|
Okay, you're an average computer user, and nobody's out to get you. You don't post flames to usenet. You don't send hate mail to mailing lists, and you generally behave like a good net citizen. Who'd want to hack you anyway? Nobody would be interested in what's on your computer, so your files are safe.
I hate to tell you this, but no, not quite. You have got a good firewall installed on your computer, right? You haven't? Follow me then - this is going to be a breeze, and you can finally rest assured that the chances of your computer being hacked are as close to none as you can get them and still use the Internet. Do it the right way, and crackers won't even be able to see that your computer exists - and how much better protection can you get than being invisible? If nobody can see you, nobody can hack you.
The early days of firewall technology for Windows were scary for average computer users. Software firewalls were (and some good ones out there still are) based on something called "rulesets." Rulesets are terrific if you know a lot about computers. But for the average, socially adjusted computer user who hasn't spent months learning about TCP/IP networking and other baroque areas of computer and Internet technology, they're a headache. You don't want your computer to be hacked, but you don't want to spend months figuring out how rulesets work and then weeks teaching your computer what it's okay to do and not do either. Fear not, a solution is at hand and it's free as well. Read on.
I have very strong feelings about Internet security. I work as a security tech, and while I don't believe in bombarding my clients with information overload or scare tactics, sometimes I get frightened at the way the security risks of the Internet are played down. The Internet is a great place, and I wouldn't advocate that anyone give it up, but you need to educate yourself a bit to stay safe. Windows is a fairly easy operating system to use, but in many ways, Microsoft traded off important security measures for the sake of that ease-of-use, and didn't tell their customers about it.
Even if your computer is stand-alone (not connected to a network), Windows has installed networking on it, because that is its default setting - and that alone is a big security risk for anyone using the 'net - your computer is set up to share its folders with anyone out there.
Windows doesn't even ask for your permission to do this when you first install it on your computer. You don't have to quit using Windows, and there are ways to make it a reasonably secure operating system - all of which are free, save for a few minutes of your time. If you don't do these things, you will be hacked at some point, especially if you have a cable modem, DSL or other "always on" connection to the Internet. This isn't a scare tactic, it's the truth.
First, go over to Windows Update and download any and all of the critical updates and security patches that have been released. Make a point of checking in there once a month or so, it's important. The best firewall in the world might crash on you, and you want your computer to be as secure as possible even if it's behind a firewall, because nothing is a 100 percent guarantee that you'll never be hacked. The best solution to the dilemma is to make your computer as hard to get into as possible, and that includes keeping up with security updates for Windows.
The second step is optional, but I strongly recommend it: hit Steve Gibson's excellent Internet security page GRC. It's written in plain English, and will tell you how to turn off, or at least secure, Windows networking. There's also a cool scanner there which will tell you how much information your computer is broadcasting to the world at large (something you definitely don't want it doing) and information on how to fix that, too. And all of it is free. That's worth 15 or 20 minutes of your time isn't it?
Even after you've done this, you still need a firewall. Again, there is no way to make sure that you're never, ever hacked short of giving up the Internet, but you can decrease the chances of it happening tremendously if you install a firewall, especially a stealth firewall. The biggest threat to most people is not that someone is "out to get them," but that the tools to get anyone are so freely available. Script kiddies with nothing better to do may knock you off-line occasionally, and while that's a nuisance, it's not too serious. Still, you want to avoid it if you can.
What is serious are the crackers with Trojan Horse programs and scanners set to automatically scan whole ranges of IP addresses(the places where computers live on the Internet). Chances are you've been scanned more than once without even knowing it. And if someone plants a Trojan Horse on your computer, it gives them more control over it than you have -full access to all your files, the ability to log every keystroke you type and have your e-mail program send it to the person who planted the Trojan (without your even knowing it), access to your credit card numbers and anything else you type or have stored on your computer, and even the ability to use your computer to hack someone else's computer, or to destroy your data and hardware if they're so inclined. This is scary stuff.
Firewalls are a great idea, because they filter information coming into, and in the case of the better ones, also going out of your computer. If you have a Trojan Horse program on your computer, you obviously want to get rid of it, but a good firewall will help to keep it from activating, and also help to keep anyone from having a chance to plant one in the first place. Good firewalls used to be expensive, and some of them still are. But one of the best Windows firewalls today is totally free for personal use, and uses a better technology than rulesets to keep your computer safe - as well as being a lot easier for you to install and configure.
One of the biggest problems firewalls have had, aside from being too complex for the average computer user, was that while they could "stealth," or make many ports on your computer seem invisible to passing scanners, they couldn't stealth the Ident port. That's what allows you to connect to other computers on the Internet, which you want to do - it's the only way you can get to the information and services out there. Many software firewalls do go a long way toward preventing break-ins, but if someone is randomly scanning addresses for live computers, they will see yours and realize that you have a firewall, because your Ident port is showing up, even though nothing else is. And software firewalls are software, and all software has bugs. Your computer could still be crashed by some Denial of Service attacks, and if a weakness, or exploit, in your firewall is discovered, it could be used to break in.
Most software firewalls are a partial solution, and while they're not perfect, they are still far better than nothing, or paying hundreds or possibly thousands of dollars for a hardware firewall - a separate physical appliance that acts as a firewall for your computer.
Now enter ZoneAlarm, made by Zonelabs. This is the best software firewall for Windows I've found, and it's totally free for personal use. Zone is based on a new technology called TrueVector, not on rulesets. What that means for you is that there is finally an affordable firewall out there that you can install and set up on your computer in a matter of minutes. The guys at Zone have solved the problem of stealthing the Ident port while still allowing you to connect to other computers, and TrueVector uses a different method of determining what's okay for your computer to do and what isn't.
After you install Zonealarm, the first time you're online and go to use your e-mail program, web browser, or any other program that accesses the Internet, a little window will pop up asking you if you want that program to have Internet access, and if you want Zone to remember that and give it access every time you use it. For most things, you'd probably choose yes and forget about it, but you have the option of saying yes or no every time if you like. If you're networked, you can also tell Zone the addresses of trusted computers so that they'll still have access to your computer.
It also does the same kind of filtering that other good firewalls do as far as keeping crackers out of your computer. By default, Zone will pop up a window when a suspicious event, like a scan, or someone trying to break in, happens. You can cruise to a web page for a bit of further information about what's going on if you like. If you're an average computer user, at some point you'll probably want to lose the pop-up window, but leave it enabled for a week or so - you'd be surprised at how many scans your computer is getting. The cool thing about Zone is that even if someone does scan the address where your computer lives, it will look like there's no computer there, or that you've disconnected from the Internet. I've tried this with high-level scanners on my own machines, and it really does work. You can't get much better protection than that.
Another great feature, especially if you have an "always on" connection, is that you can set Zone to lock out all Internet traffic, either instantly, or after you've been away from the computer for a specified period of time. And Zone has a nifty "mailsafe" feature that will kill suspicious VBS scripts and attachements (the things that are responsible for viruses like Bubbleboy, KAK and all their variants) before they even hit your computer - pretty cool, huh?
There are other good firewalls out there too, but this is the first free one I've seen that actually works, and outstrips most other software firewalls by far (even the expensive ones), both because of its ease of use and the level of safety it provides your computer. It's still software, and all software still has bugs, but Zone has come a long way in bringing firewall technology into the realm of average computing. And if you use the Internet, you need a firewall.
Download Zone from Zonelabs and don't forget to check back occasionally for updates and new versions.
Okay, school's out for the day, now go and play on the Internet - just be safe about it.
Happy surfing!
|
| |
