMBs, and the overall financial footprint of ransomware worldwide."

There are hundreds of groups doing this ! The FBI is investigating the
top 100 and appears to be swamped.

Lynn

On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
> "Introducing the Ransomware Economy"
>     https://www.backblaze.com/blog/ransomware-economy/
>
> "Ransomware continues to proliferate for a simple reason—it’s
> profitable. And it’s profitable not just for the ransomware developers
> themselves—they’re just one part of the equation—but for a whole
> ecosystem of players who make up the ransomware economy. To understand
> the threats to small and medium-sized businesses (SMBs) and
> organizations today, it’s important to understand the scope and scale of
> what you’re up against.
> Today, we’re digging into how the ransomware economy operates, including
> the broader ecosystem and the players involved, emerging threats to
> SMBs, and the overall financial footprint of ransomware worldwide."
>
> There are hundreds of groups doing this !  The FBI is investigating the
> top 100 and appears to be swamped.

I'd go a little further and say that the malware threat, in general, is
a pretty serious one in Windows. A lot of people assume that Windows
Defender is enough to protect them, but I notice that a lot of the
malware out there circumvents Defender without effort and manages to
find its way onto a user's computer without requiring user intervention
at all. Though I hate using an anti-virus because of the impact one
might have on performance, even I just went ahead and put McAfee (among
the best according to reviews) for proper protection.

--
@RabidHussar

On 2021-09-02 13:56, RabidHussar wrote:
> On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
>> "Introducing the Ransomware Economy"
>>      https://www.backblaze.com/blog/ransomware-economy/
>>
>> "Ransomware continues to proliferate for a simple reason—it’s
>> profitable. And it’s profitable not just for the ransomware developers
>> themselves—they’re just one part of the equation—but for a whole
>> ecosystem of players who make up the ransomware economy. To understand
>> the threats to small and medium-sized businesses (SMBs) and
>> organizations today, it’s important to understand the scope and scale
>> of what you’re up against.
>> Today, we’re digging into how the ransomware economy operates,
>> including the broader ecosystem and the players involved, emerging
>> threats to SMBs, and the overall financial footprint of ransomware
>> worldwide."
>>
>> There are hundreds of groups doing this !  The FBI is investigating
>> the top 100 and appears to be swamped.
>
> I'd go a little further and say that the malware threat, in general, is
> a pretty serious one in Windows.

Yes. not so much in Linux or BSD, having a smaller footprint AND better
security (unless set up by a MORON)

If possible ONLY run your windows machines with "guest" level
permissions, and use the admin-level ONLY when needed. UAP actually
works to help you when you set it up this way. And if a non-admin
account is FUBAR'd by malware, and you have backups, it's less likely to
have messed up EVERYTHING and you should be able to get your data back
(within reason of course) and clean off the malware.

> A lot of people assume that Windows Defender is enough to protect them,

I agree it only uses a signature file, has false hits, gets in the way
of software development (by checking what you just built all of the
time), and only CHASES the problem.

> but I notice that a lot of the malware out there circumvents Defender
> without effort and manages to find its way onto a user's computer
> without requiring user intervention at all.

For a while now, yeah.

I like to practice what I call "safe surfing" and do regular backups.

* If possible, do NOT 'surf the web' with a windows machine
* *NEVER* *READ* or *PREVIEW* *E-MAIL* (or USENET especially) as *HTML*
* do NOT use "Outlook" to read e-mail (or USENET if it can)
* Do NOT use a Microsoft browser to surf 'teh intarwebs'
* NEVER RUN ANYTHING you download or that is attached to an e-mail using
a PRIVILEGED (admin access) LOGON unless the source is VERY TRUSTWORTHY
* NEVER back things up to a share that can be written to by the login
you use for surfing 'teh intarwebs' OR reading e-mail
* ALWAYS USE a NON-admin login whenever possible

And so on

--
(aka 'Bombastic Bob' in case you wondered)

'Feeling with my fingers, and thinking with my brain' - me

'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"

On Wed, 8 Sep 2021 08:28:31 -0700, Big Bad Bob
<BigBadBob-at-mrp3-dot-com@testing.local> wrote:

