If you access the Internet using a broadbandcable modem or DSLservice, chances are, you have an always-on connection, which means there's a much greater chance that a malicious hacker could find your computer and have his way with it. You might think that with millions of people connected to the Internet at any given moment, there would be little chance of a "script kiddy" finding you in the herd. Unfortunately, one of the most common weapons in a black-hat hacker's arsenal is a program that runs through millions of IP addresses automatically, looking for live connections. The problem is compounded by the fact that many cable systems and some DSL systems use IP addresses in a narrow range, thus making it easier to find always-on connections. When a cracker finds your address, he has many avenues with which to access your computer. Specifically, your connection uses many different ports for sending and receiving data. For example, web data and commands typically use port 80, email uses ports 25 and 110, the File Transfer Protocol (FTP) uses ports 20 and 21, the domain name system (DNS) uses port 53, and so on. In all, there are dozens of these ports, and every one is an opening through which a clever cracker can gain access to your computer. As if that weren't enough, attackers can check your system to see whether some kind of Trojan horse virus is installed. (Malicious email attachments sometimes install these programs on your machine.) If the hacker finds one, he can effectively take control of your machine (turning it into a zombie computer) and either wreak havoc on its contents or use your computer to attack other systems. Again, if you think your computer is too obscure or worthless for someone else to bother with, think again. A typical computer connected to the Internet all day long will be probed for vulnerable ports or installed Trojan horses at least a few times a day. If you want to see just how vulnerable your computer is, several good sites on the Web will test your security:
The good news is that Windows Vista includes an updated version of the Windows Firewall tool that debuted in Windows XP. This program is a personal firewall that can lock down your ports and prevent unauthorized access to your machine. In effect, your computer becomes invisible to the Internet (although you can still surf the Web and work with email normally). The main change in Vista's version of Windows Firewall is that the program is now bidirectional. This means that it blocks not only unauthorized incoming traffic, but also unauthorized outgoing traffic. If your computer does have a Trojan horse installed (it might have been there before you installed Vista, or someone with physical access to your computer might have installed it), it might attempt to send data out to the Web. For example, it might attempt to contact a controlling program on another site to get instructions, or it might attempt to send sensitive data from your computer to the Trojan's owner. A bidirectional firewall can put a stop to that. The Windows Firewall in Vista also supports the following new features:
From this list, you can see that Vista's firewall is a far more sophisticated tool than any of the versions that shipped with XP or its service packs. Reflecting that sophistication is a powerful new interface for working with Windows Firewall settings, exceptions, and monitoring. It's called Windows Firewall with Advanced Security (WFAS), and it's a Microsoft Management Console snap-in. To load it, press Windows Logo+R, type wf.msc, and click OK.Figure 6.3 shows the snap-in with all its branches opened in the Scope pane. Figure 6.3. The new Windows Firewall with Advanced Security snap-in offers sophisticated firewall-management features.The home page of the snap-in presents an overview of the current firewall settings, as well as a number of links to configure and learn about WFAS. This snap-in configures the firewall by setting policies and storing them in two profiles: The Domain Profile is used when your computer is connected to a network domain; the Standard Profile is used when your computer is not connected to a domain. The scope pane contains four main subbranches:
|