spacer spacer spacer


Homelan(d) Security

The Department of Homeland Security is all het up about Microsoft’s latest security flaws. What's a poor home user to do? One simple and safe solution is to not connect to the internet, but that’s probably too Draconian for the average user. If you have a dial-up connection, you are safe as long as you are not connected. But if you are like more and more people, you have an always-on, high-speed connection to the internet, and your PeeCee is plugged right into it. Might as well leave your front door open with a note on how to find your sugar jar taped to the jamb.

One solution is to put something between your cable/DSL modem and your computer. There are lots of routers available whose main purpose is to allow you to have several computers at home accessing the internet while only paying your ISP for one connection. A pleasant side-effect to many of these routers is that they stop most worms cold because they are not a PeeCee — they act as a firewall between you and the internet.

A router is in fact a computer, it typically has an operating system, but it has only one job to do, so there is a much better chance that its programmers have gotten it right. Much better than a general purpose computer running a general purpose operating system with half a billion lines of code any one of which might be wrong.

You can buy a “personal firewall”, a piece of software that runs on your computer and tries to do the same job, but it is not quite as good, because it is depending on your operating system to be working right, and this was the source of the problem in the first place.

That's why I suggest getting a hardware firewall, a dedicated box that has only one job to do. The best firewalls implement something called stateful packet inspection (SPI), which looks at every packet of information going in and out of your house to make sure it is something that you asked for.

A firewall does not protect you against viruses that you receive in email and are fooled into opening, so you still need good anti-virus software on your machine, but it can save you from malicious crackers invading your machine over the internet.

Macs are less likely to be affected by these worms and viruses. They are such a small share of the market, the worm and virus “vendors” usually don't bother to make a Mac-compatible version of their wares. Nevertheless, if you have a Mac plugged into an always-on internet connection, it is likely getting probed by worms just to see whether it is a PC or not, so a hardware firewall can still be of use to stop the worms from wasting your time (your computer does waste time looking at the probes, even if only to ignore them).

[The router/firewall that I use personally is the Linksys BEFSR41. If you are using wireless internet in your house, there are combination router/firewall/wireless gateways too. If you are a Mac user, the Apple Airport is one such device.]