Antivirus and Firewall Programs

Antivirus and Firewall Programs

Virus Protection and Personal Firewalls

Bandit with computer monitor

This section is intended more as a warning than as instruction. Once you have an Internet Connection Sharing network, especially one that's always on like Cable and DSL, assume that there are people (more realistically, automated programs) attempting to break into your LAN from the minute you first connect. There will be. The firewall in your router is there to stop the hacking and break in attempts. That will help stop viruses from being spread into your LAN directly from machines on the Internet. Unfortunately, it doesn't stop you from reading email or browsing to web sites with malicious code. Email is a popular source for Trojan horses and viruses. They are generally disguised at attachments to emails the senders hope you will think is legitimate. I used to get 1-2 virus or Trojan infected emails on an average week, but this has dropped dramatically. I believe this is because I have greatly increased the amount of spam filtering on my email server. I also suspect my ISP is proactively scanning email looking for Trojans and viruses. Another source of viruses and Trojans is web site that have infected code. In many cases, just browsing to those sites is enough to run the malicious code. A firewall does nothing to stop those. This is why having an anti-virus program such as Norton Antivirus or BitDefender to name a couple, is so important. If cost is an issue, Bitdefender's free version or AVG's free antivirus software are very good free alternatives. Equally important is keeping your antivirus program up to date. New or modified viruses and Trojans appear on a daily basis. Your virus definitions and engine need to be updated at that same pace.

Man in suit of armor

Not all viruses and trojan horses get into a LAN via the Internet. Other sources include a (laptop) computer, CD-ROM, or flash drive that was introduced from outside your LAN. That said, attacks from the Internet will greatly outnumber those that come from outside. So, how bad is it? I log the traffic that my firewall rejects and drops (with the exception of the Microsoft file sharing query traffic that I noted above). I often see 50 - 100 port scans a day that are usually probing specific ports or certain port ranges. When I see a specific port that gets probed a lot, I generally research it on the Internet to find out that the Virus du Jour is.

Remember, not all attempts to break into the computers on your home network are made for purely malicious purposes (e.g., erase your hard disk or crash your system). The goal of many hacking attempts is to take over control of your computers to use them for a purpose (e.g., make them a "zombie" file server for serving illegal files or to make them email spamming drones), to search hard drives for personal data such credit card and bank account numbers or to log keystrokes from certain web pages and programs in order to obtain passwords. Therefore, it won't always be easy to detect that a machine has been compromised.

Even though your router has a firewall, it's still not a bad idea to have a personal firewall running on every machine on your home network. Microsoft started including one with Windows XP (and even turned it on starting with Service Pack 2), but there are others like Zone Alarm Free, which is free, and Zone Alarm Pro, which is the more-advanced commercial version, that are well worth looking into. This may sound a bit paranoid, but in fact it's really a good defensive move. If one of the machines on your LAN does become infected, the personal firewall on the other machines may stop it from spreading. It's not uncommon for the cool new "warez crack" of StarBlasters 3D Mega-Expansion Pack IV - Online!!! that little your Johnny got from his friend Billy (since we know your little Johnny would never download illegal software) to contain a little something extra. That "extra" being a virus. Once Johnny installs that software his machine is infected and looking for others to infect. A personal firewall on his machine may prevent the virus from successfully contacting other machines. More likely, firewalls on the other computers will keep the virus from spreading out of Johnny's machine.

Craig Prall