>On 2021-09-02 13:56, RabidHussar wrote:
>> On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
>>> "Introducing the Ransomware Economy"
>>>      https://www.backblaze.com/blog/ransomware-economy/
>>>
>>> "Ransomware continues to proliferate for a simple reason—it’s

>* If possible, do NOT 'surf the web' with a windows machine
>* *NEVER* *READ* or *PREVIEW* *E-MAIL* (or USENET especially) as *HTML*
>* do NOT use "Outlook" to read e-mail (or USENET if it can)
>* Do NOT use a Microsoft browser to surf 'teh intarwebs'
>* NEVER RUN ANYTHING you download or that is attached to an e-mail using
>a PRIVILEGED (admin access) LOGON unless the source is VERY TRUSTWORTHY
>* NEVER back things up to a share that can be written to by the login
>you use for surfing 'teh intarwebs' OR reading e-mail
>* ALWAYS USE a NON-admin login whenever possible
>
>And so on

Use a freebie sandbox proggie and forget all that pain in the arse
crap. Reboot and anything downloaded surreptitiously or
deliberately disappear upon reboot.

http://www.toolwiz.com/lead/toolwiz_time_freeze/

I've been using it for a few years without any anti-virus or
"security" crap. I do also use a firewall to keep stuff from
phoning home.

sal@qcount.com wrote:
> On Wed, 8 Sep 2021 08:28:31 -0700, Big Bad Bob
> <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
>
>> On 2021-09-02 13:56, RabidHussar wrote:
>>> On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
>>>> "Introducing the Ransomware Economy"
>>>> https://www.backblaze.com/blog/ransomware-economy/
>>>>
>>>> "Ransomware continues to proliferate for a simple reason—it’s
>
>> * If possible, do NOT 'surf the web' with a windows machine
>> * *NEVER* *READ* or *PREVIEW* *E-MAIL* (or USENET especially) as *HTML*
>> * do NOT use "Outlook" to read e-mail (or USENET if it can)
>> * Do NOT use a Microsoft browser to surf 'teh intarwebs'
>> * NEVER RUN ANYTHING you download or that is attached to an e-mail using
>> a PRIVILEGED (admin access) LOGON unless the source is VERY TRUSTWORTHY
>> * NEVER back things up to a share that can be written to by the login
>> you use for surfing 'teh intarwebs' OR reading e-mail
>> * ALWAYS USE a NON-admin login whenever possible
>>
>> And so on
>
> Use a freebie sandbox proggie and forget all that pain in the arse
> crap. Reboot and anything downloaded surreptitiously or
> deliberately disappear upon reboot.
>
> http://www.toolwiz.com/lead/toolwiz_time_freeze/
>
> I've been using it for a few years without any anti-virus or
> "security" crap. I do also use a firewall to keep stuff from
> phoning home.

Well, sadly, this is bad advice.

Why ?

It does not address where the real risk lies.

We only have one good example here, of someone getting
caught by ransomware. He is a small business owner. I help
him out occasionally in another group. He is savvy enough,
to install OSes on machines, and do the various kinds of maintenance.
He's not a total vegetable.

But he isn't entirely a Safe Hex person.

Being a small business man, he decides to have a web site.
He buys a domain with GoDaddy, and leaves his real email
address in the GoDaddy listing (rather than stealthing the
registration).

He's got his email open. He sees an email message. It
sayd "GoDaddy - Invoice for domain renewal". He does not
think it is domain renewal time. The email message
has an attachment. *He double-clicks it*

Now, he's ruined. He writes in and asks "all my files
have a file extension of .osiris". I look that up, and
that is signature behavior of the Osiris Ransomware.
At this point, it is too late. His computer room ?
Totaled. His backup state ? Poor. It takes months
for him to recover.

Dudes like this "do not need a sandbox".

The first thing they need is a Safe Hex course,
and in lieu of that, an AV capable of recognizing
the executable content in the email. He did happen
to have an AV, but whatever it was... it wasn't
good enough for this phishing attack. And whatever
email server that came in on, the email server
didn't catch it either.

