Slashdot Mirror

They also bought out Sygate Personal Firewall. Fortunately you can still get the old version here.

likewist for sygate's free personal firewall

looks like sygate's owned by symantec now:

We would like to welcome you to Symantec. We recognize that the strength of an organization is built on the loyalty of its customers, and we are committed to providing a seamless transition for Sygate's customers. We are in the initial stages of the integration, and you can expect business as usual as we move through the transition.

http://smb.sygate.com/default.htm

Not only do they suck but they are shutting down all the decent software. My favourite free personal firewall - Sygate has just been bought out by Symantec and guess what:

Important Notice: Effective November 30th, 2005 all Sygate consumer firewall products will be discontinued.

Well they'll have a hard time stopping me from using it. If anyone else thinks it was a good product too grab it from their site before they realise it's still there ;-)

I guess Sygate is no more - they've been borgified by Symantec, and Sygate products are being discontinued. That's a shame - the Sygate Personal Firewall was easy to set up and use, but it offered a lot more technical options and information than the average consumer security app, too.

I'm currently using a software firewall for this, however one thing I don't like about it is that it doesn't tell me which ports an application is using.

I use Sygate Personal Firewall, which at least used to be free for personal use. It can display a list of all open port numbers, indicating the responsible exe, the listen/connect status, and the blocked/allowed status for each. I'm not sure if the "Allow this program to access the network?" dialog includes the port in question or not, though.

You forgot the two most important: Firefox and Thunderbird.

Pick an alternate e-mail client. All my friends were going down in flames and I was saying: "Worm? What worm? Spam? What spam? MUAHAHAHA!"

I used to use Pegasus for e-mail at home before Thunderbird was available. Outlook is a major bone of contention for me. I use it at work and I've always hated the program.

Also, Zonelabs sucks! Change that firewall to Sygate Personal firewall and you've got a deal: http://smb.sygate.com/products/spf_standard.htm

I've always been partial to AntiVir PE: http://freeav.com/

Your other recommendations look a lot like the list I send to people when they ask how to protect their pc...

Sygate Personal, AntiVir, Adaware, SS&D, Javacools, grc.com's muskateers... And when you get sick of installing all that crap: Ubuntu.

I think it's wise to firewall any computer connected to the internet. Even a simple NAT box or basic software packet-filtering stops most worming attacks like this cold, and require minimal effort. Why wouldn't you want that kind of protection, on any OS?

You cannot block port 445 (which zotob uses) since that is what is used in part for file and print sharing.

Decent software packet-filter type firewalls (I like the freebie version of Sygate Personal Firewall myself) block absolutely all traffic (inbound and outbound), but make it simple for the user to set up specific exceptions on a process (not port) basis. So it's possible to grant network permission to Windows components, while denying access to other processes.

In the case of something like ZOTOB, this means that even if a firewalled machine became infected (because vulnerable Windows components had been granted network permissions), the worm wouldn't be able to spread from that firewalled machine. The software firewall would show a popup window saying something like "ZOTOB.EXE is attempting to access the network. Allow it?" Even a minimally-clued user could take the opportunity to Google "ZOTOB.EXE" and decide to click "No!" Even a non-clued user could at least tell IT about it. This would help prevent the spread of the worm and alert the user that he's got a virus, far more immediately than conventional virus scanners can.

Norton products simply suck ass. Their only saving grace is the enterprise edition of their virusscanner, anything marketed to consumers is basically complete crap.

Having said that, as a consumer you can settle for a free firewall as well. Check out Sygate's offering. Not quite suitable for your mother perhaps, but a pretty good program. It even nags about services that the windows firewall won't nag about.

For use in a network of windows workstations administered by a non-n00b, I like tdi_fw.
It's simple, straightforward, and has a whole lot of nifty features. The user doesn't even get to see it, it's a service that reads its config from a text file and does the job. It'll even recognise processes (iexplore.exe) or play sounds when connections are blocked. Only drawback of the thing is that you need to restart the service for it to re-read its config.

It's what I run on my XP-powered laptop to keep it safe in hotels and at hotspots, because it's far more configurable than the built-in Windows firewall.

http://smb.sygate.com/buy/pspf_pricing.htm

OpenBSD is great if one can afford dedicated hardware. I actually find m0n0wall (based on FreeBSD) to be a great solution myself.

However, it sounds like this particular admin can't afford a hardware solution. In this case, I would hope that Sygate Free would be pushed for PCs that are the property of students. Again, it is free for personal use.

