*** Honorable Mentions ***
In order to gain an understanding of firewalls, a brief overview of how information enters and leaves your computer is in order. Computers use what are known as "ports" as a means to enter information in and transfer it back out. This is similar in nature to what ships use as their means to enter and leave their docks. They do this via what is known as "shipping ports" and are just a way in and out for the ships.
Computers on the other hand don't have ships entering and leaving them but they do have electronic information that enters and leaves. Some of this information will be stored on your hard drive and in a lot of cases can be sensitive in nature such as your personal banking account particulars etc. This is the kind of personal information that you don't want anyone from a large giant network such as the Internet having access to for obvious reasons.
Some ports on your computer are physical in nature such as those that you connect the keyboard , monitor, and other hardware to. However, there are also ports that are not physical but are electronic in nature. These electronic ports are what hackers target to gain entry into computers and networks. For example "port 80" is a main electronic port used on the Web. There are many others and hackers don't normally care which one it is as long as they accomplish their objective: gain illegal entry into your computer.
Now if the world was full of completely honest people there would be no need for police, no need for a military etc. By the same token if the Internet was populated with completely honest people there would be no need for anti-virus protection, firewalls ,etc. However, back to reality.
Please meet the "port scanners" of the world ! Also known as hackers. These are individuals or groups who use as one of their methods a process known as "port scanning". It is simply "electronically listening" across a network for a "busy port" on someone's computer so they can enter it. In most cases they are listening for very busy ports ( a lot of information entering and leaving) as this may indicate a computer of greater importance and a lucrative place for them to hang out. However there are also those that just like to wreak havoc on the vulnerable by just coming in and messing up their systems. In either case it causes many problems that could of been avoided if there was a way to make their computer ports appear to be "quiet" on a network. Introducing the "firewall" !
A "firewall" is a computer program that makes your computer appear "invisible" to the outside world, and in this case, the outside world being the Internet. Now relax, it doesn't really make it "invisible" to the human eye so don't worry, you're computer isn't going anywhere.
It is simply a program designed to make you computer appear to be "quiet to electronic ears" that are listening for busy ports on it which can provide the hacker a way in. Those that are always connected to the Internet such as via a cable connection are more vulnerable than those that are connected via a dial-up telephone modem. However, they are not totally free from the risk of intrusion. The risk is the same when they are online as those that are always connected. So basic firewall protection makes good sense for all that connect to the Internet.
There are a variety of firewall programs available with more popping up everyday. Norton's Anti-Virus and McAfee now both have firewalls available. One that you might want to give serious consideration to is Zone Alarm by Zone Labs available at http://www.zonelabs.com . Their specialty is firewall protection and is one that I personally use. Although I use the paid version, they do have a free version available which will provide you with good basic protection against hack attempts.
Hope this helps a little
Submitted by: Alex R.
A firewall is a barrier to keep destructive forces away from your property. In fact, that's why its called a firewall. Its job is similar to a physical firewall that keeps a fire from spreading from one area to the next.
A firewall is a program or hardware device that filters the information coming through the Internet connection into your computer system. If an incoming packet of information is flagged by the filters, it is not allowed through.
Everything you do on the Internet?from browsing Web pages to downloading MP3 files?is managed by specific applications (programs) on your computer.
Hackers exploit this fact by planting "malware" on your computer. Sometimes they send out malware as e-mail attachments with innocent names like "screensaver.exe." If you open the attachment, you install the malware on you computer without even knowing it. Other times, they convince you to download the malware from a server by making it masquerade as an update to a legitimate program.
Once on your machine, malware can wreak havoc in a variety of ways. It can raid your address book and send itself to everyone in it, or it can listen for connection requests from the Internet. The hacker who distributed the malware can then contact it and give it instructions, effectively taking control of your computer.
Some operating systems come with a firewall built in.
A software firewall can be installed on the computer in your home that has an Internet connection. This computer is considered a gateway because it provides the only point of access between your computer and the Internet.