And while it is fun to pretend the browser is a
weakness, I would say more than one individual has
been caught by phishing emails. We used to train
staff at work about various issues like this, but
when given the most innocent test (scattering
USB sticks in the parking lot), they failed
like sheep. It's just about impossible to
make an entire workforce into "Safe Hex" people.

To be using a sandbox, requires that the individual
know what they're doing, that they're working for
the bomb squad, that this is a bomb, that they
should dress up in their bomb removal kit.

The person playing defense in these situations,
is always at a disadvantage. When it is important
for you to be exploited, they'll find a way.
Most of our security, is security by obscurity.

Paul

Paul wrote:
> He's got his email open. He sees an email message. It
> sayd "GoDaddy - Invoice for domain renewal". He does not
> think it is domain renewal time. The email message
> has an attachment. *He double-clicks it*

Any what was this attachment? An executable, a office document with a
macro...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Jonathan N. Little wrote:
> Paul wrote:
>> He's got his email open. He sees an email message. It
>> sayd "GoDaddy - Invoice for domain renewal". He does not
>> think it is domain renewal time. The email message
>> has an attachment. *He double-clicks it*
>
> Any what was this attachment? An executable, a office document with a
> macro...
>

I don't think we'll ever know really. It could
have been

invoice.pdf.exe

but the recipient might not have recognized it as such.
Or he wouldn't be in that mess.

If an attachment comes in here, at the very least
I don't double click it :-) I may be clumsy, but not
that clumsy.

One of my previous email tools had this right.
There was a folder with all the arriving material
unpacked, so it was just sitting there.

message753
invoice.pdf.exe

And then it was up to you, to drop it on a hex editor
for a look. Or for that matter, scanning it with
Virustotal. If there was a .cab or a .zip, it
stayed as a .cab or .zip, not taking any chances
with an SFX inside. It just processed
the BASE64 encoding, so that you had a file, and
you could see all the extension(s).

Earlier in life, I participated in some little "lab
experiments". The design of which amounted to modern
day phishing. And I fell for one of those. It's
because of that, I can't be boastful or careless
when it comes to phishing. Now I know what it takes
to fool me. I think many other people would be surprised,
just how effective phishing is. It's very good. Especially
if you know something about the victim that you can
leverage.

Paul

Paul wrote:
> Jonathan N. Little wrote:
>> Paul wrote:
>>> He's got his email open. He sees an email message. It
>>> sayd "GoDaddy - Invoice for domain renewal". He does not
>>> think it is domain renewal time. The email message
>>> has an attachment. *He double-clicks it*
>>
>> Any what was this attachment? An executable, a office document with a
>> macro...
>>
>
> I don't think we'll ever know really. It could
> have been
>
>    invoice.pdf.exe

In an OS where the last letters after the last period in a filename
determines if a file is executable it is shear stupidity to hide file
extensions by default. Especially if you market your OS to
non-technically-astute people. Just love it when ex-Windows users try
Linux and cannot figure out why a file will not execute when it has the
correct name...

>
> but the recipient might not have recognized it as such.
> Or he wouldn't be in that mess.
>
> If an attachment comes in here, at the very least
> I don't double click it :-) I may be clumsy, but not
> that clumsy.
>
> One of my previous email tools had this right.
> There was a folder with all the arriving material
> unpacked, so it was just sitting there.
>
>    message753
>      invoice.pdf.exe
>
> And then it was up to you, to drop it on a hex editor
> for a look. Or for that matter, scanning it with
> Virustotal. If there was a .cab or a .zip, it
> stayed as a .cab or .zip, not taking any chances
> with an SFX inside. It just processed
> the BASE64 encoding, so that you had a file, and
> you could see all the extension(s).
>
> Earlier in life, I participated in some little "lab
> experiments". The design of which amounted to modern
> day phishing. And I fell for one of those. It's
> because of that, I can't be boastful or careless
> when it comes to phishing. Now I know what it takes
> to fool me. I think many other people would be surprised,
> just how effective phishing is. It's very good. Especially
> if you know something about the victim that you can
> leverage.

How many of those "invoice" attachments "you-r-screwed.xlsm"...not only
who would open a random spreadsheet with a macro and furthermore who has
Excel set with the security level so low to allow unsigned macros
without approved cert to run at all?