Unfortunately, it doesn't sound like a firewall will solve the problem as it looks more like a user-education issue. If a user is downloading zombie software, then it will likely disable or open ports necessary to operate. In this circumstance, I'd do a comprehensive sniffing of network traffic and possibly lock things down at the router/switch level. This sounds Evil but sometimes it is the only way to deal with uneducated users. Perhaps an automated system could be developed for savvy users to unblock ports on an as-needed basis.

Perhaps because they feel there are too many people out there...misappropriating...their content?

That makes perfect sense if you sell CDs and DVDs, but not if you sell computers. Take Dell. They don't create intellectual property, they create tools to use it. Their products are valuable because of their versatility, and voluntarily integrating DRM serves to reduce that versatility.

Shareware authors, who used to release fully functional versions of their applications, no longer do so, even though that change in tactics may have reduced their income (IANASWA).

I would argue that the best software sold under the shareware concept is still uncrippled, except possibly for a nag screen. At the moment, I have no shareware installed except for mIRC and WinRAR. Both are uncrippled except for nag screens, and I've purchased both of them. WinZip is another great example of this.

I would argue that the cream-of-the-crop shareware has morphed not into crippleware or adware, but an evolution of the shareware concept I'm going to call "personalware." Examples of this genre are Ad-Aware, ZoneAlarm, Sygate Personal Firewall, AVG Free, and much more. Each of these programs comes with a license that says "feel free to download and install me, but for personal use only. If you're a business, pony up." You can tell that these programs are polished and that a lot of work went into them. The missing features in these free versions are so minor that most businesses could do without them, if they were so inclined to cheat. The companies behind these products seem to be in good shape, if the fact that their web sites are still up is any indication.

You now have to put money in the box to get a newspaper, whereas before, you could just take one and then deposit your money. That additional machinery contributes to the extra cost of your newspaper.

And yet, these boxes still have a relatively lightweight door that could be forced open without too much trouble, and a design that permits a dishonest person to easily take more than one copy. If we were to "DRM-ize" these boxes, they would be more like a soda machine: you put in your credit card and one copy of a newspaper (printed on special fast-fading paper to ensure you don't share it with somebody else) rolls out.

I'm kind of getting of track, so I'm going to stop here, but I just wanted to point out that in each of these instances, putting further restrictions on the product doesn't translate into more revenues.

Or just do what the local pub would do and cut them off. When they complain, give a canned response and let them sort it out for themselves. I mean, come on, you're freaking *volunteering* here, and it's really not too much to ask that they install a free (for personal use) firewall and free (for personal use) virus scanner. Oh look, the AVG beta even comes with its own firewall.

Seriously, don't go gray over a volunteer network admin job.

The best free firewall that gives you control like this is Sygate's Personal Firewall. It gives you process level control of who and what can access the network on what interface and (optionally) at what time. I use this firewall on one of my computers that's running Windows Server 2003. It would be nice if Microsoft tried to make their built in firewall more flexible like this one is for the server environment.

Sygate or Kerio. Recently set the folks up with the free version of Sygate and they've been happy with it. :-) Zone Alarm's a pain in the neck to deal with.

• CD Burner XP Pro
• Ultra VNC
• POV Ray
• Sygate Personal Firewall
• IconShop

By the way, how do you plan to take submissions in the future and filter out bunk submissions? It'd be nice to have a moderated system that could evolve some.

Symantec's very big on acquisition; if they don't already make some product in their market space, they buy someone who does. They've been in the desktop backup space for a while after buying PowerQuest (Norton Ghost), and now they're extending it to the server space with Veritas.

Powerquest was Partition Magic. Norton has had Norton Ghost for ages; it's an drive imaging and backup tool.

I guess I've always looked to Norton for their utilities sweet and AV. They only got a firewall after buying ATGaurd; it's not something I really associate with Symantec personally, esp with much better offerings available from other companies.

In my mind, Symantec == Data protection and recovery, system stability, and leading Antivirus solutions. How does Veritas not fit into this setup?

Symantec's very big on acquisition; if they don't already make some product in their market space, they buy someone who does. They've been in the desktop backup space for a while after buying PowerQuest (Norton Ghost), and now they're extending it to the server space with Veritas.

Powerquest was Partition Magic. Norton has had Norton Ghost for ages; it's an drive imaging and backup tool.

I guess I've always looked to Norton for their utilities sweet and AV. They only got a firewall after buying ATGaurd; it's not something I really associate with Symantec personally, esp with much better offerings available from other companies.

In my mind, Symantec == Data protection and recovery, system stability, and leading Antivirus solutions. How does Veritas not fit into this setup?

You insensitive clod, not all people want NT 4 SP2 on their win 98 boxes.

Seriously though, the first thing which goes on is the latest McAfee Stinger. When that's wiped out most of the viruses, I uninstall their out-of-date Norton - so many people don't realise that the major antivirus vendors are on a rental model and just buy the product and expect it to last forever. Then Avast! Personal Edition goes on, and the PC is fully scanned. After that comes Spybot and Ad-Aware. I use both because each product has its stregths and weaknesses. All of this is done form a CD burnt with the latest patterns so no internet connectivity happens until their PC has been cleaned. And then Sygate Personal Firewall completes the mix of security products.

After that comes Thunderbird and Firefox, The GIMP and Audacity (if they are into that sort of thing. And of course we musn't forget IrfanView.

Ahh... the first non-hater post. I'll respond here since I'm in the same boat.

Before SP2, I thought that I was going to be able to quit my job and start a Windows reinstallation business because of all the spyware out there. SP2 stops nearly all of it because it disables ActiveX plug-ins by default. Although it does allow the user to install them through the 'information bar', these are the same idiots that were previously clicking 'yes' on the security warning so that they could get to the porn or MP3s that they were seeking. ActiveX spyware will be a thing of the past once this catches on. But I'm sure that they'll start bundling it with legitimate programs at this point.

Maybe I should open that business after all...

Oh... And the firewall is a moot point since no Microsoft security should be trusted. Just go get Sygate Personal Firewall and disable the stock crap. Easy as pie.

I don't have a chance to dig up links for these, but diagnostic tools are a must if you really want to lock stuff down. First, generate and read logfiles whenever possible. Check things out with nmap, tcpdump, ActivePorts, Look@Lan, Kiwi syslog Daemon, Portlistener XP, Bazooka Spyware Utility, Spybot Search and Destroy, Socketlock ... the list goes on. Generally try any tool you can and you'll get a feel for what is actually to your tastes and useful.

This error can be corrected by choosing "User defined List" and entering the IP addresses that are supposed to have access - the IP addresses of your LAN. A whole range of an IP area can be entered as "192.168.x.0/255.255.255.0", if the respective addresses start with 192.168.x.

I've used the free version of Sygate Personal Firewall with success. I'll try Kerio to see how it compares.

Windoze 9x/ME/2000/XP PC + New high speed cable connection + No firewall + No anti-spyware + No anti-virus + Kazza = The Killer CombinationTM!

Seriously folks, get yourself a decent firewall, don't trust Internet Connection Firewall in Windows XP, get anti-virus, get Spybot, and DITCH IE!

This popped up six windows which installed both the default-homepage-network hijacker and also some nasty stuff [...]

This crashed Windows Media Player and then it was overwritten with a small windows executable (I have it if you want it) - this was called wmplayer.exe and was in the Windows Media Player folder. The real Windows Media Player had been deleted. [...]

The next time a WMP media file was accessed the new wmplayer.exe file ran and installed lots of adware, junkware, spyware etc, etc. [...]

AVG free edition sygate personal firewall and Spybot seach and destroy (site down) will complete your collection nicely. Might want to have a look at Hijack this and this tutorial as well.

Yes, this is a lot of work for the price of keeping windows running. Some people don't have a choice... Me, as soon as my favourite IDE gets ported to Linux, I'll swap ;-)

Seriously though, if there are any other tools you guys use to try and keep windows secure, please share.

The MasterCard way:

Installing 'doze unconnected to network - $189
Installing software Firewall - $69
Connecting to Linksys/D-Link/Netgear - $45
Having Windows boot without turning into the great whore of the internet - PRICELESS

For everything else, there's Macintosh.

(Don't you think this smiling gentleman agrees?)

This is how I do it:

1. Obtain Sygate Personal Firewall (free, scroll to bottom) and burn to CD, safe partition, etc.

2. Disconnect from your network and install Windows.

3. Install Sygate.

4. Reconnect to network and get updates from Microsoft.

Windows forces you to buy stuff from Symantec, when a free IPTABLES script from the net can do the same job on Linux for free.

By the same token, there are a number of free firewalls available for personal use - I use Sygate's one, for example, which also does per-application egress checking, something I never did get working under Linux (not that I tried very hard, I admit).

After installing all the appropriate device drivers, the first ten items on my list would be -

1. Symantec Drive Image 2. OpenOffice.org 3. Sygate Personal Firewall Pro 4. NOD32 Anti-Virus 5. PestPatrol 6. iolo System Mechanic 7. WinRAR 8. Mozilla Firefox 9. UltraEdit 10. Nero Burning ROM

I know exactly what you mean. I find that virus programs help a lot when keeping the pattern files up to date. Unfortunately they can't rely on automatic OS updates (56k connection), so I have to help them to defensively install selected updates - almost always after it's too late. A personal firewall is also a good idea, for both the experienced and inexperienced users.

It's relatively simple to keep your parents surfing in safety. As many people have already mentioned, Firefox is a good start. But that's not where you need to stop. While Thunderbird is stil in alpha, it makes a nice email client, and has fewer glaring security holes than some of the more popular clients.

But where everything comes together is with the last two important pieces of software. I used to be a strong supporter of The Proxomitron, but it's very difficult to find now, and is no longer supported, so I've switched over to Privoxy which runs on most platforms, incidentally.

Privoxy is a local proxy that does filtering on all web content that you view, removing things like some ads, and all unrequested pop-ups. It filters virtually all malicious content I have seen.

A personal firewall is important to have now, and there are some reasonable free ones around. The ones I like take a bit of configuration, but they sure beat Zone Alarm. The two I use are Kerio Personal Firewall and Sygate Personal Firewall.

Sadly, both these products used to be completely free, but the same is no longer completely true.

Essentially, it is important to use a good browser, mail client, local proxy and firewall. With those in place a virus scanner is often somewhat redundant, though one of those might be a good idea too.

On the spam prevention front, I find Popfile to be an invaluable tool. It is, however, a wee bit advanced. I suspect that most parents wouldn't quite grok it. I've heard good things about SpamAssassin, though, and it might be worth the effort of teaching parents.

3. THIS IS NOT WHAT A FIREWALL DOES. If you think a firewall blocks spyware, then you are flat out wrong, and misinformed on the concept of a firewall.

My firewall blocks spyware and trojans. Traditional (think corporate) firewalls may not block spyware and trojans, but recent years have seen the development of the "personal" firewall. Every time any executable tries to access the network or the internet, my personal firewall pops-up a box telling me the details of the connection, and asking if I want to allow it. The same is true of incoming connections...and listening sockets, for that matter. A hash check upon execution of an allowed executable prevents a trojan or virus from altering a file unnoticed. No network traffic on my pc goes unmonitored.

The relatively recent windows worm that exploited RPC was blocked by my personal firewall because it needed me to explicitly allow the connection to occur. Even if I had become infected, I would have then needed to allow the worm to connect to other computers if I was to be contagious.

I use the free(!) Sygate Personal Firewall, and I highly reccomend it.

What Cisco is developing is a Host Integrity System, something it lacks in its current offerings. A good example to use would be Sygate's Secure Enterprise.

Cisco's new offering serves as a checkpoint at the router or L3 switch level. Hosts incoming must pass a certain set of criteria (MD5 hash of approved AV running, sig file at certain level, hotfix X installed) before they are allowed to pass. While previously used to protoct remote users (Aventail and Checkpoint are good examples), Cisco is moving to market the technology as an endpoint solution for all enterprise users.

This is also a consolidation play. The new version of Cisco's Secure Agent will tie into the new gateway system as a required host integrity piece. If you add that to the new WebVPN SSL VPN code that is currently in beta 3 and will be out over the holidays as v4.1 of the 3000 series concentrator software, you get a pretty clear indication of where Cisco's going with this.

All I can say is our Fortune clients dig the whole shebang. Keep in mind that once you start talking about enterprise security, the more authoritarian, the better.

This is also a problem for the firewall I use, Outpost since it has a default System rule of "Allow Loopback" - however this can be removed, fixing the problem. You then need (and will be prompted) to create separate rules for each application that needs access via the proxy software.

That's about as secure as you can make an average home users computer without uberexpensive corporate solutions

I'm going to disagree with you again here...running anti-virus software is still a necessity and if you download a lot from "questionable" sources (IRC, P2P, Usenet), then Anti-Trojan software is strongly recommended. The best here appear to be TDS-3 and TrojanHunter. Also, running an application firewall (one that intercepts calls between Windows applications) like System Safety Monitor can do a lot to prevent malware from getting started on your system.

