The TDI connection established in Chapter 6 may have left the impression that firewalls provide little or no protection against lower-level rootkits. This is far from true. Because rootkits need to be installed before they can establish low-level connections, preventing rootkit installation would be a more reasonable goal, and that is exactly what a personal firewall can provide: protection from initial malware installation.
Before detailing a selection of personal firewalls, I should point out that Windows XP has shipped with a free personal firewall since October, 2001. Here’s the text from Microsoft:
Microsoft Internet Connection Firewall (ICF) is included as a Windows XP networking feature, and you should enable it if you need firewall protection. (If you’ve set up your Internet connection using the wizard and selected a direct or dial–up connection to the Internet, ICF may already be enabled.)
When running Windows XP, ICF opens and closes most ports on the firewall dynamically as you access services, but there are a few exceptions. Since Internet Connection Firewall provides inbound protection only, if you have concerns about programs that “phone home” or send outbound data to an unknown destination over the Internet, you may want to consider a third–party firewall.
If you are interested in using this personal firewall, or you are not sure if you are already using this firewall, follow these steps:
Click the Start button (usually in the bottom left-hand corner of the display).
Select Control Panel.
Select Network Connections.
Select Local Area Network.
Click the General Properties button.
Click the Advanced tab.
Press the Windows Firewall–Settings button.
At this point, you may be asked to turn on the Windows Firewall/ICS service. Answer yes if you intend to use the firewall. If your version of Windows has the ICS service, it needs to be running to start the firewall.
From the General tab of the Windows Firewall dialog, select the On radio button and click OK. This will activate the Windows personal firewall. From this point forward, your machine will be much more secure, and you will only be bothered when a program is blocked. This is about as easy as security software can be.
If you want a little more protection, or you are running a version of Windows before Windows XP, then you may wish to check out the firewalls listed in the following section. I have divided these into two sections - free and not free - to help direct you in your decision.