Book IX Chapter 2 To use the Windows Firewall, the utility must be turned on.. To view or edit Windows Firewall settings, click the Windows Firewall icon in the Control Panel.. There you
Trang 1✦ Detect and alert you to unusual outbound traffic, which can indicate that your laptop has become infected by spyware
To allow a particular program to send information back and forth through
the firewall (also called unblocking a program), tell the utility to establish an
exception You can also allow a program through the firewall by opening one
or more ports
Explaining how firewalls work
The best firewalls use a combination of techniques to protect your computer
in hopes that one or more of them are capable enough to find something worth blocking (or at least worth notifying you about) Here are some of the ways firewalls check data packets:
✦ Packet filter A basic set of rules that specifies which Web addresses are
permitted to communicate with a network, or which types of applica-tions are allowed to send data
✦ Stateful inspection A more advanced form of filtering in which the
fire-wall attempts to determine if you requested incoming packets; traffic that comes to the door without a good reason to be there is considered suspect
✦ Network Address Translation (NAT) This allows a router or hardware
firewall to show just a single IP address, preventing the outside world from knowing about any and all computers connected on the protected side of the network NAT is included in nearly all current routers as a basic protection; don’t buy a router that doesn’t provide it
Firewalls can’t block viruses attached to e-mail messages because firewalls don’t examine message content; that’s why you need an antivirus program Similarly, a firewall can’t tell that an e-mail is an attempt at phishing, unless the message comes from an IP you identified as one you want to block (Phishing is explained in this chapter’s “Field guide to computer diseases” section.)
Windows Firewall
Current versions of Microsoft Windows (all editions of XP with Service Pack
2 installed, plus all editions of Vista) come with Windows Firewall When you install or activate the operating system, the firewall is automatically turned
on See Figure 2-1
If you install a third-party firewall like ones offered by McAfee or Symantec, they turn off the Windows firewall to prevent conflicts and confusion
Trang 2Book IX Chapter 2
To use the Windows Firewall, the utility must be turned on In this setting (the default when Windows is installed or activated) most programs are blocked from communicating through the firewall To unblock a program, you can add it to the Exceptions list (on the Exceptions tab)
In addition, Microsoft recommends the following settings:
✦ All network connections (home or work, public place, or domain) should
be protected
✦ The firewall should be turned on for all network connections
✦ The firewall should be set to block any inbound connection that doesn’t match an exception
To view or edit Windows Firewall settings, click the Windows Firewall icon in the Control Panel There you can
✦ Turn the utility on or off
✦ Click Change Settings to make adjustments
✦ When you turn on Windows Firewall, click the Block all Incoming Connections check box (see Figure 2-2)
Figure 2-1:
The Windows Firewall on
my Toshiba Satellite P205 laptop
is in place and ready to help (but I turned it off because the machine runs a security suite from McAfee)
Trang 3Block all Incoming Connections rebuffs all unsolicited attempts to connect
to your computer; it provides a high level of security for your laptop — especially when you’re using a public network at an Internet café or in a hotel or coffee shop
When you enable this setting, the following is true:
✦ You aren’t notified when Windows Firewall blocks programs
✦ Programs on the Exceptions list are ignored
✦ You can view most Web pages, send and receive e-mail, and send and receive instant messages
Unblocking a program in Windows Firewall
By its design, Windows Firewall and other software firewalls want to block all programs The key is to teach the utility which ones you want to allow through
Figure 2-2:
When Windows Firewall is turned on, you can block all incoming connections
by clicking the check box in the settings box
Trang 4Book IX Chapter 2
To unblock a specific program, follow these steps:
1.Open the firewall utility.
2.Click Allow a Program Through Windows Firewall
This option is in the left pane
3.Select the check box next to the program you want to allow.
4.Click OK.
Adding a port in Windows Firewall
If the program you want to unblock isn’t on the Exceptions tab, you may need to open or add a port (This is often required to enable multiplayer games conducted over the Internet, for example.)
