FOR

There are, as the old adage says, several ways to skin a cat. Likewise with personal firewall packages designed to protect your PC from malware and other nasties on the Internet. And there are a lot of nasties on the Net. The falling cost of a high-powered PC has meant that lots of their users on the dark side are utilizing their Internet connections to scan your always, or nearly-always, connected machine. This trend of rogue Internet sniffers started in the mid-1990s, driven on by the arrival of large-scale unmetered dialup access to the Net in the U.S.

The mass-market success of the Internet has also spawned a new generation of anonymous proxy servers, allowing 'dark side' Internet users to surf the Net without revealing their identities. Or so they think. Contrary to popular belief, it really is possible to circumvent the security systems on most of these anonymiser services, provided you have the resources, as the police and other security agencies obviously do.

With around 40 percent of U.K. Internet users now surfing the web on an unmetered basis, the Internet sniffers have now arrived in force on this side of the Atlantic. Coupled with similar flat-rate plans appearing in other Western European countries, dark side hackers are seemingly out in force on the European Internet. Which is where Preventon Personal Firewall (PPF) enters the frame. Building on the success of the firm's Secure PC application, which was released last summer, the software includes the firm's Internet port stealth technology, as well as a number of other IT security facilities.

The technology uses an inclusive approach to enabling Internet ports on a user's PC, rather than the exclusive approach seen in most TCP/IP communications software. Coupled with some nifty footwork in the way that the TCP/IP stack handles the IP requests in both directions, it appears to work well against ad-hoc hacking attempts.

Serious hackers use other techniques, usually exploiting loopholes in Internet applications software, such as Netscape Communicator and the ubiquitous Internet Explorer. It seems that Explorer is always being updated as Microsoft plugs one security gap after another. This is due to Microsoft's modular approach to the Windows 32-bit operating system, which means that a third-party application can interface more easily with Explorer 4.0 and above by 'tweaking' the web browser itself. This backdoor approach to systems performance is good for users, but potentially bad for security, as witnessed by the numbers of updates that Microsoft issues for Explorer. And it's this very 'tweakability' that is the real reason that packages like PPF exist.

Apple Mac and Linux-based systems rarely have the security problems that affect Windows machines. UNIX also has more than its fair share of security issues, but this is largely due to the age and disparity between different variants of the operating system. And so back to Preventon Personal Firewall. The software is actually a little late in the day for many Internet users, who will probably have elected to install other personal firewall applications such as Norton Personal Firewall or BlackIce Defender from Network Ice, an ISS subsidiary. It also has to compete with freeware and shareware apps such as ZoneAlarm from Zone Labs. Its unique selling point, however, is that is simple to install and use. Yes, really. The company's product manager says that the package was created to cater for users who wanted a simple application, rather than some of the large and complex 'simple' personal firewalls already on the market. These are too complex, he says and the more complex a package is, the more potential security loopholes there are.

He's right too. PPF does what it says on the box - it offers security with ease. This is reflected in the software's 12-page A5-sized manual. If users want more information, they can go to the firm's web site. The software has a stealth Internet port technology that is billed as preventing unauthorised port sniffing. We think that a serious hacker would spot this security technique, but then, a serious hacker can break into most systems, given enough time.

This package isn't designed to beat serious hackers. You'd need to use multiple techniques to even begin to foil a serious one-to-one hacking attempt, including using packages such as Saafnet's Alphashield, which disconnects the TCP/IP stack between downloading web pages and other outgoing Internet actions.

But Alphashield costs around £100 and is just one of several packages you'd need to install to protect a PC against serious attacks. The beauty of PPF is that it is aimed at users who want to protect their computer from most hacker attacks, port scans and other Internet-borne nasties. Installing the software is relatively easy from the supplied CD-ROM, which comes in a DVD-style case along with the mini-manual. The package installed and executed on several PCs, ranging from a Pentium 200MHz/32Mb laptop through to a Pentium III 850MHz/128Mb desktop, running across a cable modem with 56K dial backup. The software will run under Windows 98 and Me. Versions for Windows 2000 and XP are already in the pipeline.

Unusually for a personal firewall product, the package does not require regular updates. This is thanks to the software's stealth technology, although the company does plan the occasional update to take care of bug fixes and other issues. Registered users are emailed and told to go to the firm's web site when ad-hoc updates are available. This no-regular-update approach has its pros and cons. It's good if, for example, you are running the software on a laptop with irregular access -perhaps via a GSM connection - to the Internet. It's not good, however, if some nasty genius develops a new TCP/IP hacking technique that uses a worm to replicate itself.

Like all personal firewall applications, PPF generates activity reports, which it confidently terms "intruder rejection reports." The reports will be adequate for users, but it would have been nice to see a drill-down option to check into one or more attacks in more detail, even if this only routed users to pages on ART's web site, as BlackIce Defender does with its user reports.

Overall, we were pleased with PPF - it does what it says on the box, namely, it protects users from Internet attacks. As such, it is aimed at novice and middle-ranking PC users. IT tech heads may want more information on what techniques the attackers may be using. For them, other more complex packages may be more appropriate.

SC On-Line
SC Magazine
www.scmagazine.com