Home PC users are starting to catch on that surfing the Net requires a certain
level of protection, security software makers say.
"Folks are starting to see that firewalls are as important as antivirus,"
said Tom Powledge, group product manager for Symantec. "I think there is,
for many, a sense of urgency."
On Tuesday, Symantec announced the latest release of its Norton Internet Security
suite. Included in the software package are a personal firewall that blocks
unwanted scans, an application sandbox that notifies people when an unauthorized
application attempts to send data out to the Net, and the company's flagship
Overkill? Not these days, said Gregor Freund, CEO of ZoneLabs, which gives
away its personal firewall ZoneAlarm for free.
"If you are not connected to the Internet, then you don't need a firewall.
Otherwise, you do," he said, adding that the damage from a virus or online
vandal is not just virtual. "If you lose your data and identity, the ultimate
impact on your life is real."
Although many people believe that only broadband users need a personal firewall,
Powledge stressed that anyone connected to the Internet needs protection.
"There is no technical difference between someone being able to see your
computer from the outside when you are on a modem or on DSL, except that you
are not on as long," he said.
Such concerns may be the reason home PC users should load personal firewalls
onto their computers, but the spread of the Code Red worm and the SirCam email
virus are the reason for an upswing in firewall sales this summer, according
The online retailer announced Monday that sales of Norton AntiVirus 2001 jumped
112 percent in one week to the No. 1 spot on both the Amazon.com software prepackaged
and download lists in late July. The surge in sales took place after Code Red
started spreading across the Net.
Despite the reaction to such threats, though, a large number of home PC users
are still unprotected.
"For consumers, no matter how many times you indicate to someone that
they ought to have antivirus software and a firewall installed, they have to
be in the right mindset or they don't do it," said Eric Hemmendinger, research
director for information security at the market analysis firm Aberdeen Group.
The government-sponsored Computer Emergency Response Team (CERT) Coordination
Center released on Tuesday a summary of incidences from the early summer and
warned that home PC users must wake up to the threat.
"Many home users do not keep their machines up to date with security patches
and workarounds, do not run current antivirus software, and do not exercise
caution when handling email attachments," read the information security
And in July, CERT warned home PC users that they need to take security more
"Intruders know (that home PCs are insecure), and we have seen a marked
increase in intruders specifically targeting home users who have cable modem
and DSL connections," the advisory stated.
A firewall in every den
While such dire predictions are good news for makers of personal firewall software,
a widespread solution to the problem--the inclusion of a barebones firewall
in Microsoft's next-generation consumer operating system, Windows XP--may threaten
"The personal firewall market is dying and is going to be dead with Windows
XP," said Robert Graham, lead architect for network protection company
Internet Security Systems. "That doesn't mean that those products will
go away, but they will migrate to different markets."
A firewall's ability to close off access to certain data channels, commonly
known as ports, will become a standard operating system feature, Graham said.
Yet others assert that Microsoft's spotty past on security may mean that few
will trust the included software.
"Microsoft's track record...is one of 'we don't get no respect.' And in
this case, it's deserved on their part," Hemmendinger said.
Worse yet for the uneducated home PC user, Powledge said, is that the firewall
in Windows XP could make matters worse, not better.
"I think that the firewall in the operating system is rudimentary. And
unfortunately it will provide a false sense of security," he said. "Unfortunately,
you can set up that firewall and feel you are protected against the range of
threats on the Internet--from Trojan horse, from spyware--and you are not.
"That is a really key problem for that product."