I am using firewall for a few years (finally settled down with Outpost) , I didn't even bother to learn, just install and let it be......
http://www.grc.com/x/ne.dll?rh1dkyd2
I went to that website, Shielps Up test, port 1025 is open, 1037-1038 is closed
so i scan the 2nd time, it is still open
but the 3rd, the port is suddenly stealthed.
What is happening?
and how do i configure a firewall?
should I let
svchost.exe
system.exe
connect to the internet or totally block it?
sometimes, while i am browsing with Firefox, Outpost will pop up and ask for permission about TCP, sometimes UDP...... should i block it also
Full Version: Firewalls
This is what i got from Shieldup 
I'm so proud...
My general rule for granting acces is: always block, unless you are certain what the program is for and that it needs internet acces (for example a browser or an IM-client.) If after blocking your PC doesn't appear to lose any of its functionality then you can block it permanently the next time it asks for acces (or if you are a little bit insecure about this, you can always do it later on.) IMO its always better to be safe than sorry. (CLICHE!... but true...)
Remember that quite often malicious software tries to hide behind names like WindowsUpdate.exe or svchost.exe, so look if the program asking for acces is in the correct directory. You can usually find such info with just googling for the filename.
For example after a google for svchost.exe you can find this.
So if a program called svchost.exe is asking for acces and is not in your windows\systems32 folder, you should start to be a little bit worried.
HTH
QUOTE
Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.
I'm so proud...
My general rule for granting acces is: always block, unless you are certain what the program is for and that it needs internet acces (for example a browser or an IM-client.) If after blocking your PC doesn't appear to lose any of its functionality then you can block it permanently the next time it asks for acces (or if you are a little bit insecure about this, you can always do it later on.) IMO its always better to be safe than sorry. (CLICHE!... but true...)
Remember that quite often malicious software tries to hide behind names like WindowsUpdate.exe or svchost.exe, so look if the program asking for acces is in the correct directory. You can usually find such info with just googling for the filename.
For example after a google for svchost.exe you can find this.
QUOTE
MORE INFORMATION
The Svchost.exe file is located in the %SystemRoot%\System32 folder.
The Svchost.exe file is located in the %SystemRoot%\System32 folder.
So if a program called svchost.exe is asking for acces and is not in your windows\systems32 folder, you should start to be a little bit worried.
HTH
http://ntsvcfg.de/ntsvcfg_eng.html
Take a look in that guide and close your ports. Works very fine for me for months now. I even use the Windows Firewall without any backdoor activity.
(But nevertheless I recommend checking your system for Trojans, Viruses, Hijackers and Spy-/Adware.)
Take a look in that guide and close your ports. Works very fine for me for months now. I even use the Windows Firewall without any backdoor activity.
(But nevertheless I recommend checking your system for Trojans, Viruses, Hijackers and Spy-/Adware.)
i'm looking for a firefall. i'm behind a router so i'm protected from the outside and now i want something light to protect against unauthorized outgoing traffic. i've been using zonealarm but it's too bulky. is there anything lighter and perhaps better? i've heard of sygate, outpost, i'm just looking for a free or lite version.
Kerio 2.1.5 works just fine. GRC's test did not penetrate my firewall. 
Amigo, tell me how you really feel.
i feel like kerio is fine, and that steeve gibson sucks. =)
This is what I've been using for several years now. It's blocked many worms, and those fake Windows patches such as "registry corrupt" from popping up on screen.
---
Block - RPC (Remote Procedure Call) TCP
Hosts: All addresses
Protocol: TCP
Local Port: 135,139,445,593,4444
Traffic Direction: Both
Block - RPC (Remote Procedure Call) UDP
Hosts: All addresses
Protocol: UDP
Local Port: 135,139,445,593,4444
Traffic Direction: Both
---
Block - Common Ports TCP
Hosts: All addresses
Protocol: TCP
Local Port: 21-23,25,42,53,67-69,79,80,98,110,113,135,137-139,143,162,389,443,445,500,
1002,1024-1030,1720,1900,2745,3127,3410,5000,5554,6129,8080,9996
Traffic Direction: Incoming
Block - Common Ports UDP
Hosts: All addresses
Protocol: UDP
Local Port: 21-23,25,42,53,67-69,79,80,98,110,113,135,137-139,143,162,389,443,445,500,
1002,1024-1030,1720,1900,2745,3127,3410,5000,5554,6129,8080,9996
Traffic Direction: Incoming
What the Block- Common Ports rules block:
BootPC
Blocks incoming TCP/UDP traffic to local ports 67, and 68. BootPC can freeze or cause your computer to restart or shutdown.
