Firewalls Make Things Better
If you have a high-speed Internet connection that’s always on, your home computer may be probed by a hacker at any hour of any day. These hackers are seeking an entree they can use to hide software that would allow the computer to be “zombied,” or controlled remotely.
And everyone who uses the Internet, even with a dial-up connection, may catch a computer virus.
“Probably every machine on the Internet is touched multiple times a day by one type of a scan or another,” says Jeff Carpenter, a manager with the Computer Emergency Response Team, a federally funded research center at Carnegie-Mellon University that responds to attacks on the Internet. He also runs the site Exchange-Mail.org, which concentrates on Exchange Servers and avoiding attacks.
Once the computer has been hacked–and chances are good that you wouldn’t know until it was too late–the hacker could extract enough personal information to impersonate you or steal important financial data.
What’s more, your computer could then be commandeered to help cripple major web sites, not to mention banks, brokerages, or other businesses via denial-of-services attacks. (You aren’t likely to be accused of wrongdoing if that happens, however.) Such attacks shut down major web sites including eBay and Yahoo! two years ago. “We’ve seen in several large incidents tens of thousands of home machines compromised in a very short period of time,” says Carpenter.
James Lewis, a senior fellow with the Center for Strategic and International Studies, in Washington, D.C., said in an interview: “A cyber attack isn’t going to stop the U.S. military from being able to protect the United States from a military attack. But it could do a lot of economic damage, and that’s where we need to worry.” A recent business survey found that 90 percent of large corporations and government agencies detected a computer security attack.
An official at a consortium of electric utilities says that computers controlling the nation’s electric-power system have already been probed in recent months by computers in the Middle East.
Hackers can so freely roam the Internet because it wasn’t designed for the kind of use it now gets. The Internet itself lacks effective technological, legal, and human resources to stop these incursions.
Hackers aren’t the only peril to your computer. Viruses–the malicious software planted for the express purpose of causing disruption or damage–have most likely turned up in a majority of home computers in the U.S. When we surveyed nearly 8,000 subscribers to Consumer Reports.org, our web site, 58 percent said they had found at least one virus on their home computer in the past two years. And 10 percent said the virus had caused some kind of damage.
Your computer and all the sensitive personal data stored on it do not have to be so vulnerable. Properly armored, your computer can become an important line of defense against cyberspace invaders. Readily available software can effectively block most hackers and viruses. In our survey, only 7 percent of those using antivirus software suffered computer damage in an invasion. By contrast, 30 percent of those without antivirus software had their computer damaged.
This report explains how prevalent and damaging viruses are. It draws on our survey and interviews with dozens of computer-security experts nationally. We also conducted our first tests of widely used antivirus software and of antihacker products known as firewalls. The box on page 18 offers advice on how to recognize incursions and protect your computer.
FIREWALLS HOLDING OFF HACKERS
The first time a hacker took over Raleigh Burns’ home computer, the machine seemed to take on a life of its own. “You expect to see your screen saver, but instead the cursor is flying around and boxes pop up with things being typed in there,” said Burns, a computer-security administrator for a Cincinnati hospital. “The only thing that’s missing are the keys going down and the mouse moving by itself on the desktop.”
But it wasn’t until months later, when another hacker began downloading Burns’ personal financial records, that he finally installed a firewall.
Like Burns, at least 10 million Americans use a high-speed Internet connection.How many of them protect themselves with a firewall? Only about 60 percent, if the ConsumerReports.org subscribers we surveyed are typical of the overall online population. That would leave about 4 million computers vulnerable. Only a tiny fraction of our survey respondents said that they knew hackers had actually broken into their computer. However, many people never know they have been hacked.
Since Sept. 11, government and industry have been trying to tighten computer security. But recent developments appear to do little to identify and shut down hackers. An antiterrorism law enacted last fall stiffened some penalties for hacking, but those provisions may apply only to attacks on government, military, or commercial computers, not on private home computers.
A government-industry program, the National Cyber Security Alliance, recently launched a campaign and web site (www.staysafeonline.info) to educate consumers about computer security.
Earlier this year, Microsoft, whose software has suffered an embarrassing series of security flaws, launched an initiative to find and fix vulnerabilities in existing software and to make security a higher priority for new software.
You can help forestall digital disaster by installing a firewall, software or hardware designed to block intruders, on any home computer that has a high-speed connection. A computer with a slower dial-up connection through a 56K modem is much less vulnerable to attack because of the different way in which it is identified on the Internet.
With a dial-up connection, your computer has a dynamic Internet provider address–the string of numbers that identifies your machine and that changes every time you log on. You’re harder to follow over time. By contrast, a high-speed connection typically has a fixed IP address or one that changes only occasionally. Since it rarely changes, hackers can readily track the computer for an extended period. A firewall makes your computer less visible on the Internet and helps ensure that any hacker who does find your computer won’t be able to get into its programs and files.
PROTECTING HIGH-SPEED CONNECTIONS
There are three ways to equip your computer with a firewall:
* With Windows XP, activate its built-in firewall via the Control Panel Network.
* Buy a separate software firewall, an application that runs in the background to keep watch over your computer at all times.
* Interpose a hardware firewall between your computer and the Internet. These devices contain firewall software that operates pretty much the way a basic software product does.
We tested XP’s own firewall, five software products, and one hardware firewall that’s included in a router, a device used to connect several home computers to a single high-speed Internet connection.
We tested the vulnerability of those products with both incoming and outgoing communications. For incoming attacks, we poked and probed the computer over the Internet just as a hacker would. For outgoing communications, we checked the software’s ability to filter things like instant messages. That’s important because instant-messaging applications and other types of file-sharing programs can be used to infect your computer with a type of software called a Trojan Horse, which performs outgoing communications. A firewall that only handles incoming threats offers no protection here.
We also looked at other useful features, such as the ability to alert you when an intruder attempts to break in and the ability to trace an intruder’s address.
Incoming threats. Six of the seven products we tested provided excellent protection. They put a computer in “stealth mode,” making it virtually undetectable and closing the software gateways technically known as “ports” (not to be confused with the ports for universal serial bus or serial cables). Either weakness can be exploited by a savvy hacker. The seventh, though still very good, wasn’t quite as effective.
Outgoing protection. Most proved effective in this regard. But Windows XP, BlackIce Defender, and the Linksys Etherfast Router offered no outgoing protection. (As we went to press, the maker of BlackIce said it was releasing a successor, version 3.5, with outgoing protection.) If you use antivirus software and practice good computer hygiene, outgoing protection isn’t essential. But if you or the kids use the computer for instant messaging and other kinds of online file-sharing, make sure the computer has outgoing protection.
All of the products provide very good incoming protection. But your first choice should be ZoneAlarm Pro 3.0 or Norton Personal Firewall 2002, each $50. They provide maximum protection and an extra margin of safety with outgoing protection. If your computer uses Windows XP, be sure to activate its built-in firewall.