With a hardware firewall, the firewall unit itself is normally the gateway. An example is a Cable/DSL router. It has a built-in Ethernet card and hub. Your computer connects to the router, which in turn is connected to either a cable or DSL modem. You configure the router with a Web-based interface that you reach through the browser on your computer. You can then set any filters or additional information.
Hardware firewalls are incredibly secure and not very expensive. Home versions that include a router firewall and Ethernet hub for broadband connections can be found for well under $100.
Some firewalls offer virus protection, it is worth the investment to install anti-virus software on your computer. Even though it is annoying, some spam is going to get through your firewall as long as you accept e-mail.
One of the best things about a firewall from a security standpoint is that it stops anyone on the outside from logging onto your computer. Putting a firewall in place provides peace of mind.
F-Secure, BlackICE, McAfee, Kaspersky Anti-Hacker, Symantec Norton, Zonealarm Pro, Sygate Pro.
Belkin, Linksys, Netgear, D-Link.
Submitted by: Bob W.
Simply put, a firewall is a virtual barrier between your home computer and the internet; letting things you want (such as web browsing) get through while automatically blocking things you don't. They are mainly there to provide protection from hackers ? who are people attempting to access your computer from the internet without your consent and knowledge, either to steal information or just cause havoc. All software firewalls also provide protection from malicious programs such as Trojan horses and spyware, some of which attempt to use your computer to send spam email or to attack other computers. Today, firewalls are absolutely necessary: every few minutes, computers without a firewall are broken into. Some are broken into to steal information, like bank details and addresses. Others can be controlled by the hacker to do anything they wish ? not a pleasant thought. No computer is safe without a firewall, no matter what model or the way it connects to the internet.
Fortunately, there are a few different ways to prevent these 'nasties' from causing you grief. The number one thing to do now, is to make sure Windows is up-to-date. If you are using Windows XP (characterized by a blue taskbar and green start button), then visit http://windowsupdate.microsoft.com. The website will take you through the process of updating your computer, step by step, and will automatically select the most important updates for you. Even if you are using older versions of Windows (98 or Me), you should still visit Windows Update to be on the safer side. If you use Windows XP and updates to do with "Service Pack 2" appear, I would strongly encourage that you install them. This major update installs a basic firewall for you, as well as allowing your computer to automatically download and install updates.
Once you have run Windows Update, the next step is to decide what type of firewall will suit you best. There are a couple of different options, but most boil down to how much money you want to spend.
If money is not a major factor (spending $40-60):
I'd recommend a good brand-name Firewall package from the computer shop. Something from the big players like Symantec (Norton) or McAfee is always a good bet, and both are equipped with automatic wizards to help you set up the security. The deciding factor here is your Antivirus software. If you are running McAfee VirusScan, then buy the McAfee Firewall (or if you use Norton AntiVirus, use Norton Personal Firewall) ? you will find the two products work together and often let you control both from just one of them. This can be very helpful in making them easier to use, and you won't need to spend lots of time finding your way around a different looking screen either.
If you are reasonably confident with computers (perhaps in the future, or if you want to add another computer) and are looking for better security, you may want to consider a hardware firewall also. This is a physical device that plugs into the wire between your computer and the internet while hiding your computer from the rest of the world. They are very effective, more secure and require little maintenance; most can even let you share your internet connection with another computer if you have more than one in the house. I wouldn't recommend one if you aren't too happy about playing about with cabling; if you do not have broadband (cable internet); or only have one computer ? simply because this isn't necessary for a casual user or novice. They generally retail for about $40-60, such as this one, which allows you to connect up to four PCs to the one internet connection. The important thing to note about hardware firewalls is that they only protect you from incoming attacks; they cannot control programs on your computer from connecting to the internet. For this reason, it is best to have a basic firewall application (like the one included with Windows XP Service Pack 2 or one of the below free options) too.
