Looking to block out all the DoS Nastiness that happens on the web? Here's one answer.

A bit of history, if you've never heard of 'firewall.' Long ago, when cars were first being manufactured, someone came up with the brilliant idea of placing a fire resistant barrier between the driver and passengers and the engine (in case something that ought not to happen, did). 'They' dubbed it a firewall.

The firewall metaphor serves well for computers and the internet. The firewall protects a computer connected to the internet from all the naughty people who should put their talents to work and get a good job doing security audits instead. Sometimes, firewalls are simply packet filters that look at each piece of information that goes between your computer and the internet and say, "Yep, this packet from e-pinions.com can go through, but Nope, this piece from terrorism.org cannot."

Packet filters don't look at what applications are being used to move the packets back and forth, they only look at the packets themselves. Thus, eliminating some potential problems that arise from people creating exploits that take advantage of a given resource on your computer. Stateful firewalls are usually much more expensive than packet filters and offer only a slightly better security model (in my opinion, and this is my opinion). Conseal is a packet filter.

Signal 9 was just bought by McAfee (you know.... the ones who do the virus scanning doodads). For a long time ConSeal Personal Firewall has been one of my favorite toys. I really enjoy knowing that my machine is secured from any kind of hostile activity from the internet.

Well, okay not any kind of hostile activity, but I can't think of a single type of hostile activity that it wouldn't protect my computer from. So in that respect, it has protected me from a lot of different kinds of that sort of nastiness.

One of the cool features of conseal is its great logging functions. Even when the firewall identifies an attack, and stops it, it writes down the event so you can look at it later. With it, you can punish the evil-doers by copying the log to an e-mail message that you send to their ISP. (Typically, abuse@their-isp.net).

While I cruise the chat rooms on DalNet or Undernet, I always put up a firewall. I never know when I'm going to anger someone who has a 10Mbit ethernet connection (or who has hacked a 10Mbit ethernet connect) and could flood me off the net, or possibly worse.

You may have heard about the denial of service attacks in the news lately. Yahoo, etc. got bombarded so badly that it was impossible for users to access their sites. Now, I'm not going to claim that a firewall on your personal machine is going to protect you from DOS attacks. Quite the contrary. If someone wants to bombard your computer with lots of packets, there's just nothing you can do about it. But, Conseal will log the attacks and you might even be able to continue using the net.

You could also conceivably use it to filter out websites that you don't want kids to visit (or ad servers... my personal favorite to block). You can password protect the software so that the kids can't change the rules you impose. The only problem is that you have to do a lot of manual entry, and the firewall doesn't do DNS lookups so the website addresses are logged as xxx.xxx.xxx.xxx where the x's are numbers, not names. You can set it up so that kids can't use the internet at all unless they are supervised.

It'll also protect you from back orifice and other trojans by closing ports that those are known to inhabit (don't worry if I'm talking above your head here, the program comes with a couple of different basic rule sets. You can also allow only specific types of internet access, like telnet, ftp, and web, so that your machine doesn't show any shares or other stuff windows lets hang about (like other computers on your home network), so if you've got a proxy server running, you might want to protect it a little better with a firewall, too.

Conseal is a good piece of software. It's sophisticated enough to satisfy the needs of the most geeky among us, and almost easy enough for an average user who can read directions to set up. This is it's biggest drawback in my opinion. Unless you have an adequate understanding of Internet Protocols and other such things, customizing the firewall can be difficult (though with experimentation it's not difficult).

If you are concerned about your computer's security, I'd suggest you take a look at www.grc.com's shields up security test. It's a web based port scanner that can educate you a little bit about what your computer is exposing to the rest of the world.

bottom line: 50 dollars is a good price. the software is complicated, but powerful and useful. You might wait a while and see how McAfee bundles it because it might get cheaper and easier to use. Users who are uncomfortable getting into the nuts and bolts of system operation should stay away.



Recommended: Yes