Click on Common Ports to test the ones most used. Click on All Service Ports for a complete test.
The perfect firewall will show Stealth (invisible) status for all ports. ZoneAlarm is one of the few software firewalls that can provide this level of protection. It used to be the ONLY one.
II - INSTALL PROTECTION
1 - FIREWALL
You have a choice of a hardware or software solution here.
The best software firewall is ZoneAlarm, and it has the advantage of being free, as well. ZoneAlarm protects both against incoming attacks and outgoing events, such as a keylogger sending private information, by asking you if you initiated the program which is attempting to access the internet at that moment. If you recognize the program, such as the Internet Explorer browser, you can give it blanket permission to access at all times, without being checked out. If you say no, it will be blocked. You can also give one-time access to check out any results, like error messages from a Windows service which needs to run in order to give your browser access.
A hardware firewall is simply a router that sits between your DSL or Cable modem and the network card in your PC. It very effectively blocks all incoming traffic which has not been intitiated from your PC. It will NOT block programs on your PC from accessing the internet, so, while it may prevent a trojan from being loaded onto your PC, it will not prevent it from working once it's been initiated. When combined with the other protection here, that won't be a problem, but you should know that this blocking of outgoing access by programs, without your permission, is one of the virtues of ZoneAlarm.
The biggest advantage of a router is that is fields all the traffic sent to the IP address given to you by your ISP, and reassigns the IP address used by your computer, so your PC's IP address is simply not accessible.
Though they offer the possibility of being configured, little or no configuration is usually necessary.
Many of the commercial AV programs are notorious for failing to detect bugs in a timely manner, and for causing conflicts with other software (Norton is one of these). As a result, users started looking for better solutions. I've tried any number of the freeware solutions and finally settled on AntiVir.
- It tends to find viruses missed by other AV programs.
- Detection files are updated frequently - often several times a day. You can set the update component to update as often as you like. I update once a day.
- It has a component called AntiVir Guard which monitors file activity on your hard drive and scans on-the-fly. This is especially valuable in the case of hidden "drive-by" downloads from malicious sites - a common source of trojans. The Guard component sees these hidden downloads and scans the files, immediately alerting you of malicious content, and offering you the option of deleting, moving or renaming the file or placing it in quarantine. Priceless.
3 - WINDOWS UPDATES
Microsoft is painfully aware of the many vulnerabilities in its software, from Windows itself to Outlook Express to Internet Explorer. They work hard to patch them as quickly as possible after becoming aware of a problem. Updating your system is vital to any comprehensive effort to protect yourself: http://www.windowsupdate.com/
You can set Windows up to automatically check for new updates and notify you from the system tray by going to Start -> Settings -> Control Panel -> Automatic Updates and checking the box that says "Keep my computer up to date."
4 - FREEWARE SOLUTIONS
Out of all the freeware solutions out there, the following programs should be considered essential. They are tried and true, contain no spyware or adware themselves, work well with other programs, and are constantly being updated and improved by some of the most creative and conscientious programmers in the world.
Many of them overlap in their protective capabilities, but there's no such thing as too much protection. At the same time, they each contain some unique aspects which more than make up for any overlap in function.
"Ad-Aware is designed to provide advanced protection from known Data-mining, aggressive advertising, Parasites, Scumware, selected traditional Trojans, Dialers, Malware, Browser hijackers, and tracking components. With the release of Ad-Aware SE Personal edition, Lavasoft takes the fight against Spyware to the next level." http://www.lavasoftusa.com/software/adaware/
The free version is essential. Plus and Professional versions are also available.
Use it once a week, or more often if you browse aggressively. Manually update before each use.
- Spybot Search & Destroy
A partial list of features:
Removal of adware and spyware Removal of dialers Removal of keyloggers Removal of trojans and other baddies Removal of usage tracks Save removal of threats by shredding them Backups of every removed problem Exclude option to ignore specific problems Permanent blocking of threatening ActiveX downloads Permanent blocking of known tracking cookies for IE Permanent blocking of threating downloads in IE http://www.safer-networking.org/en/features/index.html
Run it once a week to update it, and enable all protection. Then close the program. This program acts more like an inoculation, preventing changes to the system. 4349 items are currently in the database.