If money is a major factor, or you don't want spend any:
You can still get very good protection by spending absolutely nothing and downloading a free firewall program. I (and many millions of internet users) recommend ZoneAlarm. This is fairly basic, but will provide all the protection you need against all the internet nasties. The only problem with it, as it is free, it may not be quite as easy to use. While I'm confident that it is easy enough to set up, if you'd rather have a program that configures itself automatically to keep you protected then go for one of the two paid options above.
Based on what you've said, I'd personally recommend you buy one of the brand name firewalls, like Norton or McAfee. There are several advantages with these to a new computer user like yourself: you will get full printed instruction manuals to help you set up the program and use more advanced features later on; you usually get access to a few months of phone support to help you out if you encounter problems; they will also feature automatic guided set-up tools to make the whole experience easier and less daunting.
I hope this isn't too complicated or technical for you, and wish you all the best with your computer. If you have any questions about this article, please reply to the post and I'll be more than happy to help.
Submitted by: Jamie T. of Edinburgh, Scotland, United Kingdom
A. I could just answer your question simply and directly, but that might leave you with the impression that there is little to worry about and little responsibility on your part to prevent future problems caused by unwanted company that attaches itself to programs, files, cookies, or that just plain sneak in and play havoc in your system because you were not prepared.
Although you asked about firewalls, I suspect that you - as well as many users - consider anti-bug (or bug remover) maintenance to be a nuisance and a time consumer that is regarded about on the same level as cleaning out the oven and cleaning out the refrigerator cooling coils. Nonetheless, I must stand upon my soap box and dwell upon your answer as well as a more complete understanding of the seriousness of the need for thoroughness by stressing tolerance, patience, and being more observant, concerned, and responsible in keeping your hard drive clean through thoughtful housekeeping procedures and software.
A firewall can be designed in a hardware device, such as a router, which attempts to prevent unwarranted entry into your computer system from the internet. Sometimes, however, it is not as effective as would be desirable and so there are software programs that go a step further and communicate with you about rules that it would like you to make regarding who can and cannot come in to your computer system from the internet. This software firewall can also request you to apply rules as to who can and cannot go to the internet from your computer. Such as sneaky software that managed to convince you to install it into your system on false pretense. Once installed, these sneaky programs will attempt to send information back to the internet to various recipients. In some cases this may cause you to be the recipient of unwanted email or updated software you do not need or want that may cause system problems or overwhelming junk mail.
If you have the latest version of Windows XP with Service Pack 2 and subsequent updates, just make sure the firewall is turned on. To find out, open Network Connections, right click on each connection icon, select Properties, select Advanced, select Settings, and select ON (recommended).
If you find this procedure a bit more confusing than by the number, consider the strong possibility of joining a local computer users group for help and personal growth in the use of the various programs you might enjoy being involved with. Contact your local newspaper and library for assistance in obtaining contact individuals and meeting dates and times.
Again, assuming you have a relatively new computer with Windows XP, make certain that you have the latest version Service Pack (SP2) and subsequent updates. To go one step further: if you have dial-up service, I would advise you to utilize access to the internet via high speed broad band cable or DSL - at least for the XP Service Pack update since it is so large and time consuming. In the event that you do not have the latest version and you plan on updating to it, it is imperative to follow certain procedures not only prior to this update but for most program installations. So, with me to answer your question is like my seeing your hard drive as a loaded gun with a hair trigger. I need to cover more than one base for your question.
Anti-Spyware, Anti-Virus software, & House Keeping
You need to make certain that there are no virus, worms, Trojans, or spyware on the drive. You also need to make sure that you have cleaned out all unnecessary cookies, temporary files, and temporary internet files. All the procedures are quite easy and straight-forward once you have the most appropriate software in place and procedures set up. I have created a set of instructions on creating a House Keeping folder that incorporates all the necessary steps for keeping the bad guys and bad stuff out of your system at no or low cost. It is available for anyone who is interested.
Choosing the right anti-spyware programs and anti-virus varies from expert to expert and user to user, but for Windows XP I use (in this order) the latest engine and profile versions of SpywareBlaster, Spybot, Adaware, and Microsoft Anti-Spyware Beta 1 and follow their procedures as outlined in their Help files.