* DHCP
Dynamic Host Configuration Protocol. This blocks incoming TCP/UDP traffic to local port 68, and outgoing TCP/UDP traffic to remote port 67.
* NetBIOS
Blocks incoming TCP/UDP traffic to local ports 135,137,138,139,445,1026. Blocks Printers and File Sharing over the Network/Internet.
* SpyWare and Ad Software
Blocks incoming TCP/UDP traffic to port 135. Port 135 can be used by SpyWare and Ad Software.
* TFTP Process
Blocks incoming TCP/UDP traffic to local port 69.
---
Block - Virus, Trojan Horse, and Worm Ports TCP
Hosts: All addresses
Protocol: TCP
Local Port: 1-79,2556,3196,5500-65535,12345,12346,12456,20034,31337,54320,54321
Traffic Direction: Incoming
Block - Virus, Trojan Horse, and Worm Ports UDP
Hosts: All addresses
Protocol: UDP
Local Port: 1-79,2556,3196,5500-65535,12345,12346,12456,20034,31337,54320,54321
Traffic Direction: Incoming
These rules block Low and High ports commonly used by Trojan horse programs.
These rules also block the following Trojan horse:
* Back Orifice
* NetBus
These rules block also block the following virus/worm:
* Bagel.n (port #2556)
* MyDoom (port #3196)
---
Allow - Windows XP Internet Time Sychronization
Hosts: IP Address(es): 207.46.130.100
Protocol: UDP
Remote Port: 123
Local Port: 123
Traffic Direction: Both
Application: Generic Host Process for Win32 Services
Generic Host Process for Win32 Services is none other than svchost.exe.
Further instructions:
1. Double-click the clock located at the bottom far right on the Windows XP Taskbar.
2. Click Internet Time.
3. For the server select: time.windows.com
4. Click OK to exit.
5. In your firewall applications list scroll down until you see the description "Generic Host Process for Win32 Services"
6. Disable server access for "Generic Host Process for Win32 Services"
You have now made a more secure rule for the Windows XP time sychronization feature.
Note 1:
This will only allow Windows XP to have time sychronization with the Microsoft time server "time.windows.com" none of the others listed in the drop down list will work after you create this advanced rule.
Note 2:
If for any reason Windows XP looses the ability to automatically adjust the time, e.g.; Microsoft changes the IP address used to sychronization the time you will have to delete this advanced rule, and re-enable "Generic Host Process for Win32 Services" with the ability act as a server if you want your system time automatically updated. Once you find the new IP address listed in the firewall log, you can then input this rule again using the new IP address instead of the one listed above.
---
You can also block fake Windows patch websites (this probably isn't all of them) in Internet Explorer, other web browsers, and the HOSTS file. Note: If a firewall is any good it should automatically block them, I know Sygate Personal Firewall does.
