Insulate your PC from hackers

From...

by Jeff Sengstack

(IDG) -- It was getting late, so Jim Jarrard, president of Cinenet, a stock film footage company in Simi Valley, California, decided to leave his computer on overnight to finish downloading a big file. While Jarrard was gone, a hacker accessed his PC over its DSL Internet connection and loaded a program giving the intruder power to commandeer Jarrard's computer, steal valuable film files, and erase the system's hard drives.

Allan Soifer, an Ottawa, Ontario, electronic mailing list administrator, didn't realize a distant hacker had been scanning his home PC for hours. The hacker had found a way in and needed only a password to access Soifer's files. So he pelted the machine with computer-generated words, hoping for a lucky match. Fortunately, neither of the hackers got the goods.

Lessons Learned

	MESSAGE BOARD
Security on the Net

Jarrard escaped catastrophe because a frozen system and an error message the next morning told him something was wrong. He spent two weeks investigating the problem (and learning more than he wanted to know about hacking) before realizing that he would have to back up his data files and reformat the hard drive to delete the hacker's self-replicating program. Finally, he installed personal firewall software to guard against future attacks.

Soifer was luckier. Before the attack, he had visited Shields Up, a Web site dedicated to Internet security advice. Soifer followed its recommendation to download and install ZoneAlarm, a free personal firewall program. ZoneAlarm alerted Soifer to the flood of incoming passwords and helped him identify the hacker's Internet service provider--in Anchorage, Alaska. The ISP cut off the intruder's service, but the miscreant could likely open an account with another ISP and continue his misdeeds. And law enforcement is unlikely to take action on any but the largest, most prominent computer crimes.

Hackers Great and Small

MORE COMPUTING INTELLIGENCE

IDG.net home page

PC World home page

How it works: Personal firewalls

EarthLink offers free DSL firewall

Norton patches firewall holes

Reviews & in-depth info at IDG.net

E-Business World

TechInformer

Questions about computers? Let IDG.net's editors help you

Subscribe to IDG.net's free daily newsletters

Search IDG.net in 12 languages

News Radio

Fusion audio primers

Computerworld Minute

Hackers come in all flavors. Many are simply curious folks who want to find out how a program or system works. They may not do any harm, and some even provide a service by discovering programming bugs and helping fix them. But malicious or criminal hackers use their skills for devious purposes. Criminal hacking incidents can range from obnoxious to destructive. The latter category includes "denial-of-service" attacks--like those that shut down Internet sites EBay and Yahoo last February when hackers bombarded the sites with data and caused the companies' servers to crash. Is your PC likely to suffer such a massive attack? If you're an individual or small-business user, probably not.

Hacking individual PCs remains a fairly rare phenomenon. Your chances of suffering some type of Internet vandalism are rising, however, especially if you have an uninterrupted, dedicated connection like DSL or cable modem. Fortunately, you can take some simple steps to protect yourself. For most Internet users, changing a few settings, installing a good personal firewall, maintaining updated antivirus software, and using common sense will provide reasonable protection for a small cost.

Many Ports of Entry

How do malicious hackers cause damage? They have access to increasingly sophisticated automated software tools that scour the Internet for vulnerable PCs. The tools locate an individual machine by its Internet Protocol address, a unique number that identifies a computer on the Net. Most computers equipped with dial-up connections have dynamic IP addresses: The Internet service provider assigns them a new IP address each time their users log on. By contrast, most high-speed connections, like DSL and cable modems, use constant or "static" IP addresses. In the unlikely event that a hacker decides to target you specifically, such a static address makes it easier to track you down.

An IP address identifies a computer but doesn't provide a way inside. To get in, the hacker must find an open port, or connection point. Think of an IP address as a computer's switchboard number and a port as an individual phone extension. Software on your PC creates ports to allow specific networking functions. Web access, for example, generally uses port 80, while FTP runs through port 21. Once they've targeted an IP address, hackers scan the machine for open ports, as happened to Allan Soifer.