Most of all, I can't emphasize enough how much being a part of a computer users group would be a benefit to you to help you accomplish this with a minimum of frustration and anguish, let alone avoiding having to deal with the cost to hire someone to fix your system who could still botch the job and leave you worse off than before.
And just in case you ARE a member of a computer users group and haven't found the time to attend the meetings and some of the fascinating special interest groups meetings - make the effort. It will pay dividends many times over. I know.
Off the soap box. Once the system is clean, be sure to disable the antivirus and antispyware software during the XP update procedure. Once the update is complete and the computer reboots, the system should have everything enabled back to normal.
Here is a parallel to your House Keeping routine: In order to drive your car and keep it running, you know you need to keep the windshield clean. You need to change the oil and filter. You need to check the battery, brakes and tires on a regular basis. And if you don't keep your air and gas filters clean, the car just won't run right - if at all.
Same with your computer. Just keep things in perspective. You need to keep the bad guys out, block, disable, and/or remove the bad guys that got in - (firewall, anti-spyware, anti-virus). You need to keep an awesome and sometimes overwhelming amounts of junk files that build up over time when installing programs, uninstalling programs and surfing the net. And every once in a while you need to make sure that once everything is clean and healthy, there are files that are heavily used and modified and may be fragmented into pieces and need to be defragmented - to enhance the system's performance. Maybe once a week. There are many methods for making this very effective, and I have covered a discussion of a technique I use which is available for anyone who is interested.
Being aware of the problem is a good thing. Doing something effective about it on a regular basis is another good thing.
Don't limit your perspective to just "firewall" and "antivirus". Become informed. Once informed, pass your knowledge on to your friends. You become better at your efforts and gain strength and confidence in your ability to handle the problem.
Submitted by: Dennis S., member and program director of the Tampa Bay Computer Society, Clearwater, FL
Hi Stanley M,
A firewall is similar to the position of a doorman at an exclusive nightclub; it acts as a filtration device. It will allow those that are good company into the club and those that aren?t out based on instructions given by the club manager, but in a PC sense, a firewall monitor both entry and exits. In this analogy the door man is the firewall software or hardware that you plan to use, the club manager would be yourself as the end user and the people trying to get in and out of the club would be your PCs network traffic. For starters, if you are not making a connection to the Internet or an external network outside your Local Area Network (LAN), a firewall would not be necessary. If you have a LAN, where more than one computer is connected together via a network, the statement aforementioned is presuming that all computers in your LAN consists of users that are trusted and are not of any malicious nature. For if this was the case then a firewall would be required for each computer inside the LAN, most probably a software one. Firewalls are really a security precaution with concerns to network traffic being received from external sources outside your PC, if you only have one computer, or local network, for a number of computers. Any connection to the World Wide Web (WWW) or Internet is considered external to your PC or LAN, meaning that your computer/s at home has established a connection with an Internet Service Provider (ISP) and will be assigned an Internet Protocol (IP) address, currently in a dotted quad format similar to ?18.104.22.168?, that will identify your computer on the World Wide Network. If your IP address were to be compromised to a malicious user on the WWW, they will be able to make attacks at your computer, or in the analogy?s case, try to get into the club. The firewall will try to sort out network traffic and allow only those with high integrity or trusted sources in and out of your computer. How do people find out my IP address? Well every time you access a website, the web server will log your page request and the network address that the request was made from. A connection will be established between the Web Server?s to your computer, exchanging network packets, finally, after time, allowing you to see the web page. This is just an example of obtaining IP addresses, any web application has the ability to do the same as a web address from the web service and client are required for any network activity to commence, and thus allow the web application to function as intended. http://www.cnet.com is a familiar web address, and easy to remember, but behind that domain name is an IP address similar to that one you received when connected with your ISP. A Malicious element on the WWW doesn?t need to obtain your IP address, as there are some who make random attacks, and you may just be the unlucky one that has the matching IP address. I have always used Norton Internet Security that comes with my motherboard, so it comes free with the purchase of my computer and allows me to update it free for 