Hack 48 ZoneAlarm: The World's Best Free Firewall
For the best protection, get this firewall that's far superior to XP's Internet Connection Firewall, and keeps you safe from Trojan horses and other dangers .
The Internet Connection Firewall (ICF) that ships with XP has one very serious deficiency: it can't monitor and block outbound traffic from your PC to the Internet. Many Trojan horses do their damage by installing themselves on your system and then allowing others to take control of your PC, or using your PC to attack web sites, servers, and other computers. The ICF won't offer you protection against these types of Trojans; it won't be able to tell when a Trojan is making an outbound connection, so the Trojan will be able to do its damage without your knowledge.
Other firewalls, however, will offer that protection. The best of them is ZoneAlarm (http://www.zonealarm.com). There are three versions of the program, a free version and two for-pay versions with differing levels of protection. The free version offers excellent protection against inbound threats as well as against Trojans. It also tells you whenever someone is probing your computer for security holes and gives information about the prober, often including his IP address, and the nature of the probe.
Figure 5-14. Activity that ZoneAlarm has monitored and blocked
5.8.1 Configuring ZoneAlarm to Block Trojans
The most important feature of ZoneAlarm is its ability to block outgoing traffic from your PC. That way, you can be sure that a Trojan hasn't infected your PC and can't "call out" to make contact with someone malicious, or be used to attack others from your PC. All versions of ZoneAlarm, the free as well as the for-pay, offer this protection. Since that's the most important feature, that's what's covered in most of this hack.
After you install ZoneAlarm, click on Firewall in the left panel, and you'll get to choose the level of protection (from Low to High) you want for the Internet Zone and the Trusted Security Zone (for computers on your network, or that you trust for some other reason). The settings are self-explanatory.
When you start using ZoneAlarm, alerts (such as the one shown in Figure 5-15) will start popping up every time a program attempts to make a connection to the Internet. It will most likely be a program you are familiar with, such as Internet Explorer, Outlook Express, or a similar program. If it's a program you're familiar with and you want the program to always be able to access the Internet, click on the box that reads "Remember this answer the next time I use this program," and then click Yes to let the program access the Internet.
Figure 5-15. A ZoneAlarm warning
If it's a program you're unfamiliar with or a program that you don't know why it would be connecting to the Internet, click on More Info . You may be asked whether to allow your browser to access the Internet. Click Yes, and you'll be sent to ZoneAlarm's site, which will offer some basic information about the alert. The general rule, though, is to allow only programs you are familiar with to access the Internet. If you've just launched a program that requires Internet access and you get the alert, let the program access the Internet. Or, you might want to let a program you've just installed contact the maker's web site for automatic updates and patches, if you like that sort of thing. But if the alert pops up for no reason at a random time and you're unfamiliar with the program, you should deny it access. You should also immediately run an antivirus program to see whether it can detect a Trojan.
If you allow the program to access the Internet, and check the box so that you're not alerted next time, it will always be able to access the Internet. If you want to always be alerted when the program tries to access the Internet, don't check the box.
After you designate a program as always being allowed to access the Internet, it will be put into a list that ZoneAlarm maintains about trusted programs. You can customize any program on that list, take programs off the list, or customize their security settings: click on Program Control in ZoneAlarm's left panel, and click on the Programs tab. You'll see a screen similar to Figure 5-16.
Figure 5-16. Customizing the way a program can access the Internet
Use this screen to customize how you'll allow each program to access the Internet. By inserting a check mark in the appropriate column, you can choose whether to allow the program to access the Internet or Trusted Zone, whether you want it to act as a server in the Internet or Trusted Zone, and similar features. A check mark means that the program is allowed to access the Internet; an X means that it's not allowed to access the Internet; and a ? means that it should ask before being allowed to access the Internet.
5.8.2 See Also