An unprotected computer on
the Internet
is like a house with an unlocked door in a high-crime neighborhood
(like
mine). On a regular basis, strangers come around and rattle the door
and windows. If they're unlocked, they come in to take a look around.
And once in, they may walk off with your possessions, or even sit
around, use your stuff, and act like they own the place.
With your computer, these
strangers may
be looking for financial data: credit card and bank account numbers. Or
they may want to use your computer as a base to attack other computers,
getting it to help them repeatedly bang on some other computer's door
in
a so-called denial-of-service
(DOS) attack.
Recently, there's evidence that spam emailers have taken to using
unlocked computers to send large volumes of e-mail, to make it harder
to catch or block them.
Check what's unlocked
Right now, let's take a look
at how open
your computer is to the anyone rattling the doors and windows.
Long-time
personal computer program and guru, Steve Gibson, has a website worth a
visit: http://www.grc.com.
When you
go there, rather than clicking on a link on the inital black-background
page, wait a moment for the true first page to appear. You'll see news
about a wide-range of Internet security issues; Steve, for instance,
was one of the first to raise the issue of spyware installed along with
'free' software. Feel free to browse his stuff, but eventually, click
on the link for Shield's
Up
(or
go directly to it at: https://grc.com/x/ne.dll?bh0bkyd2).
Click
the
Test
My Shields!
button, and after looking at the results, try the Probe My Ports!
tests. After the
tests, scroll down the page for descriptions of what the results mean.
'Ports' are like the different doors and windows of your house--
different Net services: HTTP, FTP, telnet, RealPlayer, file sharing
programs, and the like, each have a port that they typically use to get
in and out of computers. Ideally, you want Grc's ports probe to find
your ports hidden away (stealthed) or locked up tight (closed). Open
ports are like unlocked doors; something to be avoided (at least in my
neighborhood). (Note: in this context, ports
are not real, physical parts of your computer-- like your printer port
or USB ports, but instead are virtual ports, identified by number. HTTP
(Web) traffic generally uses Port 80; telnet uses Port 21, etc).
Another, different set of
tests can be
run at Symantec's Security Check (http://www.symantec.com/securitycheck/).
We
earlier
linked to this address as a place to run an online check for
virus infections. This time, click on the page's link labelled: Scan for Security Risks.
You'll be
asked to download a Symantec Security Check utility; feel free to do
so.
After a few moments, you will see results of a number of tests. Be sure
to click the Show Details
links
for more information. Note that unlike grc.com, which is run purely as
a
public service, Symantec really wants to sell you copies of their
Norton
Antivirus or Norton Internet Security software packages.
PestPatrol
(http://pestpatrol.com/Support/About/About_Ports_And_Trojans.asp
) has a link to download their free Port
Checker utility which will quickly check whether any nasty
software is making use of your computer's ports.
What's a
firewall?
Webopedia.com defines
firewall as "A
system designed to prevent unauthorized access to or from a private
network. Firewalls can be implemented in both hardware and software, or
a combination of both. Firewalls are frequently used to prevent
unauthorized Internet users from accessing private networks connected
to
the Internet, especially intranets. All messages
entering or
leaving the intranet pass through the firewall, which examines each
message and blocks those that do not meet the specified security
criteria." As an individual user, you may want to replace their use of
the words network
and intranet
with computer.
It is becoming
increasingly common for users to protect individual computers with
software or hardware firewalls-- especially if they are always
connected
to the Internet by a cable or DSL broadband connection.
Hardware
firewalls may be dedicated units, such as the Alphashield
(US$99/CDN$149 from
Burnaby BC's http://www.alphashield.com),
designed
to
protect home users with individual computers or small home
networks. Alternatively, users who are connecting more than one
computer
to a broadband connection may purchase a small router (wired or
wireless), from brands including Linksys, dLink, Netgear, and others.
Often, these routers include hardware firewalls.
Firewalls and routers use a
number of
technologies. They may use Network Address Translation (NAT) to hide
the
address of the connected computer(s) from outsiders on the Internet. IP
filtering can block Internet packets from specific addresses. Stateful
Packet Inspection (SPI) checks the contents of Internet traffic before
allowing it to pass inside. Advanced settings let the firewall be used
to block (or allow) traffic through specific ports.
Advantages of hardware
firewalls (whether
part of a router or not):
-- they do not take any resources away from the computers connected to
them
-- while setup can be complex, once set they can simply be left alone,
running on their own for long periods of time without needing any user
intervention
-- for many users, the default settings are fine. In that case, just
plugging in the firewall provides quick and easy protection
-- a single hardware firewall can protect all the computers on a home
or small office network.
Disadvantages of hardware
firewalls:
-- if the default settings need modification, non-technical
users
can get overwhelmed with acronyms and obscure options. Meanwhile, their
multi-user game (or whatever) doesn't work.
-- cost is higher than software firewalls
-- generally not useful in blocking traffic going out of the user's
computer or
network
-- models aimed at home users do not provide information on attempts to
break in.
-- if you use a notebook, you probably can't take one with travelling
with you..
-- they do not protect users from viruses or spam or downloaded files.
(Then again, neither do software firewalls).
Software
firewalls are software that runs on a computer, monitoring
network or Internet traffic, closing ports that are not in use
by
legitimate services. Some software firewalls also block unauthorized
information from leaving your computer. This can be a very useful
feature.
Microsoft built Internet Connection Firewall
into
Windows XP; this is a very bare-bones firewall that does not block any
outgoing data. Much more capabile firewalls are available from a many
other sources; some are bundled with antivirus and other utilities into
Internet Security suites, others are available for free.