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On Wed, 08 Sep 2021 13:54:14 -0400, Paul <nospam@needed.invalid>
wrote:

>sal@qcount.com wrote:
>> On Wed, 8 Sep 2021 08:28:31 -0700, Big Bad Bob
>> <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
>>
>>> On 2021-09-02 13:56, RabidHussar wrote:
>>>> On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
>>>>> "Introducing the Ransomware Economy"
>>>>> https://www.backblaze.com/blog/ransomware-economy/
>>>>>
>>>>> "Ransomware continues to proliferate for a simple reason—it’s
>>
>>> * If possible, do NOT 'surf the web' with a windows machine
>>> * *NEVER* *READ* or *PREVIEW* *E-MAIL* (or USENET especially) as *HTML*
>>> * do NOT use "Outlook" to read e-mail (or USENET if it can)
>>> * Do NOT use a Microsoft browser to surf 'teh intarwebs'
>>> * NEVER RUN ANYTHING you download or that is attached to an e-mail using
>>> a PRIVILEGED (admin access) LOGON unless the source is VERY TRUSTWORTHY
>>> * NEVER back things up to a share that can be written to by the login
>>> you use for surfing 'teh intarwebs' OR reading e-mail
>>> * ALWAYS USE a NON-admin login whenever possible
>>>
>>> And so on
>>
>> Use a freebie sandbox proggie and forget all that pain in the arse
>> crap. Reboot and anything downloaded surreptitiously or
>> deliberately disappear upon reboot.
>>
>> http://www.toolwiz.com/lead/toolwiz_time_freeze/
>>
>> I've been using it for a few years without any anti-virus or
>> "security" crap. I do also use a firewall to keep stuff from
>> phoning home.
>
>Well, sadly, this is bad advice.
>
>Why ?
>
>It does not address where the real risk lies.
Del
>
>He's got his email open. He sees an email message. It
>sayd "GoDaddy - Invoice for domain renewal". He does not
>think it is domain renewal time. The email message
>has an attachment. *He double-clicks it*
>
>Now, he's ruined.
Del

If he would have had a sandbox protecting his C:, he would not have
been infected.

> Paul

On 2021-09-08 09:34, sal@qcount.com wrote:
> On Wed, 8 Sep 2021 08:28:31 -0700, Big Bad Bob
> <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
>
>> On 2021-09-02 13:56, RabidHussar wrote:
>>> On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
>>>> "Introducing the Ransomware Economy"
>>>>      https://www.backblaze.com/blog/ransomware-economy/
>>>>
>>>> "Ransomware continues to proliferate for a simple reason—it’s
>
>> * If possible, do NOT 'surf the web' with a windows machine
>> * *NEVER* *READ* or *PREVIEW* *E-MAIL* (or USENET especially) as *HTML*
>> * do NOT use "Outlook" to read e-mail (or USENET if it can)
>> * Do NOT use a Microsoft browser to surf 'teh intarwebs'
>> * NEVER RUN ANYTHING you download or that is attached to an e-mail using
>> a PRIVILEGED (admin access) LOGON unless the source is VERY TRUSTWORTHY
>> * NEVER back things up to a share that can be written to by the login
>> you use for surfing 'teh intarwebs' OR reading e-mail
>> * ALWAYS USE a NON-admin login whenever possible
>>
>> And so on
>
> Use a freebie sandbox proggie and forget all that pain in the arse
> crap. Reboot and anything downloaded surreptitiously or
> deliberately disappear upon reboot.
>
> http://www.toolwiz.com/lead/toolwiz_time_freeze/
>
> I've been using it for a few years without any anti-virus or
> "security" crap. I do also use a firewall to keep stuff from
> phoning home.
>

FYI - if you have IPv6 and the firewall does NOT explicitly block or NAT
IPv6 connections, it's a public IP and is JUST as vulnerable as a
dial-up connection.

