|
|
|
|
|
|
Checking the defences How safe is your machine? Do you use a Personal Firewall? David Dorn checks out how well his own PC copes with potential Hacking and Trojan threats. There’s a nasty breed of PC user out there in the big bad world. The breed has the generic name of “Script Kiddy” – and it’s best identified by its penchant for downloading hacking, cracking and penetration tools from Web sites in order to play nasty tricks on unsuspecting and innocent PC users. These tricks, though, include information theft and, in some cases, the planting of Viruses and Trojans. Why? Lord only knows why they do it. They obviously get a kick out of it, and some, a little more malicious than most, will be actively looking for information they can use to steal money and paid-for services from you. Mostly, though, they do it because they can. How? Port scans, mostly, and back-door programs like Back Orifice that allow them to get into your PC and trawl around your files, reading, and perhaps altering, your information, as well as stealing password lists and so forth (a .pwl file from your Windows directory can reveal a lot about you – and there are Script Kiddy tools to crack them). Port scanning is quite clever, in some ways. There 65536 ports into your computer, some of which may be available when you’re connected – if you’ve got Front Page in any of its guises, or Dreamweaver, or any of a host of other Web building tools, you may unwittingly have a Web server open to the world. You may have an FTP server just waiting to be contacted. Telnet, HTTP, IRC – there’s a boatload of ways a Script Kiddy could gain access to your PC. The only way to block them is to use a Firewall – and in our opinion, Zone Alarm is one of the only ones to use – let me tell you why. Checking it out I spend an awful lot of time connected to the Internet – an ADSL line does that for you. Like most of the rest of the PPC team, I’ve had the free version of Zone Alarm installed for quite some time, but I very recently upgraded to the paid-for Zone Alarm Pro. My reasons were simple – I use Microsoft’s Internet Connection Sharing to give Internet access to the other machines on my Local Area Network, and the Pro version of ZA handles that extremely well. So it sits on the gateway machine, while the others on the LAN use the free version as a sort of back-stop. I wanted to know just how well this system was working, so I navigated my way to www.grc.com where two tools are available – Leak-proof and Shields Up! – which I wanted to run against my PC. Shields Up! Shields Up! bombards your PC with all manner of port scans to check for holes it can gain access by. It reports to you via the web page you call it from, and lets you know exactly how secure it thinks you are – how well your firewall is working. No matter which one you use, I’d strongly suggest that you give Shields Up! a try. You may get a nasty surprise, especially if you’ve paid good money for a certain well-known make of firewall. ( and you won't if you're using Zone Alarm Leak-proof Of more concern than port scanning, though, is Trojan planting. There are Trojans about that will do their level best to “phone home” carrying vital information back to whoever wrote (or adapted) them. This kind of nasty is the mechanism by which all the Distributed Denial of Service (DDOS) attacks have happened. What Leak-proof does is to check whether a malicious piece of code can make a connection from your machine back to its homeland. Again, it’s very well worth the few minutes it will take for you to download a small executable and run it – and again, you may be aghast at the results you see (and again, Zone Alarm comes out clean as a whistle). As it happens, on Full Security settings, my own PC (and LAN) are reported as being impregnable, and even on Medium Security (the level which you need to be set at or below for AOL use) nothing can get out, and port scans are secured against – that’s with both Zone Alarm Pro and Zone Alarm (the free version). Indeed, at Full security level, no other machine on the Internet would be able to get my IP address to scan for ports- to all intents and purposes, no-one else can see that it exists. Conclusion Even as I’m sitting writing this, I’m being scanned – Zone Alarm Pro keeps popping up a message to let me know this. That’s because I’ve spent some time at all three security settings, so my (fixed) IP address could (and obviously has) already been seen by a Script Kiddy out there, and they’re nothing if not dogged in their determination to get into someone else’s machine. The mere fact that ZA keeps blocking the scans makes me feel better, and the fact that I’ve checked out how well it’s working makes me feel better still. So here’s what I suggest you do. Click here to get to www.grc.com and give your machine the two-part check I gave mine. Then, if you haven’t already, get to our download libraries and get Zone Alarm installed pronto, and then go back to grc.com and check it out again. Now, that won’t stop all email-borne viruses and Trojans from entering your machine – click here and here for our advice on that – but it will make sure that you’re a very large step nearer being totally safe than you were before. And if you're running Internet Connection Sharing, I'd strongly advise you buy Zone Alarm Pro, as well. Hopefully, by following all this advice, you’ll be as safe as houses – and I say we’ve got an awful lot to thank those boys at both Zone Labs and GRC for. Have your say - click here |
