http://www.ComputerBob.com/guides/guide_firewalls.php .
.
.
by ComputerBob
March 8, 2000
Last Updated September 6, 2003
As nearly everyone knows, there are new PC viruses developed almost every day. Well, a few days ago, my PC was hit by one of them, and I narrowly avoided a disaster, thanks to free personal firewall software called ZoneAlarm that I recently downloaded and installed on my PC.
Basically, a firewall is either a piece of hardware, a piece of software, or a combination of hardware and software that acts like a traffic cop between your computer and the Internet. A properly working and configured firewall allows you to "go out" and get what you want on the Internet, while preventing others on the Internet from "getting in" to your PC. For more details, see TechTV's article, Firewalls Explained. This article will deal with personal firewall software, designed to protect a single computer or small group of computers.
On the advice of a PC newsletter to which I subscribe, I had visited Gibson Research Corporation's excellent (and free) Shields UP! Web site, to let it quickly and automatically test the security of my computer's Internet connection. After conducting its tests, the Shields UP! site had warned me that my computer was virtually defenseless (pun intended) against attacks and intrusions from online hackers. It suggested several simple ways that I could increase my PC's security defenses. In addition, the owner of the Shields UP! site, Steve Gibson, had done extensive testing of several firewall solutions, and was enthusiastically recommending ZoneAlarm as a very powerful, yet free, personal firewall software package that would help protect my PC. So, I made all the changes to my PC that Shields UP! had suggested, and had then downloaded ZoneAlarm, thinking that I would install it as soon as I had some free time.
A few afternoons later, I received an email message from the husband of one of my cousins who lives in another state. It was a short message, something like, "ComputerBob, I'm doing some testing. Let me know if the attached file works." The message was signed by my cousin's husband, Spike, so I assumed that it was actually from Spike. The attached file was called Pretty_Park.exe, and its icon looked like a character from the South Park cartoon show. I double-clicked on the icon, but nothing happened. I immediately wrote back to Spike, telling him that the file that he had sent me hadn't done anything. A few minutes later, I received an email from his wife, my cousin, LuAnne, telling me that they hadn't sent me any email message or attachment, but they had received a few other messages like mine from other friends. That made me very suspicious, so I disconnected from the Internet and manually scanned Pretty_Park.exe for viruses, using Norton Anti-virus with its virus definitions file that was only a couple of months old. Norton Anti-virus told me that the file was clean.
A few minutes later, I read the documentation for ZoneAlarm, the free personal firewall software that I had downloaded just a few days earlier. I was happy to learn that even though ZoneAlarm was designed to protect PCs that use always-on, high-speed cable or DSL connections to the Internet, it would also protect my PC, which still connects to the Internet via a slow modem connected to a regular telephone line. So I installed ZoneAlarm, a task that took about 10 minutes, and then reconnected to the Internet. As soon as I connected to my ISP (Internet Service Provider), the newly-installed ZoneAlarm popped up an onscreen dialog box to ask me, "Do you want to allow Files32.vxd to access the Internet?" Since I had never heard of anything called Files32.vxd, I clicked on "No," and immediately disconnected from the Internet to figure out what it was and why it had wanted to access the Internet. I did a search of my PC's hard drive and found Files32.vxd in the Windows\System folder. It had an icon that looked like a South Park character. Oh-oh! I suddenly realized that the Pretty_Park.exe attachment I had received had been some kind of virus -- a virus that had infected my PC and was now trying to use my Internet connection, even though my Norton Anti-virus software hadn't detected it. I immediately went to the Norton Antivirus Web site and did a search for Files32.vxd. That's when I learned that my PC had been infected by the Pretty_Park virus. It turned out that, once the Pretty_Park virus infects a PC, it comes alive every 30 minutes and attempts to email itself to everyone in the infected PC's Internet address book, creating email messages like the one that I had received from Spike's PC, without the PC's owner even realizing that anything is happening. It gets even worse -- Pretty_Park also attempts to "phone home" to its author by connecting to a specific online chat room every 10 minutes, possibly sending all of the personal information that it finds on the infected PC, like usernames and passwords, back to its creator.