*.antieye.com
www.antieye.com
*.antijunk.com
www.antijunk.com
*.e-regclean.com
www.e-regclean.com
*.e-regfix.com
www.e-regfix.com
*.e-regpatch.com
www.e-regpatch.com
*.eantispy.com
www.eantispy.com
*.fix-comp.com
www.fix-comp.com
*.fixed-pc.com
www.fixed-pc.com
*.messagestop.biz
www.messagestop.biz
*.messagestop.net
www.messagestop.net
*.messengerplug.com
www.messengerplug.com
*.patchnow.net
www.patchnow.net
*.patchwindows.org
www.patchwindows.org
*.patchwindows.net
www.patchwindows.net
*.penispatch.org
www.penispatch.org
*.reg-patch.com
www.reg-patch.com
*.reg-scanner.com
www.reg-scanner.com
*.regcleanerpro.com
www.regcleanerpro.com
*.registryalert.com
www.registryalert.com
*.registryfixit.com
www.registryfixit.com
*.registryfixpro.com
www.registryfixpro.com
*.spamkill.info
www.spamkill.info
*.spyware-scans.com
www.spyware-scans.com
*.updatenow.org
www.updatenow.org
*.updatepatch.info
www.updatepatch.info
*.upgradenow.org
www.upgradenow.org
*.win-fix.com
www.win-fix.com
*.windowspatch.info
www.windowspatch.info
*.windowspatch.net
www.windowspatch.net
*.windowsregfix.com
www.windowsregfix.com
*.winregfix.com
www.winregfix.com
---
Edit: Added yet another fake Windows patch website.
---
Block - RPC (Remote Procedure Call) TCP
Hosts: All addresses
Protocol: TCP
Local Port: 135,139,445,593,4444
Traffic Direction: Both
Block - RPC (Remote Procedure Call) UDP
Hosts: All addresses
Protocol: UDP
Local Port: 135,139,445,593,4444
Traffic Direction: Both
---
Block - Common Ports TCP
Hosts: All addresses
Protocol: TCP
Local Port: 21-23,25,42,53,67-69,79,80,98,110,113,135,137-139,143,162,389,443,445,500,
1002,1024-1030,1720,1900,2745,3127,3410,5000,5554,6129,8080,9996
Traffic Direction: Incoming
Block - Common Ports UDP
Hosts: All addresses
Protocol: UDP
Local Port: 21-23,25,42,53,67-69,79,80,98,110,113,135,137-139,143,162,389,443,445,500,
1002,1024-1030,1720,1900,2745,3127,3410,5000,5554,6129,8080,9996
Traffic Direction: Incoming
What the Block- Common Ports rules block:
BootPC
Blocks incoming TCP/UDP traffic to local ports 67, and 68. BootPC can freeze or cause your computer to restart or shutdown.
* DHCP
Dynamic Host Configuration Protocol. This blocks incoming TCP/UDP traffic to local port 68, and outgoing TCP/UDP traffic to remote port 67.
* NetBIOS
Blocks incoming TCP/UDP traffic to local ports 135,137,138,139,445,1026. Blocks Printers and File Sharing over the Network/Internet.
* SpyWare and Ad Software
Blocks incoming TCP/UDP traffic to port 135. Port 135 can be used by SpyWare and Ad Software.
* TFTP Process
Blocks incoming TCP/UDP traffic to local port 69.
---
Block - Virus, Trojan Horse, and Worm Ports TCP
Hosts: All addresses
Protocol: TCP
Local Port: 1-79,2556,3196,5500-65535,12345,12346,12456,20034,31337,54320,54321
Traffic Direction: Incoming
Block - Virus, Trojan Horse, and Worm Ports UDP
Hosts: All addresses
Protocol: UDP
Local Port: 1-79,2556,3196,5500-65535,12345,12346,12456,20034,31337,54320,54321
Traffic Direction: Incoming
These rules block Low and High ports commonly used by Trojan horse programs.
These rules also block the following Trojan horse:
* Back Orifice
* NetBus
These rules block also block the following virus/worm:
* Bagel.n (port #2556)
* MyDoom (port #3196)
---
Allow - Windows XP Internet Time Sychronization
Hosts: IP Address(es): 207.46.130.100
Protocol: UDP
Remote Port: 123
Local Port: 123
Traffic Direction: Both
Application: Generic Host Process for Win32 Services
Generic Host Process for Win32 Services is none other than svchost.exe.
Further instructions:
1. Double-click the clock located at the bottom far right on the Windows XP Taskbar.
2. Click Internet Time.
3. For the server select: time.windows.com
4. Click OK to exit.
5. In your firewall applications list scroll down until you see the description "Generic Host Process for Win32 Services"
6. Disable server access for "Generic Host Process for Win32 Services"
You have now made a more secure rule for the Windows XP time sychronization feature.