6 months. I find it easy to use, and am very fond of how it lets you customize what programs are allowed to access the internet and restrict which websites are allowed to execute scripts and what not. Of course if you don?t want to cause your brain a meltdown you can always allow the program to automatically configure each program?s Internet access by default. Though if you were to encounter an application that didn?t run as expected on the Internet, it is probably due to the automatic configuration, and a little intervention is needed. I refer to my MSN Messenger games that I tend to play with my close friends over the Internet. I set the program to prompt me of any unique network activities, it identifies the program, and if it?s a program I use often I choose for it to remember the choice I made. The good thing about software firewalls like Norton is that you get to choose which programs has access to the Internet, so any network activity outside those set by yourself, will be blocked. Norton also has a block all activities feature in the task bar, which I rarely use, but is a great way to isolate your computer from any network activity. Also if you plan to run a web service, like for a website. Norton will detect any incoming traffic and will set this up as well. There are other firewalls like ZoneAlarm, Mcafee Firewall. After upgrading my OS to Windows XP Professional x64 Edition, to get an idea of the look and feel for the AMD64 Windows, I have lost my Firewall protection as Norton is yet to release a 64-bit compatible version. So I will have to settle for the firewall Windows XP comes packaged with, which if enabled will block any suspicious network activities, I think updates to later versions allow a little more customization as to which programs are allowed to access the internet, I?m not too sure as I haven?t invested much time in looking through the features. In my experience, Windows XP prompts me that a program is trying to access the internet, and then I give feedback of yes or no. Hopefully Norton will release an x64 compatible version soon.
Hardware firewalls are similar to software firewalls in function; it filters off suspicious network transmissions. I own a router that has a firewall built in. It will examine all headers of network packets, headers contain information of who the activity is sent from and who it is intended for, in brief. Once analysis is complete, data will be forwarded to the computer on the LAN that originally made the request. Say my computer wants to access http://www.cnet.com, my browser will make the request, my router will pickup the request and forward it to the ISP attaching the computer details from which the request was made, a request will be made for the IP address equivalent of the URL (conversions made via Domain Name Servers), which will then return a notice of the requests success back through my ISP to the router. The router then analyses the transmitted data, stripping it of the computer details and forwards the reply back to the computer which the request originally came. A network connection will be established and data transfer of the home page and other web elements will be transferred using a similar method above. This is a very brief explanation of the process by which a router forwards both requests and data received. Of course setting up a web service on one of the computers, required the configuring of the router and its port redirection feature. Say I wanted to setup a personal Web Server, just viewable to my trusted friend, whom I would be willing to share my IP address. I had to configure, using the web interface, and make all incoming network transmissions on port 80 be forwarded to the LAN network address on the computer that is running the server software. Typically ?192.168.0.*?, this method also identifies how an inbuilt firewall that comes with routers blocks all incoming network transmissions, bar the requests made through the routers forwarding system. Port 80 is the standard port for network transfers made under the hyper text transfer protocol, the standard protocol for websites. Of course opening up port 80 to be redirected to that computer, will expose the computer to attacks that use port 80. Different web ports a required for different web application standards, FTP uses port 21, secure SSL sites use port 443, and of course there are many varying port values up to 9999. Games being played online use different ports, unique ports aids in organising network traffic, one could imagine a lot of cars trying to get to different places on the same highway. It would take awhile and can be confusing. The fewer ports you have open the less likely you can be attacked, a firewall minimises traffic to only use the ports that you will require, generally determined by the applications that you use.
Once you own a firewall, it is very much your say on what you let in, and out of your personal PC, regardless of it being hardware or software. Though software ones are much easier to configure and come in a more presentable, easy to use, graphical user interface, in my opinion. If you are going to use the internet, I too would lean you towards getting a firewall installed on your computer. At times, even just a firewall will not be enough, anti-spyware, anti-virus and anti-malware software are good partners to firewalls in ensuring your computer will not be exposed to what is now an everyday problem when using the Internet.
