Don’t Get Burned, Surfers; Personal Firewalls Are Here

The spread of high-speed Internet access over cable TV or digital phone lines has spawned a new threat for PC users: greater vulnerability to attack from hackers.

Although PC users with cable modems or digital subscriber line (DSL) service enjoy surfing the Internet at speeds up to 30 times faster than those with dial-up connections, their computers can more easily be found and attacked by hackers because they are usually permanently logged on to the Net and often have a fixed Internet address.

This vulnerability has opened up a hot new market for so-called personal firewall software that purports to protect PC users from hackers, and in some cases, even intercept those pesky pop-up banner ads that can litter your desktop when you visit certain Web sites.

These programs face a difficult task in striking a balance between being easy to use yet sophisticated enough to distinguish between innocuous and threatening Web traffic. You don’t want hackers rifling through your Quicken personal finance files. On the other hand, you don’t want to lock down your PC so tightly that you can’t easily retrieve e-mail.

The best personal firewall programs clearly explain such security options and guard electronic routes of entry to your computer, known as ports, that hackers often exploit.

Personal firewall protection should not be considered an optional software accessory, in my view. Like antivirus software, it should be among the first additions to your computer operating system because the threat of attacks are real.

Carnegie Mellon’s Software Engineering Institute, which tracks only a fraction of the world’s computers, reports that there were more than 35,000 reports of computer security breaches last year affecting more than 4.3 million computers. Most home computers are a lot less protected than the computers reported to Carnegie Mellon. Indeed, some Internet access providers, such as EarthLink, have begun offering free personal firewall software to their customers.

I examined three personal firewall products that sell for $50 or less: Norton Personal Firewall ($49), Zone Alarm (free for personal and nonprofit use), and McAfee.com’s Personal Firewall ($40). I ranked Zone Alarm as the best, followed by McAfee and then Norton.

Zone Alarm

Zone Alarm, which can be downloaded at https://www.zonelabs.com, excels at making personal firewall configuration simple for novices yet powerful for advanced users. The security level can be adjusted to either Low, Middle or High, with options to fine-tune adjustments. However, Zone Alarm’s repeated intrusion alerts under the default setting can be irritating. The notifications, however, can be turned off in favor of having intrusions recorded in a text file that can be examined at your leisure.

Zone Alarm also monitors outbound Web traffic. When a program on your computer attempts to access the Web, a window pops up asking whether you want to block the program from going online, allow access at that time only, or always allow access. Thus if a hacker surreptitiously places a program on your computer that tries to go online, Zone Alarm will let you know immediately.

Also useful is Zone Alarm’s “Internet Lock” feature. It shuts down online access after a certain amount of inactivity on your PC, or when activated manually, much like a password-protected screen saver blocks access to your desktop after a certain interval. Even when the lock is on, however, you can permit selected applications, such as your e-mail program, to bypass the lock and check for new mail.

Zone Labs last month introduced a $39 professional version of Zone Alarm that allows more sophisticated filtering of Web traffic but with the same ease-of-use features in the free product.

McAfee

McAfee.com’s Personal Firewall, version 2.10, installed without a hitch. It displays just two setup windows: one to select whether to block all Web traffic, filter all Web traffic or allow all Web traffic; and another to select whether to keep detailed or summary traffic logs.

Like Zone Alarm, McAfee displays a check box each time an application tries to access the Web and asks the user whether it is OK for the application to establish an Internet connection.

The program automatically installs a “middle” security level. That’s a good compromise for most PC users. The setting, for instance, closes the NetBIOS port, which enables printer and file sharing over a network, but also can be used as an entry point by hackers.

The one oversight of the McAfee program is that it does not automatically launch when Windows starts up. Unlike ZoneAlarm and Norton, you have to make your own start-up folder shortcut for McAfee or click through four dialogue screens to reach the setting that makes McAfee’s Personal Firewall start automatically.

Norton

Norton’s Personal Firewall offers a broad range of protection. It blocks files, called cookies, that can track your movements on the Web, and can quash malicious Java software code and other small programs that can damage your computer. Norton allows users to designate personal information--such as credit card or bank account numbers--as confidential and block their transmission over unsecured Internet connections.

Norton’s default settings give modest protection against unauthorized intrusions. Within 10 minutes of installing the software on my home computer and taking a quick spin around the Web over a DSL connection, the program reported blocking 21 cookie files and half a dozen unauthorized attempts to access my computer. A slightly more expensive Symantec product, Norton Internet Security 2000 ($69), offers firewall and antivirus protection in one package and also does content filtering and blocks unwanted Web banner ads.

But for all of its prowess at cataloging the unwanted Internet traffic attempting to invade my PC, Norton did not lock down my computer as tightly as the other two products. It left the notorious NetBIOS port and another entry point open. A spokesman said Symantec will change that default setting in a future update of the program.

More troublesome is that Norton commits an online transgression it was designed to prevent: compromising your privacy.

Symantec asks users of its firewall product to submit certain personal information such as name, telephone number, occupation and address as a condition of registering the product or receiving technical support.

In its privacy policy, Symantec explains that it--or any of its subsidiaries--may use such information “for any purposes related to Symantec’s business.” The company says it shares personal information with selected third parties and “reserves the right to monitor, and disclose to, government officials or law enforcement, without your consent, any communications and personally identifiable information, whenever prompted to do so, by legal authorities.”

McAfee, by contrast, only collects name, e-mail address, ZIP code, state and country, and promises not to distribute the information to third parties.

Symantec senior product manager, Tom Powledge, says users don’t have to provide any personal information to use the product and can opt out of Symantec’s mailing lists even after choosing to disclose personal information.

Still, it’s a good idea to think carefully about how much information you want to disclose to any personal firewall developer given that such products run constantly on your computer and can track your most intimate surfing habits.

Add-on personal firewall products, such as DoorStop Personal, are also available for Mac users. And many Linux distributions come with firewall protection built in.

(BEGIN TEXT OF INFOBOX / INFOGRAPHIC)

Home Computing Security Programs

Zone Alarm 2.1

Media: Direct download from https://www.zonelabs.com

System requirements:

* Windows 95, 98, NT or 2000

* Intel 80386 or faster processor (486 recommended)

* 8mb system memory

* 3mb free hard disk space

* Internet connection

* Service pack 3 or higher for Windows NT

Cost: Free for personal or nonprofit use

McAfee Personal Firewall

Media: Boxed CD-ROM or download from https://www.mcafee.com

System requirements:

* Windows 95, 98 or NT

* Intel 486 or faster processor (Pentium recommended)

* 8mb free hard disk space

* Internet connection

* Microsoft Internet Explorer 4.0 or higher

* Service pack 3 or higher for Windows NT

* Does not support Windows 98Se Internet Connection sharing

Cost: $39.95

Norton Personal Firewall 2000

Media: Boxed CD-ROM or download from https://www.symantec.com /homecomputing

System requirements:

* Windows 95, 98, NT or 2000

* 133mhz Pentium or higher

* 32mb RAM

* 10mb free hard disk space

* CD-ROM drive

* Internet connection

* Microsoft or Netscape browser version 4.0 or higher

* Service pack 3 or higher for Windows NT

Cost: $49.95