Use a decent firewall and thats it. I used to use zone alarm but some IM spam still got through
Hmm... Yep. Sounds pretty secure. Of course, you realize that if the IM spam is getting through, it basically means you have no security at all at that moment....
Yes, a GOOD firewall, with GOOD rules set will make for a reasonably secure system. The thing is, setting those rules is a real pain in the arse. It's a never-ending job. Do you want to see the rule-list for my firewall? It has more blackholed ports than I can count. As Karl Sagan would say "Billions and Billions"... (Ok, maybe not that many, but still... it's more than 20 insecure ports I have to block in both directions!)
I never had Win2K sp 3 attempting to connect to the internet by itself in the first place. I dunno what your settings are like but turn off automatic updates and other nonsense.
Would you even know? Do you examine what packets are leaving your machine? Do you run a firewall on a seperate machine? Do you want to see my firewall logs for what kind of crap a Win2k machine with all non-essential services set to Disabled still spews out? Hope you have a large e-mail account. There's megs of it... From each 24x7 server, and that's for this month, alone.
In conclusion, though, yes, it is possible to secure yourself against most (>99%) of all threats to Windows. My argument is that it has grown to be more trouble than it's worth. Therefore, in newer jobs I am using Linux more and more. It's free from the BSA audits, it's free from many of the Windows annoyance virus/worms, and it's free from
auto-update features that turn themselves back on when I'm not looking.
What's best for you? I don't know. There's no doubt that a poorly configured Linux box is less secure than a well secured Windows box. A little knowledge and prevention goes a long way...
My only thought is that at this point, I'd rather spend my time fighting technical issues than political ones. Probably a lot of it is that I'm just burned out on Microsoft, too, though. There's only so many times you can go through the checklist of re-locking down a box before you just get so tired of looking at it that you'd rather chuck it out to the curb.
At least with Linux, I'm running into NEW bugs, problems, and issues. ;-)