The firewall is critical. A personal firewall's first task is to put all of your computer's ports in stealth mode, making it completely invisible from the Internet. Of course, it should allow necessary communication among the computers within your local network. This isn't tough; the built-in Windows Firewall can do it. But not all suites pass this simple test.
The firewall should also control outbound communication, preventing Internet access by unauthorized programs. The old-fashioned way to accomplish this was simple: When a given program tried to access the Internet for the first time, the firewall would ask the user whether or not to allow it. The problem is that most users aren't qualified to answer that question. Some products try to solve this problem by predefining access for hundreds (or thousands) of known good programs. That cuts down on the confirmation pop-ups, but doesn't eliminate them. Others, such as F-Secure Securitynet 2008 and Kaspersky Internet Security 7.0, "solve" the problem by running with this feature turned off by default—a poor choice.
The smartest firewalls use a three-part strategy. They automatically allow access for known good programs and delete known bad programs. When a program doesn't fit either category, the firewall keeps an eye on its behavior and allows access as long as the program doesn't try anything sneaky. Clearly this takes a lot more programmed-in intelligence than the simple ask-the-user plan, but it's definitely better for the user.Norton Internet Security 2008 and Panda Internet Security 2008 are two good examples of this approach in action.
There's always the possibility that malicious software will attack your firewall directly to disable its protection. Firewalls (and security programs in general) should resist if malware tries to kill their processes, turn off their services, or otherwise disable the protection they offer.
Your firewall may or may not protect directly against Web-based attacks that exploit vulnerabilities in the operating system or browser. Some, like NIS 2008, actively block exploits and even identify them by name. But most rely on their malware-protection abilities to prevent the exploit from doing harm, even if it does manage to plant a malicious file on your computer.
No comments:
Post a Comment