No matter what kind of Internet connection you have (dial-up or high speed), you need to make sure your PC is inaccessible to prying Internet eyes (or even folks on your local network). You can do this by tweaking some network protocol settings, and we also strongly recommend you take the extra step of installing a personal firewall. We explain how in this article.
Get started by testing for and, if necessary, closing any access
the outside world has to your PC's shared devices (hard disks and
printers), also called "shares." Visit Steve Gibson's Shields UP!
Web page, and click the "Test My Shields!" button. When that test
is finished, click the "Probe My Ports!" button. You may be
shocked to see how wide open your PC's kimono is.
http://www.TheNakedPC.com/t/309/tr.cgi?secure1
If the tests find any open security holes, the accompanying commentary on Steve's page recommends what to do. We strongly encourage you to read Steve's quintessential guide to proper network component configuration. There's also a page for Windows NT users. Steve's thorough, friendly advice on proper network component settings can't be beat:
Network Bondage:
http://www.TheNakedPC.com/t/309/tr.cgi?secure2
Network Discipline for Windows 9x:
http://www.TheNakedPC.com/t/309/tr.cgi?secure3
Your next step is to download and install a firewall. We
recommend Zone Labs' ZoneAlarm. (I'd like to personally thank our
compadre Mike Craven for his enthusiasm about ZoneAlarm and his
assistance in testing its features.) It's free for personal or
non-profit use; if you're a business user we urge you to pay the
reasonable $19.95 to register. You can download it at:
http://www.TheNakedPC.com/t/309/tr.cgi?secure4
Upon installation, ZoneAlarm immediately goes to work protecting your system. It blocks all attempts by outside forces to access your PC. It blocks all attempts by programs running on your own PC to communicate--without your knowledge--over the Internet or your local network.
When it detects suspicious traffic, ZoneAlarm pops up a message box that reveals the originating application's filename, what resource it's trying to access, and gives you some options. Click the Yes button to accept this stream of traffic. Click No to stop it. ZoneAlarm will handle the event for this particular program every time it occurs subsequently if you check the "Remember the answer each time I use this program" check box. This check box is not turned on by default, otherwise you might unintentionally turn off notification of other suspicious traffic from this same program.
During a regular day you probably use all the programs that need Internet access, so by the end of the first day of your use ZoneAlarm will be configured for ongoing use. (Or like us you can prod every conceivable program on your PC into action in the span of a few minutes.) We predict you'll be surprised at how many of your tools access the Internet! Any other applications you use less often can be granted or denied access on a case-by-case basis.
ZoneAlarm versions prior to 2.1.7 did not support alert logging; version 2.1.7 and beyond does. As of this writing ZA is up to 2.1.10. ZoneAlarm doesn't turn on intruder logging by default, but you should: click the Alerts button then check the "Log alerts to a text file" check box.
When you first configure ZoneAlarm, don't ask it to remember the settings for a specific program. Instead, let it alert you to every infraction so you can observe all of your programs' patterns. After a few days you'll have enough information to judge whether it's okay to permanently set an application to connect to the Internet without alerting you every time.
To open up the hood and configure ZoneAlarm directly, double- click its icon in the system tray. We leave it to you to explore the myriad settings. "Programs" is the most important feature to be aware of, since this is where you can review and change the settings you implement in response to ZoneAlarm's alert messages. All other settings are appropriate for use without modification, although of course we encourage you to use your own discretion.
We unhesitatingly recommend ZoneAlarm as a personal firewall, but there are competitors in the field. If you're curious, check these out.
BlackICE Defender:
http://www.TheNakedPC.com/t/309/tr.cgi?secure5
Norton Internet Security 2000:
http://www.TheNakedPC.com/t/309/tr.cgi?secure6
(We mentioned ZoneAlarm and Shields UP! in TNPC #3.03 as part of
our regular Featured Product column. Note that a prior TNPC-
recommended product, AtGuard, was purchased by Symantec and is
now bundled with the Norton Internet Security 2000 product. --
Ed)
http://www.thenakedpc.com/backissues/v3i03.html