Malicious hackers may also trick users into opening ports by sending Trojan horses. Mimicking the tactic invented by the wily Greek invaders of Troy, Trojan horses hide damaging cargo within a seemingly benign shell--in this case, an e-mail attachment or a download. When you double-click and open the shell, the hidden program sneaks out to wreak havoc on your computer. One of the best-known Trojan horses is "Back Orifice." (The name is a play on Microsoft's BackOffice network administration software.) Back Orifice surreptitiously opens a port on your PC that a hacker can then exploit to take control of your machine remotely.

Close the Windows

So how can Windows users protect themselves? Before you install any new software, you should perform some simple housekeeping on your operating system to make it safer. The first step is to check the Microsoft Web site for security updates and patches. If you have Windows 9x, Windows NT, or Windows 2000 Professional, point your browser to the Windows Update site and follow the links there to find the updates for your particular operating system.

In addition, David Ursino, Microsoft's product manager for the new Windows Millennium Edition, recommends disabling the File and Printer Sharing option that provides other computers access to a machine running any version of Windows. Go to Start, Settings, Control Panel and double-click the Network icon. In the dialog box that opens, search the list of installed network components for "File and Printer Sharing for Microsoft Networks." If this item is present, highlight it and then click the Remove button beneath the list of components.

Another way you can protect yourself is to use software that blocks Trojan horse programs. Any good antivirus package is designed to identify Trojan horses, but you must keep it up-to-date to defeat the latest subterfuges. You should also make sure your e-mail program is not set to open attachments automatically. And never open an attachment that you don't recognize or that comes from an unknown source.

These measures alone, though, will guarantee security for only a minority of PC users. "Unless you've installed your system from scratch, there's no way of knowing just how secure it really is," says Stuart McClure, coauthor of Hacking Exposed. Security breaches can occur on many fronts, typically through Internet software--like PC Anywhere, Net Meeting, or ICQ--that opens ports hackers can subsequently exploit. Even Microsoft's Ursino sees the need to add another layer of security. "If I were a user who had a home network with a persistent Internet connection," he says, "I would choose to have a firewall."

Good Fences Make Good Neighbors

Personal firewall software goes a step beyond the basic precautions. Like expensive and complex corporate-level firewalls, these affordable and simple products promise to repel intruders by monitoring incoming and outgoing Internet traffic and alerting you to possible dangers. To learn more about how firewalls function, see "How It Works: Personal Firewalls" below. We looked at ten personal firewalls that sell for $50 or less and chose the six strongest contenders for more detailed testing. This is a new kind of software product, and it shows. The firewalls' performance, usability, and interface quality run the gamut from effective and accessible to weak and incomprehensible.

The perfect personal firewall would be inexpensive and easy to install and use, would offer clearly explained configuration options, would hide all ports to make your PC invisible to scans, would protect your system from all attacks, would track all potential and actual threats, would immediately alert you to serious attacks, and would ensure nothing unauthorized entered or left your PC. Only two products come reasonably close to meeting that ideal: Network ICE's $40 BlackICE Defender 1.9 and Zone Labs' ZoneAlarm 2.1, which is free for home users and nonprofit organizations. Though neither package is perfect, each has strengths that will make it attractive to particular users. Ultimately, we decided that these two products should share the title of Best Buy.

Our Best Buy Recommendation

McAfee.com's Personal Firewall ($40) and Symantec's Norton Personal Firewall 2000 version 2 ($50) fall into the second tier of products. Sybergen Networks' Secure Desktop 2.1 ($30) performed unimpressively in our tests and didn't provide sufficient feedback (or even an indication that it was running). And Aladdin's free ESafe Desktop 2.2 fared poorly because it is essentially an antivirus product with what our tests showed to be a kludgy, leaky firewall tacked on.

Four other products that we examined--Digital Robotics' Internet Firewall 2000 ($40), Delta Design's Net-Commando 2000 ($30), Plasmatek Software's ProtectX 3 Standard Edition ($25), and Tiny Software's Tiny Personal Firewall ($29)--failed to get past our preliminary cut because they exhibited more-serious flaws, such as incomprehensible instructions, weak documentation, or limited functionality.

We assessed the six contending products on three criteria: user-friendliness, ability to work with common programs that access the Internet, and prowess at repelling hacking attempts. In each case we independently installed the firewall on an otherwise unprotected Quantex QP6 350 M2X, a Pentium II-350 machine equipped with 64MB of RAM and running Windows 98 SE.

