Hack 78. ZoneAlarm: The World's Best Free Firewall
For the best protection, get this firewall, which is far superior to XP's Windows Firewall and keeps you safe from Trojan horses and other dangers.
The Windows Firewall that ships with XP has one very serious deficiency: it can't monitor and block outbound traffic from your PC to the Internet. Many Trojan horses do their damage by installing themselves on your system and then allowing others to take control of your PC, or by using your PC to attack web sites, servers, and other computers. The Windows Firewall won't offer you protection against these types of Trojans; it won't be able to tell when a Trojan is making an outbound connection, so the Trojan will be able to do its damage without your knowledge.
Other firewalls, however, will offer that protection. The best of them is ZoneAlarm (http://www.zonealarm.com). There are four versions of the program, a free version and three for-pay versions with differing levels of protection. The free version offers excellent protection against inbound threats as well as against Trojans. It also tells you whenever someone is probing your computer for security holes and gives information about the prober, often including his IP address and the nature of the probe.
ZoneAlarm with Antivirus, which sells for $24.95 for a year's subscription, adds virus and worm protection to the free firewall features. ZoneAlarm Pro, which sells for $49.95 for a year's subscription, doesn't offer worm and virus protection, but does improve on the free version's protection features, blocks pop ups and cookies, stops personal information from being sent from your computer over the Internet, and does better tracking and reporting about those who might have tried to attack your PC. ZoneAlarm Security Suite, which sells for $69.95 for a year's subscription, does everything the antivirus, free, and Pro versions do, and also protects against instant messaging dangers, protects against phishing attacks, kills spam, and adds other features as well. At a minimum, try ZoneAlarm because, well, it's free. If you feel you need more protection, you can go with a for-pay version. I've been using the free version for several years and have never felt the need to go to the paid version. Figure 8-14 shows a record of activity that ZoneAlarm Pro has monitored and blocked.
Figure 8-14. Activity that ZoneAlarm has monitored and blocked
8.5.1. Configuring ZoneAlarm to Block Trojans
The most important feature of ZoneAlarm is its ability to block outgoing traffic from your PC. That way, you can be sure a Trojan hasn't infected your PC and can't "call out" to make contact with someone malicious, or be used to attack others from your PC. All versions of ZoneAlarm, the free as well as the for-pay, offer this protection. Since that's the most important feature, that's what's covered in most of this hack.
After you install ZoneAlarm, click Firewall in the left panel and you'll get to choose the level of protection (from Low to High) you want for the Internet Zone and the Trusted Security Zone (for computers on your network, or that you trust for some other reason). The settings are self-explanatory.
When you start using ZoneAlarm, alerts, such as the one shown in Figure 8-15, will start popping up every time a program attempts to make a connection to the Internet. It will most likely be a program you are familiar with, such as Internet Explorer, Outlook Express, or a similar program. If it's a program you're familiar with and you want the program to always be able to access the Internet, click the box that reads "Remember this answer the next time I use this program," and then click Yes to let the program access the Internet.
Figure 8-15. A ZoneAlarm warning
If it's a program you're unfamiliar with, or if you have no idea why it would be connecting to the Internet, click More Info. You might be asked whether you want to allow your browser to access the Internet. Click Yes, and you'll be sent to ZoneAlarm's site, which will offer some basic information about the alert. The general rule, though, is to allow only programs you are familiar with to access the Internet. If you've just launched a program that requires Internet access and you get the alert, let the program access the Internet. Or, you might want to let a program you've just installed contact the maker's web site for automatic updates and patches, if you like that sort of thing. But if the alert pops up for no reason at a random time and you're unfamiliar with the program, you should deny it access. You should also immediately run an antivirus program to see whether it can detect a Trojan.
If you allow the program to access the Internet, and you check the box so that you're not alerted next time, it will always be able to access the Internet. If you want to always be alerted when the program tries to access the Internet, don't check the box.
After you designate a program as always being allowed to access the Internet, it will be put onto a list that ZoneAlarm maintains about trusted programs. You can customize any program on that list, take programs off the list, or customize their security settings. To do this, click Program Control in ZoneAlarm's left panel, and click the Programs tab. You'll see a screen similar to Figure 8-16.
Figure 8-16. Customizing the way a program can access the Internet
Use this screen to customize how you'll allow each program to access the Internet. By inserting a check mark in the appropriate column, you can choose whether to allow the program to access the Internet or Trusted Zone, whether you want it to act as a server in the Internet or Trusted Zone, and similar features. A check mark means the program is allowed to access the Internet; an X means it's not allowed to access the Internet; and a ? means it should ask before being allowed to access the Internet.
8.5.2. See Also