And I do not trust the built-in Micros~1 "Windows Firewall"

--
(aka 'Bombastic Bob' in case you wondered)

'Feeling with my fingers, and thinking with my brain' - me

'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"

On 2021-09-08 10:54, Paul wrote:
> sal@qcount.com wrote:
>> On Wed, 8 Sep 2021 08:28:31 -0700, Big Bad Bob
>> <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
>>
>>> On 2021-09-02 13:56, RabidHussar wrote:
>>>> On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
>>>>> "Introducing the Ransomware Economy"
>>>>>      https://www.backblaze.com/blog/ransomware-economy/
>>>>>
>>>>> "Ransomware continues to proliferate for a simple reason—it’s
>>
>>> * If possible, do NOT 'surf the web' with a windows machine
>>> * *NEVER* *READ* or *PREVIEW* *E-MAIL* (or USENET especially) as *HTML*
>>> * do NOT use "Outlook" to read e-mail (or USENET if it can)
>>> * Do NOT use a Microsoft browser to surf 'teh intarwebs'
>>> * NEVER RUN ANYTHING you download or that is attached to an e-mail
>>> using a PRIVILEGED (admin access) LOGON unless the source is VERY
>>> TRUSTWORTHY
>>> * NEVER back things up to a share that can be written to by the login
>>> you use for surfing 'teh intarwebs' OR reading e-mail
>>> * ALWAYS USE a NON-admin login whenever possible
>>>
>>> And so on
>>
>> Use a freebie sandbox proggie and forget all that pain in the arse
>> crap.  Reboot and anything downloaded surreptitiously or
>> deliberately disappear upon reboot.
>>
>> http://www.toolwiz.com/lead/toolwiz_time_freeze/
>>
>> I've been using it for a few years without any anti-virus or
>> "security" crap.  I do also use a firewall to keep stuff from
>> phoning home.
>
> Well, sadly, this is bad advice.
>
> Why ?
>
> It does not address where the real risk lies.
>
> We only have one good example here, of someone getting
> caught by ransomware. He is a small business owner. I help
> him out occasionally in another group. He is savvy enough,
> to install OSes on machines, and do the various kinds of maintenance.
> He's not a total vegetable.
>
> But he isn't entirely a Safe Hex person.
>
> Being a small business man, he decides to have a web site.
> He buys a domain with GoDaddy, and leaves his real email
> address in the GoDaddy listing (rather than stealthing the
> registration).
>
> He's got his email open. He sees an email message. It
> sayd "GoDaddy - Invoice for domain renewal". He does not
> think it is domain renewal time. The email message
> has an attachment. *He double-clicks it*
>
> Now, he's ruined. He writes in and asks "all my files
> have a file extension of .osiris". I look that up, and
> that is signature behavior of the Osiris Ransomware.
> At this point, it is too late. His computer room ?
> Totaled. His backup state ? Poor. It takes months
> for him to recover.
>
> Dudes like this "do not need a sandbox".
>
> The first thing they need is a Safe Hex course,

yeah I suppose I should have added "do not click on the attachment" but
"use save-as and directly open with the assigned application rather than
trusting the shell to do it". As an example, if a ZIP or JPEG has an
EXE header, the shell STUPIDLY runs it as a program... although you DO
get a warning first, last I checked. But who pays attention to THOSE,
right?

I don't open attachments nor view HTML for e-mail in Windows, nor do I
use Virus Outbreak (Micros~1 Outlook). I prefer to use e-mail on a
Linux or FreeBSD system, which is VERY secure. But thunderbird on
Windows is acceptable (when you turn off HTML preview).

On 2021-09-08 14:31, Jonathan N. Little wrote:
> How many of those "invoice" attachments "you-r-screwed.xlsm"...not only
> who would open a random spreadsheet with a macro and furthermore who has
> Excel set with the security level so low to allow unsigned macros
> without approved cert to run at all?
>

* disable Excel macros
- or -
* open with Libre Office instead (with macro security set to "very high")

but do NOT "just double-click it" to open. 'Save As', then open the
spreadsheet application, and use "File Open".