This is also a problem for the firewall I use, Outpost since it has a default System rule of "Allow Loopback" - however this can be removed, fixing the problem. You then need (and will be prompted) to create separate rules for each application that needs access via the proxy software.

Can anyone recommend a good non-symantec antivirus and software firewall? (Please, please, please don't say ZoneAlarm.)

I've had great results with Sygate Personal Firewall. This puts zonealarm to shame. ZA will assume windows components and modules are safe, but sygate prompts for everything. I use it along with my routers firewall and NAT. That's about as secure as you can make an average home users computer without uberexpensive corporate solutions.

Sygate Rocks.

Sygate personal firewall

• CygWin. The Linux-like environment for Windows.
  Mozilla. Use this for mail, news, and browsing if you like.
  Firebird. for FAST browsing.
  WS FTP Light. A FREE, FTP client that works great.
  Filezilla. which is TRULY free and does sftp as well.
  PuTTY. a free SSH client for Windows.
  TTSSH. is a much less clunky ssh client than PuTTY.
  iXplorer. freeware secure FTP client
  VNC hello!? remote controll software.
  Tight VNClike the original, only FAST.
  GNU-EMacs for Windows. just trust me ;).
  Dev-C++a free C++ compiler for those who can't afford VS.
  NetHack. as someone here said, you MUST have NetHack installed on everything...
  Free-AV.free Anti-Virus software for Windows, (mandatory these days). or
  AVG Free edition. another free Anti-Virus software for Windows.
  Zonealarm. my favorite Personal Firewall,, really!. or
  Kerio. another firewall that some seem to like. or
  Sygate. yet another firewall. whatever floats your boat.
  Boingo. to see where the closest hotspot is, hehe.
  OpenOffice 1.1 the Microsoft Office KILLER :) {really!}
  Winamp 2.x for audio/video usage in Windows, stay away from the new one :).
  Mark's Adding Machine is much better than the Windows calculator.
  SpyBot Search & Destroy The best Ad-ware / Spyware removal tool we've found, "IE is unusable without".
  Ad-Aware another spy-ware app "alas poor Windoze."
  Trillian a favorite IM, since we're all chatters @ heart. or
  GAIM since trillian hogs resources, "bad piggy!".
  Gimp image creation/editing. Who needs Photoshop anyway?
  EnZip freeware Zip Utility, Stop nagging you WinZip!!
  Iview is a great little image viewer. or
  Irfanviewone of the best image viewer out there for Windows.
  Audacity is a great little sound editor.
  Virtual Dub. a great video editor.
  cDex gotta rip those cd's for the RIAA!
  MAME for games, period. Free. You can buy some ROMs, or *ahem* ask around. and finally
  XPantiSPY since XP is E-V-I-L.

And FINALLY, don't trust me! Trust the experts;

Go to the Pricelessware site maintained by the alt.comp.freeware Usenet group.
The

These are some of the free (speech or beer) software I'd install on a family, non-gaming machine:

• Web Browser: Mozilla or Mozilla Firebird
• E-mail: Mozilla (cross-platform), Mozilla Thunderbird (cross-platform), Evolution (Gnome), or KMail (KDE)
• Office Suite: OpenOffice.org
• Media Player: QuickTime (Windows), Zinf (cross-platform), RealPlayer (cross-platform), WinAmp (Windows), MPlayer (Windows), XMMS (Linux)
• Image Viewer: IrfanView (Windows)
• Instant Messaging: Gaim (cross-platform)
• Personal Information Management: Palm Desktop Software (great PIM suite even if you don't own a Palm)
• Other: Acrobat Reader (although I'm weary of their DRM), Java 2 Runtime Environment, Macromedia Flash and Shockwave players, Ad-Aware (spyware remover for Windows), ZoneAlarm, Sygate Personal Firewall (firewall, alternative to ZoneAlarm), Grisoft AVG Anti-Virus, FileZilla, WinRAR (not free, shareware with nag window), Ofoto desktop software (basic photo album and touch-ups, even if you don't use Ofoto's online services)

Some other software I'd install on my own desktop (dev), in decreasing order of importance:

• Cygwin, bascially all packages
• UltraEdit32 (45-day trial shareware)
• TightVNC
• Ghostscript and GSView
• Java 2 SDK
• Eclipse
• Borland JBuilder Personal
• ActiveState Perl, Python, Tcl/Tk (yes, even though they are in Cygwin), Jython
• GIMP
• POV-Ray
• At least one of Apache, Tomcat, or Plone (Zope)
• HTTrack (a website copier)

Windows:

Kerio /or Sygate for firewall (both are good)
Aladdin's free StuffIt Expander (unpacks a lot of different compressed files, including SIT and Gunzip's)
AVG antivirus (free for personal home use)
QuickClear lite (deletes IE cookies/cache/empty's trash)
StartPro (well, it used to be free. Gives you a nice list of programs set to load at bootup, including registry keys.)
Ad-Aware everybodies favorite adware/malware answer.