"WinPatrol uses a heuristic approach to detecting attacks and violations of your computing environment. Traditional security programs scan your hard drive searching for previously identified threats. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge." http://www.winpatrol.com/
This program loads with Windows and sits in the system tray, offering many features. The most noticeable are when Scotty, the Scottish Terrier, barks to alert you that a new program has been added to the Windows Startup sequence, either in the registry or the Startup Folder.
Since one of the ways that viruses multiply themselves is to add an entry to Windows Startup, this is a very valuable program. You can immediately deny any program from placing a startup entry.
You can also use the program by double-clicking on the tray icon. Scotty will bark in response, and you'll have access to several tabs of options, including viewing Startup Programs, Active Tasks, IE Helpers, Cookies, and much, much more.
Scotty can also be set to monitor any changes made to your HOSTS file. Much more on this later.
- HijackThis (HJT)
HijackThis is a legendary program which is of immense value if you've already been infected, or think you might have been.
"HijackThis examines certain key areas of the Registry and Hard Drive and lists their contents. These are areas which are used by both legitimate programmers and hijackers." http://www.tomcoyote.org/hjt/
HJT creates a log of what it finds which can then be posted for analysis by experts such as those found here on Google Answers, or in a forum dedicated to assisting those who are infected, such as 'TomCoyote Forums', 'Geeks to Go Forums' and 'SpywareInfo Forums'.
Experts can tell you precisely what entries to check for removal by HJT.
One of the latest enhancements to this program is the addition of online HJT log analyzers, which can give you a leg up in analyzing them yourself:
HJT has other very useful features, including one which marks a file for deletion on reboot. This is very useful when Windows prevents you from deleting a file because it's currently in use, which happens a lot with viruses.
- Microsoft Windows Anti-Spyware (Beta)
I installed this and ran it for about a week. It didn't give any indication of having found anything that wasn't already protected against by the other software here, but I'm including it because it's received very good reviews in the geek community, and I'd certainly recommend it to anyone who has limited knowledge of spyware and the other programs I've outlined to prevent it.
The HOSTS file is a little-known Windows file which normally does nothing, since the content is minimal by default, that being:
That entry just points to your computer and identifies it as localhost.
But additional entries can be made to this file that amount to Windows wizardry!
The file is typically located here, in W2000 & XP: C:\WINNT[or Windows]\system32\drivers\etc
It has no extension, but your can rename it HOSTS.txt and open it with Notepad to see that it is a text file.
Entries can be added on a custom basis. These entries will point specified addresses to your computer, rather than to your DNS server, so that, instead of looking for the files on the web, your browser will look for them on your PC. Since they don't exist there, they won't be found and loaded. In this way, you can effectively block certain sites from ever being loaded in your browser.
Many people use the file to prevent known advertising servers and malicious sites from having access to your browser. There are many sites which post replacement HOSTS files to use in place of the default one.
Different sites focus on different content. You can find sites that block porn sites, sites that block ads from loading in your browser, sites that are known to be malicious, and combinations of all of these.
Since there are hundreds of sites of all these types, the number of entries in the HOSTS file can cause it to become much larger. If the file is too large, it will slow the speed of your browser's loading things, so some authors of HOSTS files take this into account, and use it to redirect only the most malicious sites and ubiquitous advertisers.
You can download the one they provide and use it to replace the default one (after renaming it). You can then also lock the file, by right-clicking on it, selecting Properties and checking Read-only. This will prevent trojans and other hijackers from writing to it, which can cause some major problems.
The MVPs page also offer a batch file utility which allows you to temporarily turn off protection by renaming the file.
III RE-TEST YOUR SYSTEM
Once you've installed your firewall, go back to Steve Gibson's ShieldsUP! page and test it out.
Then just update and run your AV program, Spyware Blaster, Spybot S&D, and AdAware about once a week, and more often if you have a period of agressive browsing in unknown territory, or you have reason to suspect there is a bug on the loose.
Meanwhile, AntiVir Guard, WinPatrol's Scotty, and MS's Anti-Spyware programs, as well as Spyware Blaster's innoculations, are keeping your system safe, and looking for any changes.
This space is reserved for flying monkeys, edible electrons, translarian aphorisms, and any other intriguing anomalies, as I see fit to share them.