What Keeps Computers Safe
Here's the scoop on the differences between hardware and software firewalls, virus protection, and why you need them.
By Joe and Ron of Neighborhood Techs
Q. I recently upgraded from a dial-up AOL connection to a cable modem. Now that I have a high-speed connection to the Internet, I’m extremely worried about security on my computer.
I have McAfee Personal Firewall and it’s constantly alerting me that someone is trying to access my ports (whatever that means). I also have an anti-virus program that came with my computer, but its several years old and I’m afraid it might not be protecting me against the latest viruses.
Finally, I read that people with cable modems are susceptible to “trojan horses”, and I’ve seen programs advertised that can supposedly remove them. I don’t understand what they are or whether or not what I already have is protecting me from them.
Isn’t there one thing I can buy, like a hardware firewall, that can keep me safe?
A. You covered a lot of ground in your question, but it is a good one. One thing is certain; after migrating from a dial-up to broadband connection, you’re definitely more susceptible to a variety of security risks. Lets deal with them one at a time.
Firewalls are designed to protect you from outside attempts to access your computer, either for the purpose of eavesdropping on your activities, stealing data, sabotage, or using your machine as a means to launch an attack on a third party. The vast majority of firewalls can’t protect you from virus attack, though. We’ll talk about viruses in a minute.
Basically, the way a firewall works is that it sits between your cable or DSL modem and your computer and watches the network traffic going in and out of it. The ports represent “channels” carrying various types of traffic like Web traffic (port 80), e-mail (25 and 110), and DNS (which resolves URLs—53). Firewalls monitor network conversations and filter out unauthorized traffic and traffic that exhibits certain suspicious behavior or characteristics.
Since you are using a cable-modem connection, I strongly recommend starting with a hardware firewall. They’re effective, inexpensive, and easy to configure. A decent hardware firewall can cost as little as $50 and provide excellent protection against common forms of attack. You should check the reviews to find one that is right for you. A firewall is built into almost every router these days -- you use a router for sharing Internet access among multiple computers.
A software firewall (which you already have) can be a good choice too, but software firewalls can vary wildly in their capabilities and effectiveness and they can also be tough to configure if you're not knowledgeable about TCP/IP. This is because software firewalls typically give you a lot more fine control over what gets allowed in and out. Personally, I would recommend using them in addition to, not instead of a hardware firewall.
One benefit of software firewalls is that they often include additional components that do things like guard your computer against infiltration by Trojan horse programs. (These are programs that are transferred to your computer unbeknownst to you, usually hidden in something like a downloaded file, picture, or e-mail attachment. They sometimes even send information from your computer to somewhere else, so some firewalls check for unwanted outgoing traffic as well.)
Some software firewalls even claim to suppress pop-up and pop-under advertisements, which can be incredibly annoying but are not generally dangerous.
One thing to watch out for on the software firewall front is that it seems to be moving to a subscription model (like anti-virus software before it). Therefore, it pays to do your research before buying. Some vendors, like Zone Labs, also offer a basic version of their firewall you can download for free.
All of the alerts you're getting from your firewall are probably a mix of legitimate activity and unsolicited traffic, with people attempting to gain access to your computer and see if it has anything interesting on it. You didn’t indicate what the alerts were saying, but keep in mind that alerts from a firewall are not necessarily an indication that your system is being compromised; they could be a result of your firewall blocking suspicious traffic. You should read the alerts carefully and regularly, and adjust your firewall settings accordingly.
As I mentioned earlier, most firewalls won’t fend of viruses, so anti-virus software of some kind is a must. In my personal opinion, which program you use or when you bought it doesn’t matter that much as long as you update the virus definitions on a regular basis. Most programs can be configured to automatically update themselves, so you don't even have to think about it.
Making sure your definitions are current is absolutely crucial. Rarely does anyone get a virus that was written years ago; it's usually one that is very new and was previously unknown. The anti-virus software vendors usually update their definitions as soon as a new virus is discovered, so make sure you download them regularly.
In summary, the best security strategy includes hardware and software, but most of all, vigilance.
Use our feedback form to submit your questions on home or SOHO networking issues. We can not guarantee to answer every question we get, but we'll consider them all
|Home | Networking | Backgrounders | Internet Sharing | Security | HowTo | Troubleshooting | Reviews | News | About | Jobs | Tools | Forums|