Note 1:
This will only allow Windows XP to have time sychronization with the Microsoft time server "time.windows.com" none of the others listed in the drop down list will work after you create this advanced rule.
Note 2:
If for any reason Windows XP looses the ability to automatically adjust the time, e.g.; Microsoft changes the IP address used to sychronization the time you will have to delete this advanced rule, and re-enable "Generic Host Process for Win32 Services" with the ability act as a server if you want your system time automatically updated. Once you find the new IP address listed in the firewall log, you can then input this rule again using the new IP address instead of the one listed above.
---
You can also block fake Windows patch websites (this probably isn't all of them) in Internet Explorer, other web browsers, and the HOSTS file. Note: If a firewall is any good it should automatically block them, I know Sygate Personal Firewall does.
*.antieye.com
www.antieye.com
*.antijunk.com
www.antijunk.com
*.e-regclean.com
www.e-regclean.com
*.e-regfix.com
www.e-regfix.com
*.e-regpatch.com
www.e-regpatch.com
*.eantispy.com
www.eantispy.com
*.fix-comp.com
www.fix-comp.com
*.fixed-pc.com
www.fixed-pc.com
*.messagestop.biz
www.messagestop.biz
*.messagestop.net
www.messagestop.net
*.messengerplug.com
www.messengerplug.com
*.patchnow.net
www.patchnow.net
*.patchwindows.org
www.patchwindows.org
*.patchwindows.net
www.patchwindows.net
*.penispatch.org
www.penispatch.org
*.reg-patch.com
www.reg-patch.com
*.reg-scanner.com
www.reg-scanner.com
*.regcleanerpro.com
www.regcleanerpro.com
*.registryalert.com
www.registryalert.com
*.registryfixit.com
www.registryfixit.com
*.registryfixpro.com
www.registryfixpro.com
*.spamkill.info
www.spamkill.info
*.spyware-scans.com
www.spyware-scans.com
*.updatenow.org
www.updatenow.org
*.updatepatch.info
www.updatepatch.info
*.upgradenow.org
www.upgradenow.org
*.win-fix.com
www.win-fix.com
*.windowspatch.info
www.windowspatch.info
*.windowspatch.net
www.windowspatch.net
*.windowsregfix.com
www.windowsregfix.com
*.winregfix.com
www.winregfix.com
---
Edit: Added yet another fake Windows patch website.
how to block specified ports?, it doesn't seem to be available in Outpost Free version
QUOTE(kotrtim @ May 25 2005, 08:52 AM)
how to block specified ports?, it doesn't seem to be available in Outpost Free version
Look through the help file to see if you can add ports, some freeware firewalls don't allow that feature since it may be reserved for a "pro" version.
If it already blocks allot of nasties, e.g.; you are not getting unsolicitated pop-ups, malware it probably isn't necessary to dabble with port settings.
I can't even use my own rules I listed above anymore since Sygate Personal Firewall started acting up, now I'm running ZoneAlarm, and out-of-the-box (well actually out-of-the-download-folder) it already blocks allot of what I listed.
Isn't there a theory saying that all ports should be blocked by default, and only specific ports are opened?
I use Kerio with this theory in mind, and thus only ports that I need it open are open.
I use Kerio with this theory in mind, and thus only ports that I need it open are open.
I have a free copy of ZoneAlarm and I will get blue screen after install (have to go to safe mode to remove it!), I tried Sygate and it crashes a few second after it is started......too bad! only Outpost works on my system
I suppose Avast is the culprit? I've read that Avast has conflict with ZoneAlarm
I suppose Avast is the culprit? I've read that Avast has conflict with ZoneAlarm
QUOTE(kotrtim @ May 9 2005, 09:41 PM)
and how do i configure a firewall?
should I let
svchost.exe
system.exe
connect to the internet or totally block it?
should I let
svchost.exe
system.exe
connect to the internet or totally block it?
