Welcome back to the Tool Bar & Grill. I wish I could stay – but I just saw Mark Lautman heading into the Linux Lounge with a gas can, some rags, and a lighter. So I decided to evacuate the Tool Bar & Grill and leave the place entirely to Mark today.
Playing with Fire
by Mark Lautman
There is something a little disturbing about names of computer products. We have “firewalls” and CD “burners.” A label manufacturer has a product called Afterburner, and a large retailer offers an in-home computer installation and repair service called Firedog. Is it just me, or does everyone seem to detect an underlying attraction to arson in the personal computer world? With all these latent firebugs using computers, we better start talking about computer security.
Jonathan wrote about the absolute necessity to install a firewall (see posts #6 and #66), and offered a few recommendations for Windows users. Linux users, while normally docile and tame, and who would never, ever consider hacking into someone else's computer, need to be protected as much as anyone else.
The easiest Linux firewalling tool to use is Firestarter (a name which only proves my point about PC-induced pyromania). This product installs easily into Ubuntu, and provides a very clear and usable window for establishing firewall rules. This is what happened when I added a rule to block outbound traffic to the Tool Bar's Web site.
Firestarter is easy to use and works beautifully, but it doesn't have many of the features available in modern firewalls. For example, it doesn't provide detailed filtering to precisely examine many fields in an IP header. In addition, Firestarter won't automatically “learn” firewall rules by asking you to approve or deny an attempt by a program to use a network connection.
iptables provides an additional level of protection. You can create rules at a very specific level, combining source and destination IP addresses, ports, protocols, incoming and outgoing network interfaces, and almost any field within an IP header. To make things even more complicated, iptables allows “chains” of rules. After examining a packet, you can instruct iptables to move the packet through an additional chain of tests to determine if the packet is allowed over the network. Below is a simple IP rule that blocks outgoing traffic to the Tool Bar's Web site.
iptables lets you build a very tight firewall, but it still doesn't “learn” firewall rules like Comodo or ZoneAlarm. A tool similar to iptables is shorewall, which also uses the command line to build tables of firewall rules.
Next week, we'll continue exploring other Linux security utilities, including some that do learn firewall rules. In the meantime, be sure you hide all your matches and gasoline! —Mark Lautman
Regrettably, due to work and travel pressures, I (Jonathan) was unable to provide you with a detailed utility or Web site review this week. I'll be back next week, though, with a special issue. Meanwhile, this update on essential security software:
More Firewall Woes
Comodo Firewall Pro version 3 had everything going for it – top test scores, glowing reviews, built-in self-educating HIPS (host intrusion protection system). And Comodo recently took first place again in the Matousec firewall tests. However, I have had a lot of trouble with Comodo 3 (see post #66 for a recap and links to previous posts about Comodo.) It still annoys of me with very frequent pop-up questions about programs that it should recognize already, and its apparent habit (often after being updated) of forgetting some of my previous answers to the same authorization questions. It’s bad enough to be asked every time about, for instance, Windows Media Player or Windows Update. But it was the last straw when Comodo even failed to recognize its own updater, and nagged me with multiple authorization requests just to update itself.
As soon as I have a bit of time, I'll experiment with other firewalls again – perhaps the slightly lower-ranked Online Armor (though the free version is not Vista-compatible) and add the well-regarded ThreatFire for HIPS projection.
I have been using Avast! Home 4.8 antivirus for several weeks, and I am quite happy with it. Avast! consistently ranks very highly in comparative tests, includes all the main functions you want (real-time scanning, email scanning, daily updating, etc.) and also includes anti-spyware and anti-rootkit features (though I'm not sure if these are as good as stand-alone products). Avast! is unobtrusive, and best of all, the Home edition is free. The main drawback appears to be heavy processor and memory usage, so Avast! might not be the best choice for weak computers. However, among the top three free antivirus products (the others are Avira AntiVir Personal and AVG Antivirus Free), Avast! so far has gained a slight edge in my opinion.
Please come back for my recommendations of great utilities and Web sites and Mark’s Linux wisdom. Do tell all your friends about us too, and support this blog by visiting our advertisers! Finally, feel free to share your thoughts by clicking on “comments” below or writing to firstname.lastname@example.org.