The best configuration process should be comfortable for a neophyte while giving an advanced PC user the opportunity to tweak the settings. Most of the products we tested offer only three security settings: block all traffic, allow some traffic, and provide no security at all. This scheme works fine if you just surf the Web and check e-mail, but it's too limiting for many users. BlackICE Defender and McAfee.com Personal Firewall have the best configuration options and default settings. BlackICE has the simplest, best-explained security options, and it offers four levels of security for finer adjustment by the user. McAfee.com defaults to a middle "filter" security level that is an excellent starting point for most users. ZoneAlarm ranks near the top, too, but we thought it would have benefited from offering a fourth level of security between its high and medium settings.

Even the best documentation for the firewalls we tested is scarcely adequate, especially since hacking remains a mysterious aspect of computing for most PC users. In particular, none of the products we looked at fully explains its advanced configuration features. If you take into account its reasonably clear and organized online help, BlackICE Defender scores highest in the documentation category. But in this case that's a small honor.

Things That Go 'Bump' on the Net

The ideal firewall would also work quietly in the background but alert the user to anything worth reporting, and provide comprehensive logs of events. Unfortunately, most of these products tend to overwhelm the user with data. Firewall novices may be stunned at how often someone "touches" their PC. Most of that contact, however, is innocuous traffic that security expert Steve Gibson calls IBR--Internet background radiation. According to Gibson, who maintains the Shields Up Web site, "All firewalls overreport, and they don't do a useful job of discriminating between IBR and actual attacks."

Spikes of IBR occur for various reasons. For example, Internet services like WebTV sometimes send data to the wrong IP address when they attempt to contact users. A firewall might interpret that activity as a port scan. Internet privacy and security guru Simson Garfinkel, author of Database Nation, criticizes the misinformation typical firewall products generate. The most frequent complaint ISPs receive is no longer about spam, he says, but about firewall alerts of attempted scans. "Lots of people are going to scan you," he says. "You just can't react every time."

Of the products we examined, BlackICE--using carefully crafted reporting windows--provides the clearest, most useful information. The program notes the source of any probe, and it's the only personal firewall we tested that automatically looks up IP addresses and provides contact information about whoever "touched" your PC. An honorable mention goes to Norton and Secure Desktop, which log events in accessible text windows. But ZoneAlarm went a bit overboard: We finally turned off its endless stream of pop-up alert windows, relying instead on its comprehensive event logging for detailed information. However, only ZoneAlarm effectively alerts you in real time to all potential threats--a level of detail that may appeal to some hands-on users. (For more on using ZoneAlarm, see "Instant Internet Security" below.) Most firewalls simply flash an icon in the system tray when they detect something, but you won't see it if your system tray is covered or if you're not looking for it.

Play It Safe

According to Murphy's Law, anything that can go wrong, will. People are putting more sensitive data (such as financial records) on their PCs, and sending other sensitive data (such as credit card numbers) over the Web. They're also switching from dial-up modem-based service to broadband connections, with continuous service and fixed IP addresses. Meanwhile, hackers are acquiring more devious software tools and putting more potential victims at risk. Hacking will inevitably increase. But the good news is, you can protect yourself now.

For an unabridged version of this article, click here.

Hackers are naughty and nice at Def Con
August 3, 2000
For hire: Hackers to help Pentagon prevent attacks
August 1, 2000
Security experts warn of holes in Lotus Domino
August 2, 2000
Erase your trail with Internet Cleanup
August 2, 2000
Debate erupts over disclosure of software security holes
July 31, 2000

How it works: Personal firewalls
PC World
Top 400: Personal firewalls keep intruders at bay
PC World
In good hands with Internet insurance
IT World
ZoneAlarm: Instant Internet security
PC World
Old IDs never die; they just cause trouble
ComputerWorld
Popular firewall vulnerable to denial-of-service attacks
ComputerWorld
A firewall for phone-lines
InfoWorld
6 firewalls compared
NW Fusion

AntiOnline.com
CERT Coordination Center
Gibson Research Corporation
Network ICE AdvICE
HackerWhacker

Note: Pages will open in a new browser window

External sites are not endorsed by CNN Interactive.