Mandrake is (of course) easy:

Got the Easy Urpmi and follow the directions to install all the different media sites. Once you do that (its just a cut and paste job) you can fire up rpmdrake and search for software by name/description/type/etc. Mandrake installs with a lot of the right stuff already. I'd recommend maybe installing nano (easy command line text editor if you hate VI/VIM/EMACS/ETC) and of course if you running a system with a NVidia card get the NVIDIA drivers (rpmdrake, but if their not listed NVidia will have them).

Much better than ZoneAlarm.

And do not think that "XP allready got a firewall" because that firewall don't stop outgoing connections. So when one of those trojans has snagged all your banking information the Xp firewall won't help you stop it.
Having a firewall that detects outgoing connections is vital to learning about new spyware/malware/trojans/virus on your computer.

Some /.'ers have familiy that all know C++ apparently...anyway

Winamp
Ad-Aware
Sygate Personal Firewall(Zone alarm sucks)
cDex 1.51(CD ripping software)
Mozilla Firebird popup blocker is nice, esp for clueless users and children

Free Firewall (better than zonealarm)

Free Virus Checker, seems to do pretty well

For all your other free needs

The difference is that a real firewall (Like Zone Alarm or Sygate (free is down at the bottom)) will block the traffic, prompt you to allow/disallow it, and then follow instructions.

Black Ice, on the other hand, will simply watch ports, log traffic, and when someone tries to access your RPC port or whatnot, it simply sets a flag "Serious Error - Someone Hacking" and starts blinking in the system tray. No real response, no ability to block it in the future, just simple monitoring.

In other words, it's a complete waste of CPU cycles from a security standpoint, and if you're using it for traffic monitoring you'd be better served with Ethereal.

It's not free, or open, but Sygate's professional firewall is awesome. Much better than ZoneAlarm. There is a free personal version of the software, but it lacks the features that make the professional one so awesome. However, I would reccomend the personal one over ZoneAlarm. Try sygate, It can do almost anything you can think of.

Interesting -- I wonder if they wrote their own policy server, or are OEM'ing someone else's stuff? There are several vendors who have products in this space: Zone Labs Integrity, Sygate Secure Enterprise, Symantec Enterprise Security Manager, F-Secure Policy Manager, and probably some others I've forgotten.

The tricky thing is writing a server that integrates well with existing back-end security and authentication infrastructure: having a bunch of standalone systems really sucks from a management point of view. Depending on how the client/agent/firewall (in software or firmware, as on a NIC) is structured, it may be possible to mix and match vendors in the future. (For example, another vendor's server monitoring these 3com NICs.)

The protocols themselves don't really need to be proprietary to the point of precluding interoperability: most are based on good solid Internet/IETF standards like IPSec, SSL, TCP, XML, etc. (Full disclosure: I was the system architect for Zone Labs Integrity.) If the protocols could be standardized, I could easily see ZLI serving policy to the various firewall-enabled gadgets out there, as the server is easily extensible.

I guess I just want to see things interoperate, but that's probably just because I'm an old Unix hacker....

Sygate personal firewall is also free for home use. I've had prior experience with their commercial software and have nothing but praise for it. Their personal firewall software also works very well...

This is very true.

Though knowing them, they'd probably both refuse to let you use the router AND refuse to take responsibility for any attacks.
Or they'd just revoke your account for disobeying their terms of service.

Again, as you said, this is very unlikely. Right now, I do something similar with a dialup account, though I use SyGate to act as the NAT/firewall rather than a hardware NAT/firewall.

I think just as suitable is don't do it the way they want you to... Setup an Internet only 95/98 box using something like Sygate which I've used for years, and pipe the connection to your other machines! Let the "Server" sit there with the DSL modem and such, and let it look at banner adds all day long. Use the net as normal via the other machines. :-)

Hey Rob, howabout that tarball!
Oops... Another 24 hours now...

Try Sygate.