The firewall is critical. A personal fire¬wall's first task is to put all a computer's ports in stealth mode, making the PC invisible to the Internet-so that mali¬cious incoming messages get no response. Of course, all necessary communication among computers within your local net¬work should remain unrestricted. This isn't tough-the built-in Windows Fire¬wall can do it. But not all suites pass this simple test.

The firewall should also control outbound communication, preventing Inter¬net access by unauthorized programs. The old-fashioned way to accomplish this was simple: When a program first attempted Internet access, the firewall would ask the user whether to allow it. The problem is, most users aren't quali¬fied to answer.

Some products try to address this by predefining access rights for hundreds (or thousands) of known good programs. That reduces confirmation pop-ups, but doesn't eliminate them. Other utili¬ties, such as F-Secure Internet Security 2008 and Kaspersky Internet Security 7.0, "solve" the problem by running with this feature turned offby default-a poor choice.

The smartest firewalls use a threepart strategy. They automatically allow access for known good programs and delete known bad ones. When a program doesn't fit either category, the firewall keeps an eye on its behavior and allows access as long as it doesn't try anything sneaky. Clearly this takes a lot more pro¬grammed-in intelligence than the simple ask-the-user plan, but it's definitely a better tactic-both more effective and pleasanter to deal with. Norton Internet Security 2008 and Panda Internet Secu¬rity 2008 are two good examples of this approach in action.
There's always the possibility that malicious software will attack your fire¬wall head on to disable its protection. Firewalls (and security programs in general) should resist if rogue code tries to kill their processes, turn off their ser¬vices, or otherwise disable the protec¬tion they offer.

Name: Firewall Protection in Two Directions.jpg Views: 64 Size: 41.7 KB

Your firewall mayor may not protect directly against Web-based attacks that exploit vulnerabilities in the operating system or browser. Some, like NIS 2008, actively block exploits and even identify them by name. But most rely on their malware-protection abilities to prevent the exploit from doing harm even if it does manage to plant a malicious file on your computer.