Monday, November 06, 2006

Security: ShieldsUp and LeakTest

Did you know that the Windows Firewall that comes with Windows XP is only a one-way firewall? Which means that it can prevent threats from the Internet from harming your computer. Although, if your computer is infected by some type of malware (i.e.: virus, worms, etc.)., then you won't know about them.

Most commercial firewalls that you can buy today are two-way firewalls which means that they block threats from the Internet, but they also alert you to programs that is trying to communicate with the Internet. Most of the time you're only going to see legitimate requests from applications (such as your browser, IM client, etc.) requesting access to the Internet.

Although there are times that you might find that there is a rouge application that is installed on your computer making a request. This is when you should suspect if your computer is infected by some type of malware.

Gibson Research offers to great utilities that can help you evaluate how well your computer's defenses are protecting you. The first utility is called ShieldsUp which checks your firewall for open, closed and stealth ports.
Quick lesson about TCP/IP: When communicating with the TCP/IP protocol (everything on the Internet uses this protocol to talk to each other) with another device there are two things that you have to know. The remote device's IP address and the TCP port that you want to communicate with. A TCP port is like a port hole on the side a ship, when its open it can allow something in (i.e.: air, water, birds, etc.), when its closed then nothing can get in.
Ideally you want all the ports on your computer to be stealth which means when hackers and malware are scanning for vulnerable computers they won't be able to find you. While closed ports are not as good as stealth ports because they tell the hacker or malware that there is a computer at a specific IP address. Although, since the port is closed, there is nothing that they can do with it.

The second utility is called LeakTest, which is a very simple program that makes a request to the GRC's web server. If your firewall let's the program make the request without alerting you then your firewall doesn't block unknown outbound connections. These connections can be used by malware to 'leak' data about you out of your computer without you knowing about it.

No comments: