I'm not a security expert, so I'm not going to pretend that this is some kind of authoritative resource. Instead, I'll be pointing you towards resources that I do consider authoritative, while offering some caveats about the advice given there. For now it's something of a hodge-podge of just the things I've thought of today while writing this up. I'll continue to add other items as they come to my attention.
The best place to start is Gibson Research's home page. From that page, free to everyone, you can test the security of your PC with the ShieldsUp tests created for this purpose. You can do two kinds of tests, one that does a general test of your computer's safety from outside attack ("Test My Shields"), and another that tests all the network ports on your PC to see if any are open for exploitation ("Probe My Ports"). Once you have tested your PC, you can follow Gibson's advice, nearly all of it mentioned at appropriate points in the page displaying the results of the tests.
But before that, you might want to look at the articles listed at the bottom of the page cited above. Some of them are really good explanations of the issues involved. I strongly suggest the following:
- Gibson Research's instructions on securing your system.
This article is especially appropriate for individuals and small office users who connect to the Internet via a dialup connection, and whose computers are not networked. If you are on a network and gain access to the Internet from that network connection, the instructions may or may not work properly. Specifically, some networks use TCP/IP (the language in which Internet servers talk to each other) as their base protocol, so following the instructions as given would disable your entire access to your local network. If that is your situation, you should contact whoever provides your tech support for advice on what you can do to gain a higher level of security. DFA can provide exactly this kind of assistance.
If you are in a circumstance where you cannot disable the binding of TCP/IP to the network adaptor, a personal firewall may be in order:
- Gibson Research's recommendations for personal firewalls.
Basically, this page now boils down to a promo for ZoneAlarm, a program that I've tested and found problematic. Gibson's page is based on ZoneAlarm 2.0x, and currently, version 2.1 is available from ZoneLabs. I am currently testing this new version because one of its chief features is protection against the class of VBScript worms of which ILOVEYOU was the first to be widely known.
ZoneAlarm remains free for personal and non-profit use, and is only $19.95 for commercial use. I would recommend that any small office or home user who is sharing files or printers should consider running ZoneAlarm as a layer of protection against outside intruders. Over a year of use, $20 is less than a $.08 a day, a mere pittance for increasing the security of one's PC or peer-to-peer network.
For more elaborate networks, however, more elaborate solutions are probably warranted. DFA can help evaluate exactly which products are the best fit for your networking circumstances, and help you install and configure whatever firewall or security software you choose.
- PC Magazine's article on Personal Firewalls.
The Editor's Choice in this roundup is a Norton product. I cannot endorse any piece of software with the Norton name since the product line was purchased by Symantec. I would consider McAfee's offering or ZoneAlarm before I would ever consider the Norton product.
Bill Machrone, a ZDNet columnist for whom I have a great deal of respect, wrote a column that ran parallel to the PC Mag article in which he cites ZoneAlarm and BlackICE as two products that offer something beyond what the Norton offering includes. I have tested both and suggest that anyone interested in monitoring the security of their PC should purchase BlackICE. I do not run it continuously, but do find it helpful in identifying outside attacks.
- Download ZoneAlarm 2.1.
You can download the free version or the commercial version. If you are a business, you can pretend to be using it for personal use and get it for free, but for $19.95, you should support the makers of the software and purchase it.
- Purchase BlackICE ($39.95).
BlackICE is not a firewall. It is more of a program that watches your PC for incoming attacks and notifies you of them. It can also block ports and protect you in some of the ways a firewall does, but it is not nearly as flexible. It is a good product, though, and useful in tracking the kinds of probes that come through to your system. ZoneAlarm, however, also blocks outgoing traffic, which can protect you from back door programs installed on your computer without your knowledge. BlackICE only protects against incoming threats. It is possible to run both programs simultaneously, but in my testing, it was not a completely stable configuration.
- A list of port numbers used by Trojans/worms.
This could be of some use in configuring a firewall to monitor specific ports, or in evaluating the source of probes that a firewall might catch.
- Gibson Research's OptOut utility, which tests your system for commonly known Internet-based advertising programs.
This is not really a security program, but it is useful in helping track down problems. However, note that ZoneAlarm would catch any attempts by an advertising "Trojan" to send information across the Internet to the host organization.