 |
|||||||
|
|
|
|
|
“Of Mice and Megabytes Supplement”ZONE ALARM: A PERSONAL FIREWALL How secure is the Internet? That question usually comes to mind when we voluntarily offer private information over the Internet. The information may be as innocuous as your name and e-mail address, or it could be a bit more serious when we gladly fork over our credit card information. But in this month’s column, I’d like to turn around the question and ask, “How secure is your computer?” This question could give rise to some confusion. After all, it seems we control our information destiny when surfing the Web. We choose what information we’re comfortable in disclosing and to which web site. We don’t divulge it willy-nilly. But unbeknownst to most, your computer is akin to an unlocked house, surrendering its valuables to anyone at any time. How? It’s not difficult. You needn’t be the ultimate computer nerd. It’s quite simple actually. Too simple. Software tools (“spyware”) are readily available that can be maliciously used to find information on your computer’s hard drive, then steal that information and send it to back to the perpetrator. Let me illustrate just how vulnerable we are. The following story appeared in a magazine article a few months ago (I’ll have to recall it from memory since I can’t locate the original story): A woman received a phone call one afternoon. The caller asked if this was So-and-So. She said yes it is. He asked if her address was so-and-so. She quizzingly responded yes. The caller then proceeded to rattle off her social security number, her bank account number, the balance in each of the accounts, her credit card number, and the balance owed. Naturally, the woman was shocked and scared. He explained that he garnered the information from her computer, specifically, her hard drive, where she had all this information stored. He further explained that he had no malicious intent, wanting only to demonstrate how easy it was for him to obtain the information. Wouldn’t it be nice to have your computer resemble more of a gated community where you could control who comes and who goes? Yes, it would, and a solution is at hand. Zone Labs (www.zonelabs.com) offers “Zone Alarm,” an easy to use, Internet security device that effectively blocks unwanted intrusion into your computer. Not only is it highly effective, it’s free. Currently, however, it’ll operate only on PCs running Windows. But they’ve informed me that a Macintosh version will soon become available. Zone Alarm, in essence, provides a wall (referred to as a firewall) between your computer and the Internet. You control what applications can access the ‘Net (such as Internet Explorer, Netscape Navigator, Outlook, etc.). Additionally, and more importantly, Zone Alarm will block access to your computer from outside, undesirable sources lurking on the ‘Net. Don’t underestimate this threat. It’s very real. You’d be wrong if you thought this type of thing doesn’t or can’t happen very often. Once Zone Alarm is installed, you can configure it to notify you each time an intrusion is detected. Believe me, you’ll quickly turn off this feature because it’ll become annoying. Very annoying. (Make sure you click the Help button once you install Zone Alarm. It’ll explain its features and how to configure it, a task that may not be entirely intuitive.) Remember, when configuring Zone Alarm, realize you WANT to allow some applications to pass information to and from your computer to the Internet. For some applications, you DON’T want them to access the Internet. Case in point: RealPlayer, a software application that plays various types of audio files on your computer, was sending information over the Internet back to its company, RealNetworks, regarding your listening habits. Once they got wind of it, their customers were surprised and dismayed to say the least. And RealNetwork’s devious actions were in direct violation of their posted privacy policy. So, in this case, you wouldn’t want RealPlayer to access the ‘Net and you’d configure Zone Alarm to disallow it. If you want to test the effectiveness of Zone Alarm or if you’re just curious about your computer’s vulnerability, log onto http://grc.com (note the lack of WWW preceding the grc.com). On their home page, locate the words “Shields Up” and click on it. Read and follow the on-screen instructions and continue to check your computer’s security by clicking on the “Test My Shields” button and “Probe My Ports” button. It’ll actually try to access your computer’s vulnerable spots and report back to you on its success or, hopefully, failure to do so. And while we’re on the subject of security and keeping troublesome activity out of your computer, I’d like to impart the following regarding computer virus protection. There have been quite a few software viruses in the news lately. Virus protection software is fairly common and inexpensive. If you don’t currently have it, think of it as cheap insurance. If you already have it, make sure you regularly update the virus definitions. (“Virus definitions” are a fancy way of saying “virus list.”) You can usually download the latest definitions from your anti-virus software vendor’s web site be it Symantec (www.Symantec.com), McAfee (www.mcafee.com) or whatever. New viruses are created and unleashed upon the computing community almost daily even though you don’t hear about them on the 11 o’clock news. Most malicious software has been circulated via e-mail since it’s the easiest way to spread it. However, on the horizon, are “hostile web sites” containing malicious software. According to an article in “Computerworld,” “victims may be tricked into visiting the sites when they click on links they receive via e-mail.” Although these sites aren’t currently a major problem, hostile web sites “are the next big threat.” This means that the e-mail message itself is harmless. It’s only if you click on a link contained in the e-mail that might prove to be your undoing. Incidentally, for users of the e-mail program Outlook 98 or Outlook 2000, Microsoft has made available on their web site (www.microsoft.com or www.officeupdate.com) a patch designed to “plug the security hole” which allowed the “I Love You” virus to easily propagate. Carefully read the accompanying instructions and caveats on their web site. Once installed, you’ll lose some of Outlook’s ease-of-use features and there’s no way to un-install it without first un-installing Outlook entirely. Ouch! In conclusion, I don’t want to scare you from using the Internet. It’s a wonderful and valuable resource. I do, however, want you to be aware of potential problems as well as available solutions. Not every intrusion results in stolen information. But then again, you don’t want to leave yourself wide open to potentially catastrophic results either. Re-printed from the Rafu Shimpo, July 2000. Copyright©2000 Rafu Shimpo. All rights reserved.
|
|||
|
|
|||
|
|
|
|