FIREWALLS ARE THERE, BUT NOT EVERYONE REALLY NEEDS ONE

By Walter S. Mossberg
The Wall Street Journal, 24 February 2000

If hackers can bring down Yahoo!, with its huge banks of huge computers in huge buildings with huge staffs, can they bring down your lonely little PC in the spare bedroom? Can they invade its contents, peering right into your kids' term paper on Christopher Columbus? And, if so, what can you do to stop them?

There's no perfect answer to that question. Theoretically, any computer that connects to the Internet, even episodically, could be penetrated by malefactors. The invaders could then read or copy data on its hard disk, or plant "Trojan horse" programs you'd never find which could be activated later to do damage, either to your PC, or to other computers on the Internet.

However, the vast majority of home users aren't especially vulnerable to such attacks, and shouldn't lose sleep worrying about them. And, for the minority of consumers whose PCs might be in danger, there are cheap and effective defenses, several of which I've been testing.

Before turning to the available defenses, let's talk about the problem. There are two main kinds of home computers connected to the Internet. Some are constantly connected to the Inter­net and use a fixed Internet address, a sort of code that computers on the net use to identify each other. Others aren't constantly connected and don't have a fixed address. Periodically, they dial up an Internet service provider (ISP) to link to the net, and each time the ISP gives them a different, normalorary Internet address.

About 95% of the PCs in homes are of the second type, and they aren't very likely to be attacked by hackers. That's because they're hard for hackers to find. They're not on the web long enough or at regular enough intervals, and they keep changing their addresses. It's technically possible for hack­ers to locate and target these on-and-off dial-up PCs, but it probably isn't worth the time it takes.

However, the fewer than 5% of home PCs which connect via a cable modem or high-speed DSL phone line are another story. These computers are connected constantly, as long as they are turned on - even when the users aren't present and Internet software like browsers and email programs are shut off. They are much like corporate PCs, which are always "live" on the company network. And, in most cases, these cable modem and DSL computers use a fixed Internet address, which establishes a permanent identity for them on the net.

If you have a cable modem or DSL connection, you should install what's called a firewall program. That's a piece of software which constantly monitors your Internet connection, and blocks intruders from accessing your PC. In some cases, these programs can even make your PC all-but-invisible to potential attackers. If you're on a dial-up connection, you probably don't need a firewall, unless you're a big worrier. There's one exception. If you like to dial up and leave the connection on for many hours, or even days at a time, as some people do, you are simulating a constant connection and should install a firewall.

Home firewall software will be of growing importance, as more and more people sign up for cable modems or DSL lines. I've been trying out three Windows firewall programs on a test PC with a Constant DSL connection.

My favorite is BlackIce Defender, a $40 (?40.5) program from Network Ice sold over the web, at http://www.networkice.com/. This simple program runs unobtrusively in the background and doesn't interfere with normal web use. When it detects an attack or probe aimed at your PC, it both repels the invader and notifies you by blinking its icon on the taskbar. You can set various security levels, read a log of atnormalted attacks (the number will surprise you) and get copious help from the company's web site.

A second program, ZoneAlarm, from Zone Labs, is causing a stir. It's free at http://www.zonelabs.com/. Some people who formerly recommended BlackIce are now favoring ZoneAlarm, because in addition to blocking intruders, it goes one step further. ZoneAlarm blocks programs already on your computer from accessing the Internet, unless you say they're OK. Theoretically, this should stop any Trojan horse programs installed on your hard disk with­out your knowledge from communicating with the outside world.

That sounds good, but in reality very few home computers contain such a Trojan horse. Also, in my tests, I found ZoneAlarm to be balkier and more confusing than BlackIce. It interfered with my use of Microsoft Money for home banking. Its notification system for possible attacks is clumsy, and it doesn't seem to keep a visible log of such probes. And it requires you to make a lot of decisions.

Finally, Symantec Corp. has released a $54 program called Norton Internet Security 2000, sold both in stores and online at http://www.symantec.com/. I found this program to be huge, complicated, and imprecise. In addition to security features, it adds parental controls, anti-virus protection, and privacy features - including the ability to block web site ads. But it was so overprotective that it stopped me from calling up some prominent web sites.

Of course, the security problem is more complex than this simple primer suggests. Much more information about all of this is available at a terrific web site that's actually written in plain English. It's called Shields Up and is from Gibson Research Corp (www.grc.com). Best of all, the web site can test your PC for vulnerability.

The bottom line is: Don't panic. All those term papers are probably safe from prying eyes, or can be.