YOU ARE HERE: LAT HomeCollections

The Cutting Edge / Focus on Personal Technology | E-Review
/ A Weekly Look at a Technology, Product or Service

Don't Get Burned, Surfers; Personal Firewalls Are Here


The spread of high-speed Internet access over cable TV or digital phone lines has spawned a new threat for PC users: greater vulnerability to attack from hackers.

Although PC users with cable modems or digital subscriber line (DSL) service enjoy surfing the Internet at speeds up to 30 times faster than those with dial-up connections, their computers can more easily be found and attacked by hackers because they are usually permanently logged on to the Net and often have a fixed Internet address.

This vulnerability has opened up a hot new market for so-called personal firewall software that purports to protect PC users from hackers, and in some cases, even intercept those pesky pop-up banner ads that can litter your desktop when you visit certain Web sites.

These programs face a difficult task in striking a balance between being easy to use yet sophisticated enough to distinguish between innocuous and threatening Web traffic. You don't want hackers rifling through your Quicken personal finance files. On the other hand, you don't want to lock down your PC so tightly that you can't easily retrieve e-mail.

The best personal firewall programs clearly explain such security options and guard electronic routes of entry to your computer, known as ports, that hackers often exploit.

Personal firewall protection should not be considered an optional software accessory, in my view. Like antivirus software, it should be among the first additions to your computer operating system because the threat of attacks are real.

Carnegie Mellon's Software Engineering Institute, which tracks only a fraction of the world's computers, reports that there were more than 35,000 reports of computer security breaches last year affecting more than 4.3 million computers. Most home computers are a lot less protected than the computers reported to Carnegie Mellon. Indeed, some Internet access providers, such as EarthLink, have begun offering free personal firewall software to their customers.

I examined three personal firewall products that sell for $50 or less: Norton Personal Firewall ($49), Zone Alarm (free for personal and nonprofit use), and's Personal Firewall ($40). I ranked Zone Alarm as the best, followed by McAfee and then Norton.

Zone Alarm

Zone Alarm, which can be downloaded at, excels at making personal firewall configuration simple for novices yet powerful for advanced users. The security level can be adjusted to either Low, Middle or High, with options to fine-tune adjustments. However, Zone Alarm's repeated intrusion alerts under the default setting can be irritating. The notifications, however, can be turned off in favor of having intrusions recorded in a text file that can be examined at your leisure.

Zone Alarm also monitors outbound Web traffic. When a program on your computer attempts to access the Web, a window pops up asking whether you want to block the program from going online, allow access at that time only, or always allow access. Thus if a hacker surreptitiously places a program on your computer that tries to go online, Zone Alarm will let you know immediately.

Also useful is Zone Alarm's "Internet Lock" feature. It shuts down online access after a certain amount of inactivity on your PC, or when activated manually, much like a password-protected screen saver blocks access to your desktop after a certain interval. Even when the lock is on, however, you can permit selected applications, such as your e-mail program, to bypass the lock and check for new mail.

Zone Labs last month introduced a $39 professional version of Zone Alarm that allows more sophisticated filtering of Web traffic but with the same ease-of-use features in the free product.

McAfee's Personal Firewall, version 2.10, installed without a hitch. It displays just two setup windows: one to select whether to block all Web traffic, filter all Web traffic or allow all Web traffic; and another to select whether to keep detailed or summary traffic logs.

Like Zone Alarm, McAfee displays a check box each time an application tries to access the Web and asks the user whether it is OK for the application to establish an Internet connection.

The program automatically installs a "middle" security level. That's a good compromise for most PC users. The setting, for instance, closes the NetBIOS port, which enables printer and file sharing over a network, but also can be used as an entry point by hackers.

The one oversight of the McAfee program is that it does not automatically launch when Windows starts up. Unlike ZoneAlarm and Norton, you have to make your own start-up folder shortcut for McAfee or click through four dialogue screens to reach the setting that makes McAfee's Personal Firewall start automatically.


Los Angeles Times Articles