BUSINESSWEEK ONLINE : NOVEMBER 15, 1999 ISSUE
TECH BUYING GUIDE -- INTERNET SERVICES

What's the Password? Hackers May Already Know
Firewall software is as important as a lock on your back door

It happened silently, without so much as a flicker or a beep to indicate that something was amiss. My computer had been hacked. There it sat on my desk, connected to America Online, as usual, while--unseen by me--an intruder rummaged freely through the contents of my hard drive. In less than 10 minutes--the time it takes me to make a cup of coffee--the hacker planted a computer virus that enabled him to intercept my online banking and brokerage-account passwords the next time I typed them in.

Luckily for me, this hacker was on my side. Nicknamed ''Fubob,'' he's a computer-network security expert at Massachusetts Institute of Technology. He agreed to attack my computer so I could see how it's done. The bad news: It's pretty easy to get hacked, especially if your PC is connected to the Web through an Internet service provider. Corporate networks have electronic barriers called firewalls that try to keep hackers away. But if you surf the Net from home or the road using a common ISP, beware. The barriers that protect consumer networks are generally much weaker, which makes your PC vulnerable to all manner of nastiness, from the password-gathering virus Fubob dropped on me to the copying of sensitive files.

After Fubob made hacking look like child's play, I vowed to build a better wall around my IBM ThinkPad 600. I wanted more control over who sees personal data such as my e-mail address and Web sites I visit--two things direct marketers often glean without permission. I also wanted to find a way to block out banner ads, another unwanted intrusion.

Fortunately, software is available to address these concerns. I started with a personal firewall called AtGuard from Seattle-based WRQ Inc. Symantec Corp.'s $59.95 Norton Internet security 2000, due out next month, will include ATGuard's firewall along with anti-virus and parental control software. I turned on the firewall. Then Fubob started a fresh assault. It took him only a few minutes to find my Net address and begin probing the firewall. I could tell he was out there: A counter on the AtGuard toolbar keeps a running tally of the number of times the firewall blocks a communication. My counter started clicking like the Dow on a heavy trading day.

After half an hour and more than 50 attempts, Fubob sent me an e-mail declaring himself foiled by my firewall. Relieved, I turned it off. Wrong move: Less than a minute later, I got another e-mail from him: ''I'm in your machine :-)''

The lesson? Once you've got a firewall, keep it on. As long as you're connected--and that's all the time with cable and DSL--you're vulnerable to getting hacked.

Two other firewall products performed similarly, foiling Fubob each time: ConSeal Private Desktop ($49.95) from Signal 9 Solutions Inc. in Kanata, Ont., and BlackIce Defender ($39.95) from Network Ice Corp. in San Mateo, Calif.

GLUT BUSTER. Now for the banner ads. If these firewalls could keep Fubob at bay, marketers should be no sweat, right? Absolutely: In the AtGuard and ConSeal programs, I just clicked on the ad-blocking control button. The results were immediate: Web pages downloaded faster; the line was no longer clogged with the growing glut of banner ads.

Finally, my third goal: blocking cookies, which many Web sites drop on your hard drive when you visit them. Not all cookies are intrusive. The small bits of text enable Web sites to present you with personalized screens showing you, for example, your favorite stocks. But I want to choose the sites I share cookies with. Cookie Pal, a $15 download from Kookaburra Software, and other cookie blockers can help give you that choice.

Is a firewall in your future? Don't think twice. Consider this: The National Computer Security Assn. says roughly 1 in 20 computers connected to ISPs has been penetrated by hackers. Some security experts say the number is closer to 1 in 10. With a personal firewall, you can defend yourself from the roaming hordes of Information Highwaymen.

By PAUL C. JUDGE

_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _

BACK TO TOP
A Cyber-Arsenal for Road Warriors

TABLE: New Workaday E-Services

There's No Place Like Home--for Web Helpers

What's the Password? Hackers May Already Know



INTERACT
E-Mail to Business Week Online

 
Copyright 1999, Bloomberg L.P.
Terms of Use   Privacy Policy