Is your computer hackable and how good is your firewall?
Written: Dec 15 '00 (Updated Dec 15 '00)
|
Product Rating:
|
|
|
Pros: free, informative, effective
Cons: None! It tells you things you don't want to know
|
|
|
| maceyr's Full Review: Shields Up |
Shields up is not really a software application, but rather a web site designed by Steve Gibson of Gibson Research who informs computer users of potential security hazards of the internet and does researches and constructs programs that aid computer users. Shields Up! uses their server to attempt to probe and conduct tests on your computer to test the potential vulnerabilities of your computer.
Before I start to describe Shields Up!, let me first do a brief explanation of the typical computer that is connected to the internet. The Microsoft Windows 9x operating system is designed with networking technology to allow the ease of sharing files between computers. By connecting to the internet, there is a great potential of being "hacked" by users with sophisticated programs that exploit this "leak". Without your knowledge, you computer may function as an internet server providing personal files and information stored on your computer's hard drive for all to see, delete or modify (much like what we do ourselves). Each computer that is connected to the internet basically (I won't get into more details of more than one ip address for different machines) has an ip address. If you use dial up, that address will be assigned to you by your local isp each time you are logged on. If you are on a direct connection, most likely, you will have an ip address that is fixed and doesn't change. What this ip address is, can be correlated to the home address of your house. Each time you install a program that connects to the internet, one of the computer's "port" is opened to allow the transfer of information from your computer to the internet and back. This port can be correlated to the person who lives at your address. A computer has 65,535 TCP/IP ports available for the many varieties of programs that can be installed. This feature of Windows can be easily exploited by many different programs that monitor and scan for any potential open "holes" to get access to your computer. Thus, that's where Shields Up comes in.
Shields Up! basically runs a series of probes and pings to your computer to check whether or not your computer can be easily accessible by someone with the right tools and know how and reports its findings back to you. This is a great way to test your current firewall program as well as those without firewall. You may be surprized to find how accessible your computer may be to intruders.
First of all, Shields Up! provides a short download program of 20k called IP Agent which checks for the correct ip address so that Shields Up! can correctly test and probe the correct machine. This is important as some computers may have a different ip address if they are on a network. This small program will determine the correct ip address for which the test and probes should be done and produce correct results.
Next, once the correct ip address has been determined, you can click on one of two buttons on the web page labeled "Test My Shields" and "Probe My Ports". Once clicked, the Shields Up! web page servers will conduct various tests to determine any vulnerabilities in your computer. It will attempt to contact your computer, asking for a response for each of its requests. Depending on your computer's vulnerabilities, it may respond back to the Shields Up! page with relevant information about its vulnerabilities, information that a potential hacker (if using the same techniques) will utilize to gain access to your computer.
After that, if you click "Probe my ports", more tests and probes will be conducted on your computer, attempting to establish TCP/IP connections over several well-known vulnerable ports of most computers such as : 21 (FTP), 23 (Telnet), 25 (SMTP), 79 (Finger), 80 (HTTP), 110 (POP3), 113 (IDENT), 139 (Net BIOS), 143 (IMAP), 443 (HTTPS). If you have programs that utilize the above programs, it's most likely (provided you don't have a firewall installed) that they are open. But, if you don't, there's a possibility that you have a program (eg. Back Orifice) that has opened your ports and exposed your computer's vulnerability for port scanners to detect. Also on the page, there are links to pages that will help "close" any open ports and make your computer more secure than it currently is.
You may be surprized to discover that your computer is vulnerable with or without your firewall. What you may find may scare or surprize you and I would strongly advise installing a free firewall called ZoneAlarm by ZoneLabs. This is the only firewall that also passed a very new and important test by Gibson Research that others didn't. The new test is called the"Leak Test" which tests the vulnerability of firewalls. This is an additional and new program and test that will test the "security" of your firewall program. What you don't know may hurt you.
