Internet News has a story about popular firewall software — including the package I use, Norton Personal Firewall — failing to stop outbound traffic that would be generated from something like a trojan or a virus.
The key for the Norton package is automatic rule-based outbound permission schemes. Basically if you foolishly choose the wrong option, Norton just assumes that if a program identifies itself as Internet Explorer, that it really is Internet Explorer and simply lets the outbound connection go through. Not a good idea.
As Steve Gibson, who wrote a utility called LeakTest to test the ability of various firewall programs to stop these sorts of trojans, says, “This idea of allowing all these apps pre-approval is ludicrous. It’s trivial to get permission out of the firewall without notifying the user.”
Norton replies that if you’re running a virus checker and the firewall the risk is minimal — but they’re going to update their software anyway. Gibson endorses ZoneAlarm which uses cryptographic signatures of pre-approved applications to make sure it’s really IE rather than a trojan or virus trying to make an outbound communication.
And yes, I’ve found these sort of things on my system, though how they got there I haven’t a clue, so the risk is real.
Wired’s Farhad Manjoo has an article about the potential problems created by always-on broadband connections, Broadband Could be Hackland.
I was surprised after all of the literature they sent me along with the numerous times I called technical support, that no one at Ameritech even raised the possibility that extra security precautions might be in order when using a DSL connection. I was already aware of such problems, but you’d think even a small “buy a firewall program for extra security” note might be in order.
On the other hand, maybe they have the same contempt for their consumers as Excite@Home’s Richard Holden does. Holden says the security problems with broadband have been blown out of proportion (which may be somewhat true) and, as Wired paraphrases, “Holden added that only if people are using their computers to store sensitive information will extra security software be necessary.”
What world is this guy living? Everybody I know who owns a computer has sensitive data on it, even the folks who aren’t power users. Several people I know use their computer to prepare their tax returns; others use Quicken and other financial packages to keep track of their money.
As far as I’m concerned my e-mail is very sensitive data in that I wouldn’t want some cracker gaining access to it. I know even casual computer users who use email to communicate relatively sensitive information. Of course firewalls don’t guarantee nobody will get access to your data, but you always want to put as many impediments as feasibly possible in the way of those with malicious intent.
The blaise attitude among broadband providers toward security is very puzzling.
The other day I signed up for DSL service through Ameritech. Today they left a message on my voice mail saying they don’t support Windows Millenium Edition, the OS of the computer I told them I was going to use for DSL access. Had to call them back quick to make sure they didn’t delay the installation — told them I had a Windows 98 machine. Which, of course I do, but they didn’t ask so I didn’t tell them I actually plan on hooking the DSL up to a LinkSys DSL router.
Not very honest perhaps, but what sort of vendor actually thinks that given the number of 2+ computer households that they can get away with stipulating that you can’t run both DSL and an Ethernet network (that is one of Ameritech’s stipulations for service — that you not network the computer the DSL is on.) They really hate things like the LinkSys DSL router, but I really want a firewall between my computer and an always-on DSL modem without having to dedicate a separate computer running something like BlackIce (it’s interesting that so far, neither the literature I’ve received from Ameritech nor in my conversations with the DSL sales representatives did anybody alert me to any of the security problems that might come from having DSL without some sort of firewall or similar software).