ZoneAlarm (free edition) automatically configures Generic Host Process for Win32 Services "svchost.exe" as:
Access (meaning local): Trusted, Internet access enabled
Server: Trusted, Internet access disabled
To configure it to work properly with Sygate Personal Firewall scroll up to my first post in this thread and look for the firewall rule "Allow - Windows XP Internet Time Sychronization"
For Outpost I don't know, therefore you'd be better off looking through the Outpost manual, or if they have a support forum ask there for the proper configuration of Generic Host Process for Win32 Services.
I tested the Windows XP Firewall and found it will block allot of incoming threats, it passed all the GRC.com tests with a TruStealth rating. It blocked all those fake Windows updates that I listed in my first post in this thread. It is also resident immediately when the system starts, therefore there aren't any big .exe files to load that can leave a system vulnerable until a firewall is resident. The WinXP Firewall however doesn't deal with controlling outbound traffic at all, that's a low-point, therefore it's less security if a system has an auto-updating, or auto-communicating malware infection, or spyware infection. The good thing about it though is you wouldn't have to deal with any compatibility issues. Since there really isn't much configuring you can do (actually just enable it and forget about it) with it there's less of a chance of leaving ports wide-open by mistake, or by leaving ports open by not fully understanding how to configure it.
If ZoneAlarm didn't work to my likings I was going to switch to using the WinXP Firewall, and I still might since I don't like some things about ZoneAlarm.
QUOTE(kotrtim @ May 27 2005, 07:59 PM)
I suppose Avast is the culprit? I've read that Avast has conflict with ZoneAlarm
Avast 4.6 Home Edition has Web Shield, however I don't know if that would conflict or not since it's suppose to only be an invisible HTTP proxy for web-browsers, but who know's.
Optionally:
You can get a free 12 month trial of eTrust EZ Antivirus here. It doesn't conflict with Sygate Personal Firewall, or ZoneAlarm. Note you'll have to allow any firewall notice for any firewall that has to do with it to accessing the Internet in order to get automatic definition file updates. With ZoneAlarm though if you use a dial-up connection and aren't connected to the Internet the ZoneAlarm systray icon will constantly change to activity since EZAV will constantly try to contact the update server, it get's a bit annoying.
There's also AVG Anti-Virus System Free Edition, and AntiVir Personal Edition Classic.
Now uninstalled both Avast and Outpost
Tried ZoneLabs and AVG 7.0.322
to my very surprise, all those post on the net about ZoneAlarm being a resource hog is a total lie, ZoneAlarm Free seem to use less resources than the ouptost Free........ zlclient.exe only uses 5MB (physical+virtual) when system starts...really impressed
and the most important thing is, all ports are stealth with ZA.
AVG vs Avast
I don't need a stopwatch, the scan speed difference is so obvoius, AVG is much faster and lighter on resources (espacially RAM usage)!
what worries me is the too-fast-antivirus may not be doing its job, I feel that Avast is more sucure but I really like the AVG's speed.....
pls help me too decide
Tried ZoneLabs and AVG 7.0.322
to my very surprise, all those post on the net about ZoneAlarm being a resource hog is a total lie, ZoneAlarm Free seem to use less resources than the ouptost Free........ zlclient.exe only uses 5MB (physical+virtual) when system starts...really impressed
and the most important thing is, all ports are stealth with ZA.
AVG vs Avast
I don't need a stopwatch, the scan speed difference is so obvoius, AVG is much faster and lighter on resources (espacially RAM usage)!
what worries me is the too-fast-antivirus may not be doing its job, I feel that Avast is more sucure but I really like the AVG's speed.....
pls help me too decide
QUOTE(kotrtim @ May 29 2005, 10:56 PM)
to my very surprise, all those post on the net about ZoneAlarm being a resource hog is a total lie,
AVG vs Avast
I don't need a stopwatch, the scan speed difference is so obvoius, AVG is much faster and lighter on resources (espacially RAM usage)!
what worries me is the too-fast-antivirus may not be doing its job, I feel that Avast is more sucure but I really like the AVG's speed.....
