Sunday, May 11, 2008

The Soft Underbelly of Software Firewalls

I keep hearing advice from many experts that if you surf the Internet, as we all do, you should have a firewall to prevent the bad guys from getting into your machine. This is absolutely true as I have seen evidence for myself that open port scans are constantly being attempted from across the Net to my computers. Now, I use a hardware firewall that is built into routers at both my home and office locations as I have more than one machine running at each location. But experience has taught me that one should have a router even with only one computer, just so you can have that firewall.

That being said, I have also heard that everyone who uses the Net should also have a software firewall, even if they have a router. The reason is very simple: these days you can get malware into your computer just by visiting a Web site that has encoded this intrusive type of software as part of its Web pages. No firewall can stop this as you requested the web page to come into the machine. Once inside your computer, the malware may try to contact another Web site to send your personal data or take control of your computer using the Net. This is where the software firewall comes in handy. It should notify you that something inside of your computer is trying to get out...and you can either let it happen or reject it. Now that is good...except that there are several ways around this now where the information can get out of your computer, even if you say no.

I discovered this while visiting the Web site of a well-known security expert, Steve Gibson. I've heard him before on tech podcasts and thought he was very knowledgeable. On his site, he has a simple test called "Security Up" that can scan your computer while you are on-line and tell you how safe you are. Its a little bit techy, but I found out that my hardware firewalls were working just fine. But I also noticed he had a small downloadable software called "Leak Test" that could test out your software firewall to see if it "leaked."

Now, before I go on, just a little background on software firewalls in general. Microsoft's Windows XP (with SP2 installed) and Vista come with a software firewall, and you should have it turned on. But it is only an inbound firewall, meaning it will block any inbound attempts to hack your machine. But it offers no outbound protection, meaning if your computer picked up some malware like I described earlier, you would have no idea that it was transmitting personal information out across the Internet. I've also written here before that on my laptop, I use PCTools Firewall as I travel a great deal so I am not always behind my hardware firewall. I have also used the Comodo Firewall in the past, but it drove me crazy, constantly asking me the same questions over and over again about permissions.

Now, more about Leak Test. I decided to test my PCTools Firewall with Leak Test. So I downloaded the software and ran the test. According to the instructions, my firewall should ask me if I wanted to give permission to Leak Test to go out on the Net when I ran the program. The instructions said to answer no to the question. That is when the software goes to work to see if it can bypass the software firewall anyway. Well, in the case of PCTools Firewall, it did. Even though I said no, it allowed the program onto the Net without my knowledge. FYI, when the test program bypasses the firewall, it sends a small packet of data to Gibson's Web site that responds back to you that your firewall has failed the test. When I went into the firewall setup , it showed clearly Leak Test had permission to send info onto the Net, if though I said no.

This test obviously bothered me so I began doing some additional research on firewall leaks. It turns out that there are at least 35 separate software hacks that can be used to bypass a firewall's outbound protection...and no one firewall can stop them all... at least according to Gibson and the Web site aptly named "Firewall Leak Tester", which tested all the major firewalls with all the known hacks. Now that was a bit of a shock. In reading the test results on firewallleaktester.com, the best three firewalls are "Outpost," "Kaspersky," and "Comodo." Comodo is free, but the other two cost some money. I think if I wanted the very best protection for my computers, I would purchase the "Kaspersky Lab Internet Security 7.0" program. It can be had for around $39 and includes their firewall and probably the best anti-virus software on the market today, plus anti-spam and anti-spyware.

As part of my research, I listened to some of the weekly podcasts done by Steve Gibson and hosted by Leo LaPorte called "Security Now." They were most interesting, although at times too technical, even for me. But, at the end of one of them on leaking firewalls, LaPorte mentioned that he didn't even use a software firewall because they are not perfect and take up to much of a computer's memory. And I also read a piece on another firewall company's Web site that leakage wasn't all that important because if your firewall is telling you some program is trying to get out onto the Net, it is already too late anyway.

According to LaPorte, and I sure agree with him, the best method of preventing hacks is to visit only well known, and trusted Web sites. One of the best ways to achieve this is to make sure you use McAfee Site Advisor which is available free for both Firefox and Internet Explorer. With McAfee, you can see a site's safeness rating when you do a Google or Yahoo search. I have seen several sites that have been tested as being bad...even some where McAfee actually warns you not to go there as you will pick up malware.

Frankly, I get angry thinking about how such a good thing as the Internet is constantly being hacked and used for evil by people whose only purpose is to destroy your computers or to steal information for their own greed...or by companies who want to find out what I do and where I go so their clients can advertise to me. It is so appalling that I have to have firewalls, anti-virus, anti-spam, and anti-spyware programs running in my computers just so I can protect myself against these handful of bad guys who want to cause me harm.

1 comment:

Anonymous said...

People should read this.