 |  |
| Second thoughts on security Executive Editor John Morris never took viruses and other security threats too seriously--until now. Find out why he put his home PC on yellow alert. |
By John Morris
Executive editor, CNET Hardware and Software
(4/22/02)
But lately, I've had a change of heart, and apparently, I'm not alone. Reviews and downloads of security applications such as personal firewalls and antivirus programs are consistently among the top attractions at CNET. Two factors behind this are the growing numbers of broadband users and of home networks--in my case, cable Internet access and a wireless 802.11b network.
You're not paranoid, they are after you
Recognizing the trend, hardware and software companies are hurrying to build new security solutions. Even Microsoft has abruptly changed course to make security its top priority. That's good news in the long run, but so far, the results have been pretty confusing.
| Hardware and software companies are hurrying to build new security solutions. |  |
|
The answer, as it turns out, is a combination. "To be truly effective, you need layers of security to protect against both inbound and outbound attacks, which are growing increasingly sophisticated," says Gregor Freund, the CEO and cofounder of Zone Labs.
The Internet Connection Firewall (ICF) in Windows XP is designed for computers that connect directly to the Internet or use XP's Internet Connection Sharing feature to dole out broadband access to other PCs on a network. Aside from turning it on or off (you'll find it in the Properties dialog box for the relevant network connection), you'd never even know it's there. Essentially, it makes sure that nothing gets in unless it looks as if you specifically requested it. But it still leaves at least one PC connected directly to the Internet, and it won't provide much help against programs that infiltrate your system, then send information out.
Take refuge in a gateway
That's where a gateway comes in. One end connects directly to your cable or DSL modem; the other end connects to each system on your network either via an Ethernet cable or wirelessly. One of the primary advantages of a gateway over software-based NAT (Name Address Translation), which is in Windows XP, for example, is that the gateway hides the Internet addresses of all of the computers on your network, making it far more difficult to access them.
| Even hardware firewalls can be fooled by savvy outbound attacks that piggyback on common applications. | |
|
Even hardware firewalls can be fooled by savvy outbound attacks that piggyback on common applications (such as e-mail, instant-messaging, and peer-to-peer file-sharing apps) or travel through the same ports as standard protocols such as IRC and SSL, according to Freund. ZoneAlarm tackles this by notifying you whenever an application tries to access the Internet, so you can decide whether or not it's legit. There are other products in this category, including the just-released BlackIce PC Protection 3.5 and Norton Internet Security 2002, but ZoneAlarm is far and away the easiest, most complete solution.
Finally, don't forget about antivirus software. The reviews team recently tested both the big names and the underdogs. No Cinderella story here, as Norton AntiVirus 2002 nabbed the Editors' Choice yet again.
See the previous Digital Domain