Most firewalls are effective at blocking outside information from the internet from getting in, but aren't very effective at determining the information going out from the inside once it penetrates the firewall via spyware or other malicious, stealth programs embedded in them. ZoneAlarm is the only firewall to cryptographically certify and identify the programs that are allowed to run on your computer.
To do the "leak test", you first download the small program of 27k which disguises itself in your computer as acts as a malicious Trojan horse or other viruses or adware/spyware running on your computer. This is a very basic program that informs the computer user whether it was able to slip past the firewall protection and contact and establish an internet connection with Shields Up! web page's server at port 21 (FTP). This program can operate in "stealth mode" via several means that makes it invisible to some firewalls. It also renames itself to another trusted filename to simulate the behavior of malicious programs (Trojans, etc) and masquerade as a valid and permitted application.
According to PC World Magazine, Norton Personal Firewall 2001 can't distinguish between the real version of MS Internet Explorer and a renamed Trojan program such as Back Orifice 2000. Scary. And Sygate's Personal Firewall turned out to be a very vulnerable firewall that allows the leak test program to contact Shields Up!'s server without the firewall's knowledge. Even more scary. Other firewalls are not any better as the leak test program was also able to access the internet and contact the Shields Up! server without much difficulty. Please check the Gibson Research web site for more information.
Zone Alarm is the only firewall that did not allow the leak test program to "phone home" because ZoneAlarm generates a special "crytopgraphic signature" for every program on its list that is allowed to access the internet. The signature is then regenerated and compared before any program of that name is again allowed access. So, a Trojan horse that renames itself to any of the "allowable" programs on ZoneAlarm's list will not be able to pass the test and thus unable to "phone home".
When I ran the leak test program, the program would pop up with a scrollable informative page describing the program. At the bottom are two buttons "help" and "test for leaks". Pressing the test for leaks button will start the test. Since I have ZoneAlarm installed and running, ZoneAlarm will pop up a message asking if I would allow permission for leaktest.exe to access the internet. By pressing no, the leak test program will pop up a message indicating that the test failed and a bit more information. That is one great feature of ZoneAlarm, indicating when a spyware or program is attempting to access the internet and asking whether I allow it permission to do so. This is great because it will expose all attempts of spyware programs to "phone home", thus informing me of a potential breach of privacy.
Steve Gibson has yet again brought out a potential security risk of the internet to computer users. Kudos to him. Besides the Shields Up! security tests, Steve Gibson has produced other very useful programs such as SpinRite (hard disk utility that repairs, maintains and detects potential disk problems) , OptOut (a spyware detection program), CIH Virus hope (a program to restore a hard drive due to CIH virus) , Trouble in paradise (a program to diagnose integrity of Zip and or Jaz drives and cartridges), among others. I would strongly recommend visiting his site for very useful and informative information on computers, security and the internet.
The Shields Up! tests are extremely useful and helpful in determining and exposing any potential vulnerabilities of your computer with or without firewall protection. I would strongly recommend using it along with the leak test program and testing out your computer for any leaks that may be exploited by hackers. Also, I would recommend downloading and installing ZoneAlarm, the only firewall program that was more secure than others in preventing private information from leaving your computer. Be safe than sorry. The relevant links are located below:
Gibson Research's Leak test
http://grc.com/lt/leaktest.htm
ZoneLab's ZoneAlarm firewall program
http://www.zonelabs.com
My review on ZoneAlarm firewall program
http://www.epinions.com/cmd-review-363D-C2231B1-39A54FE8-prod6
As always, thanks for taking the time to read and rate my review.
Recommended:
Yes
|
|
|
|
Epinions.com ID:
maceyr
|
 - Top 500 |
|
Location: Canada
Reviews written: 129
Trusted by: 150 members
About Me:
I hardly have time for Epinions anymore but do try to read and rate.
|
|
|
- Add to My Yahoo!: 
- Add to Google Homepage: 
© 1999-2009 Shopping.com, Inc.