Most firewall software will
come with a
set of pre-established rules for well-known software on your computer
that connects to the Internet, but will require a few days training--
as
other software tries to connect with the Net, the firewall will ask you
whether to allow it or not. This will give you a good sense of the
spyware on your system, and give you the capability to block it from
'phoning home'. However, this process can be annoying-- as a result,
many users give blanket permission, and end up letting the spyware on
their system do whatever it wants.
This process can be
annoying, and far too
often, firewalls report the name of a file that's trying to access the
Net, without giving the user enough information to know what that file
actually is-- what program it's a part of. PC Magazine (Nov 19, 2002)
published a list with many files commonly identified in that way, and
where they come from: http://www.pcmag.com/article2/0,4149,640479,00.asp
If you are using software
firewalls and
have a home or small office network, you should install the firewall
software on each connected computer. Because they are always running in
the background, they use computer resources and will result in a small
but real drain on the computers' performance.
If
you've got a network, use both
A router (with built-in hardware firewall) is the best way
to
connect multiple computers to the Internet; but also install software
firewalls on all your systems, to check outgoing traffic and to protect
notebooks when they're on the road.
What
firewalls don't protect
Neither software nor hardware firewalls protect your
system(s)
from viruses or spam. If you download a Trojan Horse or spyware program
and install it on your system, you've let the 'bad guys' in past the
firewall-- though a software firewall may keep the spyware from being
able to report back on you.
Software
Firewalls compared:
In November 2002, PC Magazine reviewed 6 brands of
software
firewalls marketed for home and small office users: http://www.pcmag.com/article2/0,4149,945637,00.asp
Their Editors' Choice went to Symantec's Norton Internet Security Suite
2003,
which bundles a software firewall together with Norton Antivirus, ad
blocking, spam filtering, and the ability for parents to limit what
their children can do online. Setup wizards make it one of the easiest
firewalls to configure. (PC Mag also ran a companion piece looking at
small business firewalls: http://www.pcmag.com/article2/0,4149,644364,00.asp)
If you're on a budget, and
don't want to
pay for all the features in NIS, ZoneAlarm (http://www.zonelabs.com)
offers
three versions: a US$50 Pro version, a US$30 Plus version, and a free
(for personal or non-profit use) version. Unless they have a home
network, the free version provides all the protection most home users
will need. It will protect against outsiders probing your system for
security holes, and can give information about the prober. It also
controls against Trojans and spyware installed on your system
attempting
to contact outside.
The Plus version adds protection against email worms and viruses (though it is not a full replacement for anti-virus software), and provides more information and reporting about outsiders probing your system. The Pro version adds control over browser cookies, stops pop-up ads, and controls nasty ActiveX and JavaScript web applications.
As with other firewalls,
expect to spend
some time 'training' it; after installation, you will be notified every
time an application tries to access the Internet or your home network,
letting you set rules for that application. Nice feature-- you can give
applications different settings for access within your local network
and
the Internet. Your word processor may need to access documents shared
on another computer on the network, but does it need Internet access?
When first installed, Zone
Alarm will
also notify you everytime someone outside tries to get at your
computer.
While this is interesting (and frightening) for a while, it gets boring
fast... luckily, you can easily set the program to keep a log of all
these attempts, while not needing to bring it to your attention.
Home users with local area networks will need to manually set the free Zone Alarm version to recognixe their home LAN.
Zone Alarm is not the only firewall with a free version... Tiny Personal Firewall (http://www.tinysoftware.com/) used to have a free version, which can still sometimes be found (for example: http://www.pcworld.com/downloads/file_description/0,fid,8051,00.asp) Effective Nov 30 2005, Symantec, having purchased Sygate, has stopped making both paid and free versions of Sysgate Personal Firewall available, though copies may still be found online. Kerio also announced that it will no longer be supporting its Desktop Firewall product, though it can still be downloaded at: http://www.kerio.com/kpf_download.html Jetico Personal Firewall (http://www.jetico.com/index.htm#/jpfirewall.htm) is free for Windows 98 through XP; I haven't had the opportunity to use this one. Comodo Personal Firewall is a new, modern, free firewall that's getting great reviews.
New: ZoneLabs, makers of ZoneAlarm have a new product, IMsecure for users of instant messaging programs AOL, Yahoo, and MSN Messenger. (It doesn't work with the popular ICQ). As with Zone Alarm, there's a free basic and a pay (US$20) 'Pro' version. Both versions offer encryption and protect against buffer-overflow attacks; the free version will only protect one user name on one IM network.
PC Magazine (November 8 2005) reviewed four free firewall programs: Kerio, Outpost, Sygate, and ZoneAlarm 6. Their conclusion: Kerio was the best for Windows 2000 and XP users, ZoneAlarm for Win98/ME users. Read their detailed reviews: http://www.pcmag.com/article2/0,1895,1865517,00.asp
How do
nasty worms get inside corporate firewalls
If home users can protect themselves with personal firewalls and
antivirus software, how is it that big organizations seem to be
vulnerable to worm attacks such as the August 2003 Blaster worm that
shut down Air Canada's reservations system or the September 2003 shut
down of the US State Department's visa application network?
The September 2003
ComputerWorld article:
"Lessons Learned From the Blaster Worm": http://www.computerworld.com/securitytopics/security/story/0,10801,85247,00.html?nas=SEC2-85247
notes that firewalls can be compromised in several ways, for example,
by
notebook users who take their computers home and let them become
infected there, then bring them back inside the corporate firewall. As
well, users who browse to a webmail service to check their personal
email at work may be bringing viruses and worms inside the corporate
firewall.