pcnelson.com

In one of my previous postings I mentioned the importance of having a physical firewall between your computer(s) and the modem provided by your cable or phone provider. In addition to this front-line protection, I also believe that it is important to have a software firewall on your system. I have made this recommendation to several people in the past and they have asked why they need two. The answer is fairly simple, if one is good, then two is even better.

The hardware router or firewall that sits at your modem is good but a software firewall can be more specific and targeted in what it blocks and looks for. Many of them are also updated by the manufacturer with patches that protect against the latest threats. But, the greatest asset to having a software firewall on your personal computer is the outbound protection that it provides. Hardware firewalls only block or protect your network from incoming traffic. By design, they allow all traffic to flow out. This means that if your computer has been taken over by a virus or by malware then any traffic generated by that critter will be allowed out. Software firewalls prevent this and alert the user to any suspicious outgoing traffic. This could prevent your system from becoming a zombie bot on the Internet and sending thousands of spam messages for some teenager in Montana.

The annoying thing about software firewalls is that they do alert you to all kind of things that your computer is doing. The alerts will pop up from time to time making sure that you are meaning for certain traffic to leave your computer. The temptation is to not read them carefully and to always approve them, but by doing this you would be defeating the purpose of having the software in the first place. Always make sure to read them carefully and if you are not sure about allowing the traffic, just say no.

So which software firewall should I use? First, turn on the one that comes with your computer. If you are using Windows XP service pack 2 then there is one built into Windows. If you are on Windows XP and have not upgraded to SP2 then Lord help you (read this post). Windows 2000 and Windows 98 users are out of luck as far as a built in firewall is concerened. To activate the firewall, go to the Control Panel / Security, and make sure that it is turned on. Like hardware firewalls, it only blocks incoming traffic but again, with security, more is better. Apple also has a built in firewall in OS X; turn it on. As for 3rd party firewalls, I used to like Zone Alarm, however recent versions have become quite bloated and heavy. It takes up a lot of system resources and it just a little too much these days. Today, I really like Kerio which was recently acquired by Sunbelt Software. The purchase price is only $19.95 and is worth every penny. Kerio is well written an will suffice for all your firewall needs.

If you look at the last three postings about the Internet you will start to see a pattern; defend yourself! There is a lot of code out on the Internet just waiting to attack your computer - make sure you do all you can to stop it.

Every time that I sit down at a friends machine the first thing I do is see how many security patches need to be installed. It is always baffling, but it is not unusual for me to sit down at a machine that has not been patched in as many as 6 months. Let me fill you in on a secret, Microsoft and Apple spend many hours writing and releasing these patches for you. Take advantage of them they will save your skin. Because I can’t get any of my family to move over to the Mac I will concentrate on Windows.

1. The first thing to do is go to Start / Control Panel / Security Center / Automatic Updates. Make sure that the button next to Automatic is filled and hit OK. This will automatically download all of the important updates from Microsoft so that you don’t have to think about it, but…
2. In true Microsoft form automatic does not really mean automatic. Every now and then you will see a small yellow shield appear in the task bar (the row of icons in the bottom right corner fo the scree). If you click on this yellow shield it will ask you if you want to install the updates. Select the express option and hit OK. It will install all of the updates for you and probably ask you to reboot the computer. It is probably a good idea to make sure you are ready to reboot, i.e. not busy, because Windows will bug you to death wanting you to reboot.

For those of you that are feeling really brave this process may be performed manually by going to update.microsoft.com. You will have to use Internet Explorer for this as it requires some scripts that can only be run in IE, sorry Firefox users (we will talk about Firefox a little later). You can also get to this from the menu bar at the top of Internet Explorer. Go to tools / Windows Update. This will take you to the same place.
To use Windows Update you will have to have a fully licensed verison of Windows XP, 2000, or Lord forbid Windows 98. You may be asked to validate your license so just say OK as you get to these pages. If when you run Windows Update you see a ton of patches that need to be installed make sure you run it again after the reboot as some patches require previous patches to be installed first before they can download. Get busy updating - it will save you hours of headaches. You can sleep safely at night knowing that your windows machine is totally safe from the evil side of the Internet.