Hope this helps.
Submitted by: Van T. of Perth, WA, Australia
Stanley, allow me to start by laying down that yes, a firewall is absolutely vital to Internet security. Understanding how a firewall works requires some knowledge of how the Internet works. Everyone on the Internet has an 'IP address.' (IP is short for Internet Protocol.) An IP address is something of an online name that your Internet Service Provider gives you. When you go to a website, you are really using a name that is easier to remember than four sets of three digit numbers. Anyways, whenever your computer 'talks' to another IP address, it opens a connection on a specific port. For example, when you visit a website, your browser connects to that website's IP address, on port 80 (which, again, is the numeral representation of http://). When you receive your mail, your computer 'talks' on port 110, and to send mail, port 25. All in all, there are 65535 ports. However, sometimes programs will open one of these ports on your own computer - sometimes intentionally, sometimes not. Regardless, these ports being open can lead to what is called a security hole.
When a port is left open, it can be used by someone else maliciously to do various things. One of them is called a Denial of Service attack - the MSBlast / Lovesan virus is a classical example. The other kind of security hole is called a Trojan horse. A Trojan horse is a program on your computer that can do almost anything to your computer, and it is controlled by another person. . . at another computer. 'Subseven' is an infamous Trojan.
A firewall is like a bottle cap for these holes, so your computer doesn't 'spill the milk.' It will watch all of your computer's traffic, carefully looking for any suspicious activity. For example, ZoneAlarm, the best firewall around IMHO, will report subseven as 'attempting to act as a server on port [varies].' It will then ask whether or not you want to allow the program to do so. Because most of the time it is hard to tell if it is a malicious program or not, you can click on it's 'advisor' button, where it will open a web page explaining what is happening in greater detail.
While EVERYONE needs a firewall (though I have heard dial-up Internet Service Providers say otherwise), some people already have one, but aren't aware of it. If you have Windows XP, service pack 2, Windows has a built-in firewall already doing it's job rather effectively. Some dial-up providers actually provide their customers with their own free firewall.
Some of the most popular firewalls you may wish to try are 'Norton Personal Firewall', McAfee's firewall (the name of which is currently slipping my mind), and, as mentioned, ZoneLab's ZoneAlarm.
So, do you need to have a firewall? Absolutely. What does a firewall do?
It protects your computer, and all of the documents you have on it, from prying eyes. Do you need to go and buy a firewall? No, not necessarily.
ZoneLabs has a free version of ZoneAlarm available. It isn't as pretty or as easy to use, but it will do the job.
Hope this helps,
Submitted by: William H.
Well Stanley, think of it like this: your internet connected computer is like a large room. All internet traffic flowing into and out of your computer has to pass through ports, which are like the doors to this room. There are thousands of ports (65536 to be
exact!) that internet traffic can flow through, and certain ports are designated for certain purposes. The HTTP port (port 80) is the most common and heavily used port. When you type an internet address into your web browser, then view and navigate a new page or website, all that traffic is flowing through port 80.
Other common ports are port 21, for FTP (file transfers), port 23 for Telnet (remote computer administration), or port 110 for POP3 (email retrieval).
A firewall is a program that runs on your computer and effectively shuts and locks all these open doors into your computer. All traffic flowing into and out of your computer has to pass through one of the doors that the firewall leaves open. Most good firewalls will configure themselves automatically, so that after you install it, you won't really notice a change.
Sometimes if you use a new or unusual program, the firewall might have to be reconfigured. Most will do this automatically too, however, by simply popping open a window to let you know what's going on and asking you what you would like to do. A firewall is a must for anyone with a broadband connection. It prevents malicious people and programs from breaking in to your computer, and if you by chance get infected with spyware or other malicious software, it will keep that traffic from getting out and slowing down your internet connection.
