Internet Security

Once the vulnerabilities in your Operating System and the programs you use have been identified and fixed (by running all updates), you need to focus on the network connection. You will want a kind of 'perimeter defence' on your network, called a firewall. A firewall can block and monitor the conversations programs on your computer have with other computers online - and deny anything that hasn't been specifically permitted by you. A firewall can aid in protecting your computer from attacks when connected to the Internet. This is essential since most of us have an 'always on' connection like ADSL, Wireless Broadband or Cable modem. Always on Internet connections make it easier for your computer to be discovered. If someone out there is probing for computers with known vulnerabilities and your system is detected, you could be infected or accessed. If a Trojan should find its way onto your PC, a firewall could prevent the Trojan from gaining internet access. If your PC is infiltrated, it could be used to access your work's corporate network whenever you connect to it. Or it could be used to launch denial of service attacks on other networks, or deliver spam.

The 'personal firewall' is just a consumer grade version of a tradition software firewall - it has just enough features to make it easy to use and help you sleep at night. Personal firewalls run as software on your PC. One of the more known products is Norton Internet Security. Other retail offerings include McAfee Firewall, PGP 7 Firewall and PC Viper Personal Firewall. There are even some free products available such as Zone Alarm, eSafe, Sygate and Tiny. Windows has a firewall built in, but it doesn't have the flexibility and customizability some people want. Each of the aforementioned products offer varying features. If you get a firewall, learn everything you can about what it can and cannot do. Do not use more than one firewall program (on your PC) at the same time - they will interfere with each other. Understand that a firewall is not a 'set and forget' program. Every new piece of software you install that connects to the Internet may require a re-configuration of your firewall.
You can read some great comparisons of Firewall products at Security Portal and at SysOpt. There are more reviews of several firewalls at Steve Gibson's Shields Up site. Steve Gibson endorses one of the free products for personal use mentioned earlier called Zone Alarm.

If you have purchased a Cable/DSL or wireless router, it probably has a firewall built in. The firewall in your router will do nothing to stop outgoing connections, such as the ones created by malware. That's why the Windows firewall or other software equivalent are still needed. Many people are left with the impression that a firewall suddenly makes them immune to any type of security problem. Nothing could be further from the truth, and some firewalls (even the high cost professional ones) have already been shown to suffer from their own vulnerabilities. Firewalls have a fundamental weakness. Just like the doorman at a nightclub, they can be bypassed. A rule allowing the web browser access the Internet for example, can be taken advantage of by malware that can hijack the browser. A weakness of desktop firewalls is that they can only monitor data that is processed by the communication modules of the operating system (WinSock). If a harmful program uses it's own communication module (it's own protocol stack) the firewall likely can't do anything about it. It's like showing up to the nightclub with your own door, that instantly installs itself to the back wall - letting you in for free.

Also, a firewall will do nothing to prevent you from receiving (or opening) a malicious virus or Trojan via email, any messaging program, Facebook, Twitter, downloading torrents, etc. You must understand that connecting your PC to the Internet carries with it a certain amount of risk. All of these measures simply help minimize the risks. Hopefully you realize that it has become increasingly important to know what is running on your PC.

Many people have asked me which software controls I prefer to keep their children safe from visiting sites with objectionable content. My answer is that most of these programs are not perfect, in that they use rules to determine access and these rules are far from fool-proof. Also, net nanny type software can be bypassed quite easily. If I have a Knoppix or Ubuntu (Linux) live CD, I can completely circumvent Windows, let alone any program running to filter (or record) access to the Internet. If you want to watch what your children are doing online, take their computer out of their room and set it up in an open space, where you can supervise them as needed. Keep in mind that any opportunity for them to access objectionable content outside the home or on mobile devices will nullify any steps you have taken.