--
(aka 'Bombastic Bob' in case you wondered)

'Feeling with my fingers, and thinking with my brain' - me

'your story is so touching, but it sounds just like a lie'
"Straighten up and fly right"

Big Bad Bob wrote:
> On 2021-09-08 14:31, Jonathan N. Little wrote:
>> How many of those "invoice" attachments "you-r-screwed.xlsm"...not only
>> who would open a random spreadsheet with a macro and furthermore who has
>> Excel set with the security level so low to allow unsigned macros
>> without approved cert to run at all?
>>

rhetorical question
>
> * disable Excel macros

Still using Excel vintage 2003 (despise the ribbon) with macro security
set high and only allow macros with my cert to run.

> - or -
> * open with Libre Office instead (with macro security set to "very high")
>
> but do NOT "just double-click it" to open.  'Save As', then open the
> spreadsheet application, and use "File Open".
>
>

In the end who would send an "invoice" with an embedded macro other than
a malfeasant or an idiot.

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

Big Bad Bob wrote:
> I don't open attachments nor view HTML for e-mail in Windows, nor do I
> use Virus Outbreak (Micros~1 Outlook).  I prefer to use e-mail on a
> Linux or FreeBSD system, which is VERY secure.  But thunderbird on
> Windows is acceptable (when you turn off HTML preview)

Thunderbird even with HTML preview unlike web browser viewed web mail
has scripting disabled and remote content disabled by default...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO
http://www.LittleWorksStudio.com

On Thu, 9 Sep 2021 10:26:38 -0700, Big Bad Bob
<BigBadBob-at-mrp3-dot-com@testing.local> wrote:

>On 2021-09-08 09:34, sal@qcount.com wrote:
>> On Wed, 8 Sep 2021 08:28:31 -0700, Big Bad Bob
>> <BigBadBob-at-mrp3-dot-com@testing.local> wrote:
>>
>>> On 2021-09-02 13:56, RabidHussar wrote:
>>>> On 2021-09-02 3:36 p.m., Lynn McGuire wrote:
>>>>> "Introducing the Ransomware Economy"
>>>>>      https://www.backblaze.com/blog/ransomware-economy/
>>>>>
>>>>> "Ransomware continues to proliferate for a simple reason—it’s
>>
>>> * If possible, do NOT 'surf the web' with a windows machine
>>> * *NEVER* *READ* or *PREVIEW* *E-MAIL* (or USENET especially) as *HTML*
>>> * do NOT use "Outlook" to read e-mail (or USENET if it can)
>>> * Do NOT use a Microsoft browser to surf 'teh intarwebs'
>>> * NEVER RUN ANYTHING you download or that is attached to an e-mail using
>>> a PRIVILEGED (admin access) LOGON unless the source is VERY TRUSTWORTHY
>>> * NEVER back things up to a share that can be written to by the login
>>> you use for surfing 'teh intarwebs' OR reading e-mail
>>> * ALWAYS USE a NON-admin login whenever possible
>>>
>>> And so on
>>
>> Use a freebie sandbox proggie and forget all that pain in the arse
>> crap. Reboot and anything downloaded surreptitiously or
>> deliberately disappear upon reboot.
>>
>> http://www.toolwiz.com/lead/toolwiz_time_freeze/
>>
>> I've been using it for a few years without any anti-virus or
>> "security" crap. I do also use a firewall to keep stuff from
>> phoning home.
>>
>
>FYI - if you have IPv6 and the firewall does NOT explicitly block or NAT
>IPv6 connections, it's a public IP and is JUST as vulnerable as a
>dial-up connection.

i have no idea if I'm using IPv6 or not. Looked it up on
Google. Still don't understand nor care what it is. Nor do I
understand why my sandbox wouldn't still protect me from this
whatever-it-is.

As for firewalls, I care only for the simple job of it keeping
programs from phoning home.

This security nonsense for the average Windows user has turned into
ultimate paranoia fostered by ultra paranoid tekkies.

For every average Window user to go freak'n nuts for "security" is
ridiculous. Only so much is necessary. Keep backups. If it hits
the fan, reload the saved C: system w/data. Big deal. I have done
this a number of times because of screwups that were my own fault.

>
>And I do not trust the built-in Micros~1 "Windows Firewall"

My XP firewall has passed all intrusion tests I have found on the
Web, including that at the trusted Gibson site, grc.com.