Two good firewalls that can be downloaded and used for free are ZoneAlarm and Sygate personal firewall. Both are extremely effective and easy to use, and they don't cost a penny for personal users! I have used both and can attest to their ease of use and their quality. One thing to note, however, is that ZoneAlarm can interfere with some online games, so if you're into that kind of thing, you might want to choose a different firewall. Just download the firewall you like, double click on it's installer program, and they will install and configure in a snap. You're only a few clicks away from safer browsing, and possibly faster browsing!
Submitted by: Nick J.
A: Yes Stanley, there always seems to be a plethora of programs people should have running to help protect their computer. Having a firewall is no exception; a firewall with a good antivirus can be the difference between a happy computer or a flamb
A sincerely thank you to all of you who contributed to this past week's Q&A topic on Firewalls.
Grandpa Stanley, I hope these members' awesome explanations and recommendations to your question give you a solid understand of how firewalls work and why it is important to utilize one. I wish you nothing, but good luck in finding what works best for you and if you have a moment please swing by and give these members a good pat on the back for their time and incredible efforts for sharing the knowledge they possess.
Members, if you have additional advice for Grandpa, please feel free to post them in this thread below. Have a great weekend!
Hi, I'm really new to computers and the Internet. I keep
hearing people say I should use a firewall on my computer to
prevent Web nasties, but I'm confused as to what a firewall
is and if it's absolutely necessary. If you say I need
one, which one would you recommend? I want one that I can use
and easily understand without pulling out what's left of my
hair. Understanding my antivirus app was difficult enough,
but I'm always willing to learn new things given a chance.
Any advice to a grandpa who's just starting to explore the
computer world is sincerely appreciated.
Submitted by: Stanley M.
Stanley, a firewall acts as a gatekeeper between your computer and all the other machines that make up the Internet. Why do we need such a gatekeeper? It's because the nature of communication across computer networks allows for a loophole that can be exploited by malicious hackers. I'll use a telephone analogy to make the aforementioned points clearer, then make a recommendation...
If you call your telephone service provider, you will inevitably be greeted by an automated voice and a menu of options, and your call will be forwarded to the appropriate extension line based on selections you make. But imagine if that customer service number was a single, direct line to a single representative instead of to any number of extension lines connecting you with different departments and many employees. Disparate calls to report problems, pay bills, upgrade and downgrade services, and general inquiries would all go to the exact same phone line, so that thousands of customers would be simultaneously competing to get through at any given time. Such heavy traffic would not only tax the phone line and the employee at the end of the line, it would eventually overload the circuit to the point that it might cease to work altogether. Not exactly a model of efficiency, and the reason multiple lines and extensions, and even those dastardly automated menus, exist.
Communication across a computer network works in a similar fashion. Your computer is identified by an unique number - known as its Internet Protocol (IP) number or address - that allows it to transfer information across the Internet. Think of the IP number as your computer's telephone number. But as we just saw in the example above, if every instance of communication involved a single "line," competition among different processes or programs would slow things to a crawl, and essential processes like your antivirus updater might never get through!
To avoid this nightmarish logjam, computers use what are known as Internet ports. These ports are not physical entities like those used to connect hardware such as your mouse or a scanner, but rather "numerical addresses" that act like multiple lines or extensions necessary to keep things running in an orderly fashion. When a remote computer "dials" your IP number, it also specifies a port. This is like dialing a known party's extension at the main automated menu. To keep your system running smoothly, different processes in your computer listen for "calls" coming through specific "extensions lines" or ports. When a call comes through the appropriate port, your computer responds by providing whatever information is being requested, usually in the background, without your knowledge. And therein lies the importance of having a firewall.
A port is considered to be "open" when it can be detected by remote computers, which then are able to exchange information with your computer. While many ports must remain open to permit legitimate processes to access the Internet, most don't, and their exposure merely provides an invitation for trouble. Hackers can easily scan for available open ports, and when a computer answers, they have found a machine they might be able to break into. They can request all sorts of sensitive information, and your computer will gladly send it over.
A firewall "closes" ports by preventing unauthorized "calls" from getting through. Because your computer doesn't answer, a hacker will assume no computer exists at the particular IP address, and move on. A good firewall practically makes your computer invisible to hackers, while allowing for legitimate programs to access the ports needed for flawless performance.