AVG vs Avast
I don't need a stopwatch, the scan speed difference is so obvoius, AVG is much faster and lighter on resources (espacially RAM usage)!
what worries me is the too-fast-antivirus may not be doing its job, I feel that Avast is more sucure but I really like the AVG's speed.....
ZoneAlarm (free) isn't a reshog on my system either, works fine. However other peoples experiences can be from what other software is running with ZoneAlarm, and their system specs like not enough RAM for their WinXP box.
AVG's first scan will be the longest scan because it hasn't yet created an integrity database (fingerprint) of the executibles, or infectable files on your disk drives. When you do subsequent scans AVG will compare the data in the integrity database to the executible, or infectable file, if nothing is changed it can scan unchanged files faster. AVG is ICSA Labs certified for detection, however it isn't for cleaning -- the same goes for Avast.
Something else; both AVG and Avast falsely identify two files on my system as a Trojan using the same exact Trojan name, which makes me wonder if they are using similiar definition files.
QUOTE
AVG is ICSA Labs certified for detection, however it isn't for cleaning -- the same goes for Avast
Does that mean I have to turn on On-close scanning to block a malware from entering because AVG is not good for clearing a malware that is already writen on HDD?
I've been useing Zone Alarm for years....recently though I have been getting alot of problems with Zone Alarm Suite. Kinda fusterateing....thinking about switching.
QUOTE(kotrtim @ May 30 2005, 09:21 AM)
QUOTE
AVG is ICSA Labs certified for detection, however it isn't for cleaning -- the same goes for Avast
Does that mean I have to turn on On-close scanning to block a malware from entering because AVG is not good for clearing a malware that is already writen on HDD?
I'm not sure what you mean by "On-close."
Detection meaning:
It's good at finding viruses, which it can move to the AVG Virus Vault where you can try to clean it there. If it can't be cleaned it should be deleted. The original clean file will have to be restored from a backup or original install CD.
Cleaning meaning:
It's not "certified" at removing the virus from the executible.
The problem with the certification is that it isn't just a so-called AVG and Avast fault since allot of modern malware will mess up an executible file so much that even trying to repair it may or will corrupt the file..
, previously i thought cleaning is deleteas you've said, cleaning and delete are 2 different things, I think I understand now.
Cleaning feature is not so important if a malware don't corrupt files?
QUOTE
On-close scan - select this if you want Resident Shield to test files that are downloaded from the Internet or other computer on a local network even if this they are not accessed by a local user. While this feature leads to earlier detection of viruses it does not offer any greater protection. Furthermore it is more demanding on system resources, which may adversely affect computer performance.
If it does not offer better protection, why AVG has this feature? This statement from AVG's help file is really confusing
QUOTE
On-close scan - select this if you want Resident Shield to test files that are downloaded from the Internet or other computer on a local network even if this they are not accessed by a local user. While this feature leads to earlier detection of viruses it does not offer any greater protection. Furthermore it is more demanding on system resources, which may adversely affect computer performance.
QUOTE(kotrtim @ May 30 2005, 08:03 PM)
If it does not offer better protection, why AVG has this feature? This statement from AVG's help file is really confusing
To me is sounds like they are trying to say it makes the Resident Shield scan all files saved to disk, even if the user never opens it, for instance a cookie, however the Resident Shield should already and automatically find files like that if they're infected. The way they wrote that is confusing. Perhaps it's something they can answer on the AVG Anti-Virus Free Forum.
QUOTE(darin @ May 30 2005, 11:16 AM)
I've been useing Zone Alarm for years....recently though I have been getting alot of problems with Zone Alarm Suite. Kinda fusterateing....thinking about switching.
I just uninstalled ZoneAlarm (free) today. It was constantly autoconfiguring/adding setup files I created to the applications list, when I'd delete them from the ZoneAlarm programs tab they'd return. Even when renaming the setup files, they'd show up again with their original .exe name in the programs tab. I don't know if ZoneAlarm is buggy or what, however behaviour like that is enough for me not trust it. Now I'm using Windows Firewall.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.