Learn to Use your Computer

Most people aren't paranoid enough about their connection to the Internet. The chances of suffering from some type of Internet hack are rising, especially when you connect to the Internet using cable or DSL. Most people are surprised when they discover that their newly installed personal firewall reports that their home computers are getting scanned or probed from the Internet multiple times per day.

Features of personal firewalls

Some personal firewalls are not very secure. Some are even outright insecure, providing only a false sense of security, which may even be worse than no firewall at all! Some start only when you log onto your computer. This means that, depending on the kind of Internet connection you have, you may be exposed to the Internet before you log on.

The ideal personal firewall has the following features:

• Inexpensive: Several personal firewalls are free for personal use, and charge something like $40 for business use. Although downloading the free personal firewalls and using them for a test-run is easy, be sure to look at the ones that aren't free as well.

• Easy to install and use: The installation of the firewall software and the use of the firewall should be fairly simple. The personal firewall should contain good documentation on how to use it; what the various firewall settings; and explanation about the concepts behind firewall security. This makes it much easier to understand the alerts you may receive or the severity of detected scans.

• Easy to configure: Nobody wants to read an 800-page manual before the Web browser can be configured to access the Internet. And you shouldn't have to draft several pages of firewall policy either before you can distill what network traffic should be allowed in and what should be allowed out. Many personal firewalls have some sort of learning mode in which they offer to add rules for the application that was just blocked at the firewall.

• Monitor incoming traffic: The firewall should look at all network packets coming from the Internet and allow only

• Those network packets received in response to requests you sent out to the Internet.

• Those packets for which you have configured rules at the firewall.

• Monitor outgoing traffic: Personal firewalls have their own special version of scanning for outgoing traffic. Whereas enterprise firewalls define allowed outgoing traffic in terms of protocol, user, time of day, or addressed Web site, personal firewalls are often application-aware. They allow only outgoing traffic from applications that are on a trusted application list. This is an important measure if you want to prevent Trojan horse programs from communicating with the Internet. It also stops so-called adware or spyware programs that connect to their home server on the Internet to relay the list of sites you have visited or something similarly inappropriate. Anti-virus programs usually don't scan for these adware programs.

Some adware or spyware programs are getting smarter and know that certain personal firewalls look only at the filename of the application to decide whether outgoing traffic is allowed. They can easily rename themselves to something innocuous-looking like iexplore.exe, the filename of Microsoft's Internet Explorer. If you think that detecting outgoing traffic is an important feature of a personal firewall, be sure to get one that decides about outgoing access based on a checksum of the entire application executable file, instead of just the filename.

• Detection intrusion attempts: Besides monitoring incoming network packets and deciding which should be allowed in and which should be blocked, a personal firewall may also go one step further and scan for patterns of network traffic that indicate a known attack method or intrusion attempt. The personal firewall may even have an updateable list of intrusion-detection signatures to respond to newly discovered attack methods.

• Alert the user: When something suspicious is detected during the monitoring of the incoming and outgoing network traffic or while scanning for known attack patterns, the firewall usually alerts the user. It can do this either by displaying a dialog box or by flashing an icon on the Windows system tray in the lower-right corner of the screen. Whereas enterprise firewalls tend to concentrate on creating extensive log files, personal firewalls like to get the user into the live action. Initially, it may scare you how often the firewall deems things important enough to warn you about. Those are usually automated scripts or bots scanning your ports. In fact, this "knob rattling" may happen so often that you don't pay attention to it anymore.

You don't need to do much when your firewall alerts you that something is up. You may temporarily disconnect the computer from the Internet, but the idea is that the firewall will prevent anything bad from happening. Some firewalls offer to backtrack the alleged intruder to find his IP address, computer name, and perhaps user name. This information may help if you want to contact the intruder's ISP to report the excessive intrusion attempts.

• Performance: Of course you want performance, but this usually isn't a problem for personal firewalls. With enterprise firewalls, many users use the same firewall to access the Internet, but in the case of a personal firewall, you are the only user. The firewall can easily handle that.

Take precautions

You can be safe when you connect to the Internet. Following are some precautions you can take:

• Back up important data files.

• Install the latest patches and updates for your operating system (especially if those updates are security-related, and they usually are). If you use Windows, go to WindowsUpdate to make sure you have the latest updates.

• Disable or unbind the File and Printer Sharing component (or Server Service in Windows NT 4.0) if you don't use that function.

• Select and install a good personal firewall.

• Select and install a good anti-virus program. Some personal firewalls have this function built-in, but many folks prefer to keep the firewall function and the anti-virus functions separate.

• Be careful with files that you download and files with attachments in e-mail messages. These could be stealth Trojan horse programs to trick you into opening up access to your computer, or they could be plain malicious viruses.

• Never reveal your computer password or ISP password to anything or anyone. Never use the same password for two different purposes. Ideally, you should use different passwords for every program or Web site that needs it. If that's too much to remember, write down your passwords somewhere on a piece of paper that you keep hidden.

If that's still too much work, use at least four different passwords:

• Password to log on to your computer

• Password to log on to your ISP

• Password to use in applications that want a password to encrypt stuff, such as Word to encrypt a document or WinZip to encrypt the files in the Zip file

• Password to use on Web sites that ask for a password

• Even if you use a personal firewall and have an always-connected subscription for a cable connection or DSL line to the Internet, consider switching off the computer when you're away for a longer period of time.