By now you might be thinking "But there's nothing worth stealing in my computer!" Perhaps, but a hacker might break into a computer with intentions other than to steal sensitive files like financial information or Social Security numbers. (And don't fool yourself, your computer might already have far more personal information than you might suspect!) Malicious hackers can act as vandals and delete information from your hard drive and corrupt system files, essentially rendering your computer useless. They can also remotely control your computer, turning it into a zombie machine used to send viruses or spam, or even launch denial of services attacks to companies like Microsoft, Google, CNET, and Amazon.com - severely slowing down Internet traffic. So, you see, an unprotected computer represents a potential risk to all of us!
Fortunately, a firewall can prevent these and other headaches. The choice between installing one, and trying to explain to the FBI why your computer is disseminating child pornography over the Internet, is no choice at all.
Firewalls come in two flavors, so to speak: Hardware varieties, which are installed between your computer and your Internet gateway, and software firewalls. Hardware firewalls monitor access to your computer, but do not prevent programs already in it from accessing the Internet. In contrast, software firewalls monitor both incoming and outgoing traffic. Thus, if you accidentally download adware or a Trojan, your software firewall would keep these programs from "calling home" and carrying out many of their devilish tasks. Keep in mind, a firewall by itself won't protect you from all "web nasties." While a vital component of PC security, a firewall needs to be complemented with antivirus and antispyware software.
While it would be ideal to have both a hardware and a software firewall protecting your computer - you'd be having an extra line of defense - a quality software firewall is arguably more than enough for most of us. If you are running Windows XP, you already have a basic firewall installed in your computer. If you installed Service Pack 2, this Windows Firewall was turned on by default, and should be protecting your computer right now, unless you opted to disable it. The Windows Firewall acts like a hardware firewall, that is, it controls inbound traffic but not outgoing communications. Thus, you are better off upgrading to a better firewall, one that monitors both incoming and outgoing traffic.
Fortunately, there is an outstanding software firewall that happens to be extremely simple to install, configure and run - ZoneAlarm. Best of all, the personal version of ZoneAlarm is free! I encourage you to visit the Zone Labs website (http://www.zonealarm.com/) and download a copy. A ZoneAlarm User's Manual is also available for download in the website's Support section.
After you install and configure it - a process that is very quick and user-friendly - please go to the excellent Shields Up! website (https://www.grc.com/x/ne.dll?bh0bkyd2) to test the newly-installed firewall. This website features very clear and thorough information on how firewalls works, why they are necessary, which ones are worth getting, etc., so you might want to bookmark it and explore it at your leisure. (It is also a good idea to go back and retest your firewall from time to time, especially after software upgrades.)
After you install ZoneAlarm, you will have access to all of the features of the premium version for 30 days, including technical support. Take advantage of this trial period to determine whether the extra features might be worthwhile for you, and to have Zone Labs' support answer any questions you might have.
I am certain that you will find ZoneAlarm extremely easy to use. Don't let the fact that it is a free download make you wonder about the quality of the software. ZoneAlarm is a very powerful firewall, and it can be made even more so if the need arises. But chances are, you will not have to tweak much (if anything) after the initial setup.
There are other firewall choices, many of them packaged as part of "Security Suites." Symantec's Norton Internet Security (http://www.symantec.com/sabu/nis/nis_pe/), Trend Micro's PC-cillin Internet Security (http://www.trendmicro.com/en/products/desktop/pc-cillin/evaluate/overview.htm), and ZoneAlarm's Security Suite (http://www.zonelabs.com/store/content/home.jsp) are among the best. The advantage of these suites is that they integrate antivirus, firewall, antispyware, privacy and other utilities in one place, which not only is convenient, but tends to simplify things and prevent conflicts between software from different manufacturers. The three products just mentioned offer free trials, so if you think one of them might be the right solution for you, by all means check it out.
Submitted by: Miguel K. of Columbus, Ohio