A firewall exception is only open while needed By contrast, an open port stays open until you close it; this could put your machine at risk Close any ports for programs that aren’t in constant use
To add a port, follow along:
1.Click the firewall icon in the Control Panel
The firewall program opens
2.Click Change Settings.
3.Choose the Exceptions tab.
4.Click Add Port.
5.In the Name text box, type a name
The name should help you remember the purpose of the open port
6.Type the port number in the Port Number text box.
7.Click TCP or UDP, depending on the protocol
Most programs communicate using TCP; if the setting doesn’t work, try UDP
Enabling a third-party firewall
A number of capable software firewalls are available from companies whose
name does not begin with Micro and end with soft Some are integrated into a
complete suite of utilities, and others offer advanced features
Trang 5Since Windows XP and Windows Vista come with a firewall as part of the operating system, you may receive a warning message from the Windows Security Center if
✦ You turn off the official Windows Firewall and enable no replacement
✦ It doesn’t recognize the replacement you installed
✦ The third-party firewall doesn’t report its status to Windows
To instruct Windows that all is well, do the following:
1.Click Start ➪ Control Panel ➪ Security Center.
You get a glance your firewall status, automatic updating, malware pro-tection, and other security settings See Figure 2-3
2.Click I Have a Firewall Solution That I’ll Monitor Myself.
Choose this only if Windows doesn’t recognize your third-party firewall Security Center displays your firewall settings as Not Monitored, and you no longer receive notifications about your firewall
3.Track the status of your unsupported firewall.
Figure 2-3:
The Windows Security Center gives you a quick report on various protective utilities from Microsoft,
as well as most major third-party sources
Trang 6Book IX Chapter 2
When Windows XP with Service Pack 2 and Windows Vista first came out, sometimes the operating system didn’t recognize well-known third-party fire-walls, including McAfee and Symantec That’s since been fixed If Windows doesn’t recognize your firewall, consult the support page for the maker of your security software for updates
Many alternative personal firewall products are available as add-ons to Windows and other operating systems The following are among the better-known products:
✦ CA Personal Firewall at http://shop.ca.com
✦ McAfee Personal Firewall Plus at http://us.mcafee.com
✦ ZoneAlarm at www.zonealarm.com All are capable products, but in my opinion they offer only slight improve-ments over the built-in firewall included with Windows Vista and Windows XP with SP2
I recommend you consider buying and using a full security suite that includes antivirus, antispam, and an enhanced firewall product
Getting Your Antivirus Vaccine
There’s a reason many types of computer malware are called viruses: They follow many of the same models and methods as the nasties that cause dis-ease in humans Viruses can
✦ Spread
✦ Replicate themselves
✦ Mutate from one form to another And just as with human diseases
✦ Sometimes there’s a cure
✦ Sometimes you can only treat the symptoms
✦ Sometimes the only effective response is to try to block the infection in the first place
Antivirus software works in two basic ways; most programs include both methods in their arsenal See Figure 2-4
Trang 7Field guide to computer diseases
What exactly are viruses and all those other nasties? In the broadest of
terms, they’re all considered malware in that their purpose is to do evil (or
at least annoying) things when they arrive in a computer
You can visit the Symantec web site at www.symantec.com and click the ThreatCon button to see a regularly updated report on the latest threats, risks, and vulnerabilities that are circulating on the wild, wild Internet See Figure 2-5
✦ Virus A piece of code, usually embedded within a program, utility, or
other software, intended to make your computer do something without your permission Some viruses are self-replicating, meaning that once they’re on a machine they copy themselves and look for ways to spread
to other computers Some viruses are harmless pranks that display mes-sages or change settings, while others are aimed at corrupting your soft-ware or erasing the data on your storage devices
✦ Worm A particular type of virus designed to get into a machine and
then spread itself to other machines through network connections, the Internet, and e-mail
Figure 2-4:
Antivirus programs examine your machine when it boots as well as while it runs
Trang 8Book IX Chapter 2
✦ Spyware Designed to insinuate itself onto your computer and then
collect personal and financial information, which it sends to another person or group They’re not doing this out of mere curiosity; the pur-pose is to steal from you or your organization
✦ Phishing A nasty form of spyware that arrives as an e-mail or an