So, by calling my attention to the fact that Files32.vxd had tried to use the Internet, ZoneAlarm had allowed me to prevent the Pretty_Park virus from emailing itself to all of my friends and to the entire faculty of the college where I teach. Because the Pretty_Park virus had been on my PC for less than 30 minutes, it only took me about 10 minutes to remove it from my PC, using the instructions that I found on the Norton Anti-virus Web site. Unfortunately, Pretty_Park had been on Spike's PC for about a week, where it had had plenty of time to email itself to everyone in his PC's Internet address book. It took Spike and me a couple of hours over long distance phone calls to figure out how to remove Pretty_Park from his PC. Afterward, Spike and LuAnne sent out a warning to all of their friends, apologizing for having sent them a virus, and telling them where to go for instructions on how to remove it from their PCs. Spike discovered that the Pretty_Park removal instructions on the McAfee Antivirus Web site were better than those on the Norton Anti-virus site.
After I finished helping Spike get rid of the Pretty_Park virus on his PC, I went back to the Shields UP! Web site, to have it retest my PC's security defenses with the ZoneAlarm personal firewall installed. That time, Shields UP! told me that every port it tested on my PC was in "Stealth Mode," making my PC nearly invisible to online hackers. It also told me that my PC's high level of security is very rare for a Windows PC.
Do you really need that high a level of online security on your home PC? I believe that you do. Consider the fact that there are now scores of hacker Web sites and online newsgroups. There are hundreds of places where any dysfunctional kid with a modem can download powerful Internet "scanning" tools and learn how to break into your online PC. If you connect to the Internet through a high-speed cable modem or DSL line, your PC is connected to the Internet all the time, even when you're not using it. So, unless you've done something to secure your PC, it's just sitting online, like a house with its doors and windows open, waiting for a hacker to find it, break into it, and possibly even to take control of it. Even if you're still using a slow dial-up modem connection, your unsecured PC is open to being attacked, invaded, or controlled every time you connect to the Internet to browse the World Wide Web, read the latest news headlines, or check your email. How often is your online PC actually "scanned" by potential hackers, looking for open ports that would allow them to get into your PC? Even though my home PC still connects to the Internet using an old modem connected to my phone line, in just the first two hours that I was online after installing it, ZoneAlarm warned me eight separate times that it had just protected my PC from someone on the Internet who had "scanned" it, looking for a way to get in. After awhile, I turned off ZoneAlarm's notification option, to let it protect my PC from online break-ins without telling me each time it stops a potential hacker.
Looking back at the whole experience, I realize that I would have never gotten the Pretty_Park virus if I had followed my own advice. To protect your PC from the constant threat of online hackers and viruses, be sure to delete any email attachment that you receive, even if it appears to be from a friend, unless you were expecting to receive it. If you don't know for sure, delete the attachment and then write back to the person who you think sent it to you, to ask them if they really sent it to you or not. If you don't have anti-virus software on your PC, go to my Software page and download one of the powerful, free anti-virus packages listed there. And remember to update your anti-virus software's virus definitions file at least once or twice each month to ensure that you anti-virus software will recognize and remove all of the newest viruses. Visit the Shields UP! Web site to find out how insecure your PC is right now and to learn several simple ways to make it more secure. Finally, consider installing personal firewall software like ZoneAlarm on your PC, to help make it nearly invisible to online hackers.
Because your PC's connection to the Internet is a "two-way street," it is possible that your firewall can do a great job of keeping the bad guys on the Internet out of your PC while not doing anything to prevent information that is already on your PC from being sent out onto the Internet without your knowledge or consent. Therefore, if you already have a firewall, you should test it by downloading and running Steve Gibson's tiny (27K) but excellent LeakTest utility and by visiting Shields UP! and/or AuditMyPC. When Steve first ran LeakTest on several popular firewalls, ZoneAlarm was the only firewall that passed its test. Since then, other firewall makers have hurried to fix the leaks in their firewalls.
Finally, take a look at PCStats' article, Beginners
Guide: Firewalls and Internet Security, which contains more tips for
securing your computer.