New breed of easy-to-use firewalls put to the test

MICHAEL FOREMAN* finds the gatekeepers of the net can send out some alarming signals.

Firewalls have long been recognised as the best defence against hackers, but until recently they have been a practical proposition only for the select few.

The reason is that these programs, which form a protective barrier between your computer and the outside world, are notoriously difficult to set up.

Firewalls work by intercepting inbound and outbound connections from your computer to the internet, and then deciding whether to permit or block them based on a set of rules.

For example, you might want to allow web pages to be downloaded fairly freely, but an unknown computer attempting to access your PC would be shown the door.

Setting up these rules requires an extremely detailed knowledge of the workings of the internet.

But as people spend more time online at home, a ready market for consumer firewalls has been created and several software companies have stepped in.

We tried McAfee Personal Firewall, Norton Internet Security 2000 Family Edition and Zone Alarm - all examples of a new breed of easy-to-use firewalls that overcome the installation problem by generating traffic rules automatically.

Of these three, McAfee probably goes furthest in insulating the user from the technical nitty-gritty, probably a bit too far in our opinion. The program has just three main settings - allow everything, block everything, or filter.

If you select the filter option, the program asks your permission before letting each new application use the net.

For example, clicking on Internet Explorer for the first time brings a window up saying, "Allow Internet Explorer to communicate?"

If you click yes, you won't be asked the same question about this program again, so pretty soon you will have configured Personal Firewall to accept your commonly used internet applications.

Any internet activity outside these parameters is logged as "Unknown Traffic" - which may or may not be sinister, and unfortunately this is where Personal Firewall falls down.

Within seconds we had received an unknown traffic warning, but the program did not shed much light on why this might be happening.

It simply recorded that every few seconds, a remote computer with an address like 208.19.97.195 was sending data to our local port 1280.

This didn't make much sense to us, so we selected "What is Unknown Traffic?" in the help file (there is no manual), where a notice read: "Don't panic - not all entries are hacking attempts."

But a line or two down this reassurance was contradicted by the statement: "If you are flooded with a continuous stream that appears here, it is probably someone intentionally attacking your system."

We eventually discovered (without any help from McAffee) that the traffic was connected with our internet service provider and was quite innocuous, but we were left wondering - if a hacker had been at work how would you tell?

The Norton provides anti-virus protection, parental website blocking and privacy control as well as a personal firewall. The firewall sets itself up in a similar way to McAffee's but offers more policy options.

You may allow an application to run for one time only, for example, and the advanced options allow you to fine-tune rules or block specific addresses.

Left to itself, the program gives a simple summary of connections it has blocked or approved, but if you drill down, some very detailed activity logs are displayed.

In our case an alarming number of attempted connections were being blocked - 142 in a couple of hours - but no meaningful explanation was given for this.

Symantec has provided a skimpy manual but it is introductory in scope and the on-disk help file seems to have been written by people using completely different terminology from the program's creators.

Compared to these two shrink-wrapped products, Zone Alarm, which is available to personal users to download free of charge at their website, is a breath of fresh air.

Despite being free, except for business users, who are asked to pay $US19.95, Zone Alarm is a very professional program. It presents the user with simple yes/no choices on allowing an internet program to run in the first instance, but later on you modify security settings for each program - to allow it on to a local area network or to act as an internet server.

When an alert came up, Zone Alarm was the only package of the three to make an adequate attempt to explain what was going on.

Clicking on a "More Info" box took you to web page containing more detailed information that was relevant to the condition just encountered.

Zone Alarm's 1.6Mb download may take a few minutes on a slow connection but it will be well worth the effort, and unlike the other two you won't be landed with a box much larger than its contents need.


Links


Zone Alarm