Super-Networking Blog

A chain is only as strong as its weakest link. That’s doubly true when it comes to protecting computers that are connected to the internet. Anyone who thinks that a virtual firewall is enough to protect a PC from the dangers of the internet — such as hacker attacks and unwanted contact with damaging programs — is making a mistake.

That level of safety requires a combination of several protective measures. Firewall software for home use is not much more than a leaky dike.

“It’s dangerous to view a firewall as some sort of PC airbag,” warns Professor Stefan Wolf, who teaches applied computer sciences at the Polytechnic University of Lippe and Hoexter, Germany.

The so-called personal firewall programs commonly used with home PCs are not comparable to the powerful firewalls used in companies or public organisations.

Those organisations can afford special computers assigned exclusively to guarding the PCs in the network. A home computer must attempt to maintain its own firewall while performing its normal functions.

A recent test in the Munich-based computer magazine PC Professionell showed that the software often causes more problems than it solves. Not one of the six firewall programs the magazine tested, regardless of whether commercial or freeware, could prevent all attempts from the test programs at establishing outgoing connections between the PC and the internet.

Many firewalls were even quickly switched off within the simulation. In the most serious cases, damaging software was able to circumvent the firewall in sending sensitive data, from personal surfing histories to passwords and credit-card numbers, to the hacker.

Browsers are particularly susceptible, since they are inherently allowed to make a connection with the internet.

“If the attacker takes advantage of errors in the browser, then the best firewall won’t help at all,” says Wolf. Getting proper protection from personal firewall programs requires that programmers know the ins and outs of all ports between the operating system and browser and be able to work absolutely error-free.

Surfers are better advised to take more achievable steps, such as keeping their operating system, browser and other programs constantly up to date. This is because software makers, like hackers, are usually spurred to action only in reaction to published security gaps, Wolf says. This is why anti-virus software armed with the most current virus signatures is the crucial last-gap defence on any computer.

“Desktop firewalls, as they are also called, are practically extraneous, presuming that you adhere to the basic rules of safe surfing,” is the word at the German Federal Agency for Security in Information Technology (BSI) in Bonn.

IT security cannot be achieved through individual pieces of software, but rather must be constructed through the interplay of various factors.

This means first and foremost preventing viruses and damaging software from getting on the computer in the first place. “Surfing habits are hence important for security,” says Wolf. Most dangers emerge through surfing and downloads from questionable websites.

“The primary gateway into the browser is JavaScript,” Wolf explains. Users should deactivate the program language in their browser, or use browser extensions to define which web sites are to be trusted to execute JavaScript.

“It’s not convenient, but it is much safer,” he says.

Proper e-mail handling is another important preventative measure beyond the reach of firewalls. “Attached files should be scanned by a virus program prior to opening, and you should think twice before clicking unfamiliar links,” Wolf warns.

For reasons of convenience, many users simply use the default administrator account for daily PC use. Yet this can allow a virus to gain full control of the computer, magnifying the potential for major damages by a successful attack.

“John Q Public doesn’t need administrator rights and should log in as such only when installing software,” says Wolf.

The worst thing that can happen to a computer user is the loss of personal data. This is because tainted systems can be reinstalled at any time, but deleted data is usually gone forever.

Backups are the safe way to go, Wolf recommends. “All important data should be regularly burned to CD or stored on a USB stick,” Wolf says.

Users who still prefer a firewall should first check whether they are using a router with firewall functionality. If so, then no firewall is needed, including the one build in to Windows XP, reports PC Professionell.

The configuration of a personal firewall is usually more than most users can handle anyway. To understand the system’s warning, the user must understand the meaning of IP addresses, host and client names as well as ports, the BSI reports.

Most lay users instead use the comfortable auto configuration settings offered by personal firewalls. This lets the software follow its own ideas about which data packets can pass through the virtual wall and which are to be filtered out.

According to the BSI, this can quickly lead to “security critical misconfigurations”. Filter rules should hand set to allow only absolutely necessary access from the computer to the internet.

The rules should aslo be regularly inspected and non-necessary ports locked down. — Sapa-dpa