By Reid Goldsborough
On any given day hackers try to breach my Internet-connected computers a half dozen or more times, looking for a “server” to use to launch attacks against others or trying to plant “trojan” or “zombie” programs on my PCs to take control of them.
I’m not alone. If you have a full-time Internet connection, you’re probably being probed continually as well. The media has had its hands full lately reporting high-profile computer break-ins. You’d think we were in the midst of an all-out info-war.
The fact is, hacking, or “cracking” according to the purists, has been around nearly as long as computers. “I cracked it because it was there” could well be a slogan describing the mindset of a typical hacker, often a bright, bored young man with too much time on his hands and too few scruples about what to do with it.
Hacking, however, has become more of a problem lately, for several reasons. First, sophisticated hacking tools are more widely available. Second, hackers as a rule hate what they regard as oppressive authority, which is epitomized in their minds by Microsoft, and Microsoft’s increasingly visible products are being attacked with a vengeance. And third, with the growing popularity of cable and DSL modems, which unlike older modems keep you connected to the Internet as long as your computer is turned on, more people than ever are hacker targets.
What to do, besides pulling the plug and returning to typewriters and calculators? First, as with computer viruses, hard disk crashes, and other potential disasters, keep things in perspective. You can make yourself nuts worrying about all this. Forbes magazine reported that a NASA security expert became obsessed with stopping one group of hackers to the extent that it may have destroyed his marriage.
The truth is that computer use, as with the rest of life, isn’t risk free, and any quest to create a risk-free PC, network, company, or society is self-defeating. You can’t stop all the bad stuff. But what you can, and should, do is reasonably minimize the risks.
Large organizations have long taken extensive security precautions, relying on experts. These days, smaller businesses and individuals are having to bone up on security and take precautions themselves, often without hired help. The solution here, for many, is a software program called a personal firewall.
Personal firewalls work in two ways, First, they block unauthorized attempts to reach and then damage or take control of your system. Second, if your system has been breached, they block attempts to send information back to the hacker or to others.
“Personal firewalls are almost required at this point, especially with people with high-speed connections to the Net,” says Winn Schwartau, a computer security consultant and author of the very readable book Cybershock: Surviving Hackers, Phreakers, Identity Thieves, Internet Terrorists and Weapons of Mass Destruction.
For a few weeks I used both a cable and DSL connection to test the three personal firewalls that are getting the most attention, Norton Internet Security 2000, McAfee.com Personal Firewall, and ZoneAlarm. (I didn’t test BlackICE Defender, which is also being talked about a lot, because it’s more of an intrusion-detection system than a full-fledged firewall.)
Norton Internet Security 2000 (http://www.symantec.com/nis) is the most comprehensive, and at $60 for one year, the most expensive. But it offers good value. Along with a firewall it includes tools for preventing virus attacks, barring access to porn sites, eliminating Web banner ads, and blocking “cookies” that some sites place on your hard disk. It’s easy to set up, though as with all firewall products, you have to delve into the program to make the best use of it.
I found McAfee.com Personal Firewall (http://www.mcafee.com) too complex, and according to the experts I talked with, it doesn’t adequately protect against hackers who replace programs on your hard disk with Trojan programs having the same name. It costs $40 for a one-year subscription.
ZoneAlarm (http://www.zonelabs .com) is generating the most excitement and only in part because of its price — free for individuals and $20 per year for businesses. It’s easy to set up and surprisingly sophisticated. One tool lets you automatically block any incoming and outgoing traffic when your screensaver kicks in. Another lets you create different settings for a corporate intranet.
One final tip: Keep up with latest security bug fixes for your programs by using their update feature, visiting their Web site, or subscribing to a service such as McAfee.com Clinic (http://www.mcafee.com) or Norton Web Services (http://www.nortonweb.com).