unso-licited pop-up message on a web site One example: You receive an e-mail with the logos and colors of a familiar bank or credit card com-pany For some reason they’re asking for information they already have:
Why would a credit card company ask you to confirm your credit card number, for example? The thieves behind these efforts are impersonat-ing real organizations and hopimpersonat-ing to trick you into revealimpersonat-ing information
Never respond to a request for financial or other personal information unless you’re certain of the validity of the message; call your bank or credit card company or other organization using a telephone number you find on the card itself or on a legitimate bill; never reply to a suspi-cious e-mail or call any phone numbers on the message — they may well
be phony, too
✦ Adware Code placed by businesses seeking to learn about your
shop-ping and buying habits or to place ads on your Internet pages based on what they find out about you Some adware is obvious, such as certain
Figure 2-5:
The Internet weather report for this morning, according to Symantec, shows an ordinary Level 1 threat
Trang 9cookies left behind on your machine after you visit particular web sites
to track your preferences; other adware is more insidious, sneaking onto your machine and into elements of the operating system or other software
✦ Spam Unsolicited e-mail advertising You’re one rare bird if your e-mail
inbox doesn’t fill up each day with ads for fake Rolexes, bogus hand-bags, and a full assortment of pharmaceuticals from “enhancement” products to happy pills and sleeping potions If you get advertisement e-mails that you don’t want, it’s spam The best solution: Use a spam filter that detects junk and either deletes it or puts it in a separate folder Don’t reply to spam or ask to be taken off a mailing list; that only encour-ages them
Typing your antivirus
My doctor friend loves antibiotics; come in with a hangnail and he’ll offer you the latest cure in a pill My mother, who wanted me to be a doctor, rec-ommends vitamins; she’s got one for hangnails, too And my wife, who plays doctor with me, believes that coffee (sometimes with Irish whiskey) will fix whatever ails you
It’s kind of the same way with antivirus programs They’re each trying to pre-vent or cure a disease, but each takes a different approach than the others Although in the end I recommend using a program that includes a mix of every possible defense mechanism, it helps to understand the various approaches that are available
Dictionary-based antivirus searching This mechanism examines files and programs for known virus code (called
signatures) These programs consult a database collected by the antivirus
maker and updated regularly
Antivirus programs that use a dictionary examine the system from the moment the operating system is booted and continue to be on the lookout anytime you
✦ Upload or download a file
✦ Send or receive an e-mail
✦ Change the system files
In addition, the program can conduct scheduled or on-demand full system scans that examine every file in your computer
Trang 10Book IX Chapter 2
Virus authors have tried to get past dictionary-based hunters by creating
polymorphic code that changes form or disguises itself They hope to spread
their wares before the dictionary is updated
Heuristic analysis This technology looks for suspicious or downright unacceptable behavior by any program or piece of code They can catch many polymorphic viruses that aren’t in a dictionary and new code that isn’t yet listed For example, a heuristic analyzer might spot a piece of code attempting to change an exe-cutable program; the antivirus program stops the effort permanently or asks you for advice
On the downside, this type of antivirus program can flag some legitimate code as malware
Taking out the garbage
If an antivirus program finds some troublesome code, it can
✦ Delete the file
✦ Remove all traces of it from the machine
✦ Put the file into a quarantine folder, placing it out of reach and unable to spread
✦ Attempt a repair by removing just the virus code from an otherwise normal file
Enjoying a Visit from Antispam and Antispyware
Spam and spyware can be either merely annoying or seriously upsetting and dangerous to your personal finances, credit score, and privacy Alas, it’s very difficult to completely avoid being targeted You can take steps to reduce your profile or deal with assaults when they come
Pop-up advertising on your computer, software that collects and relays your personal information or changes your computer configuration without your permission are forms of spyware Spyware is, by design, made to be difficult
to detect or remove; in general, you need to use a specialized antispyware program to dislodge this sort of unwanted code from your machine
Microsoft has included Windows Defender as part of Windows Vista;
Windows XP users can download a free version of the utility to add into their system Search for the program at www.microsoft.com