Home PC users are starting to catch on that surfing the Net requires a certain level of protection, security software makers say.
"Folks are starting to see that firewalls are as important as antivirus," said Tom Powledge, group product manager for Symantec. "I think there is, for many, a sense of urgency."
On Tuesday, Symantec announced the latest release of its Norton Internet Security suite. Included in the software package are a personal firewall that blocks unwanted scans, an application sandbox that notifies people when an unauthorized application attempts to send data out to the Net, and the company's flagship antivirus program.
Overkill? Not these days, said Gregor Freund, CEO of ZoneLabs, which gives away its personal firewall ZoneAlarm for free.
"If you are not connected to the Internet, then you don't need a firewall. Otherwise, you do," he said, adding that the damage from a virus or online vandal is not just virtual. "If you lose your data and identity, the ultimate impact on your life is real."
Although many people believe that only broadband users need a personal firewall, Powledge stressed that anyone connected to the Internet needs protection.
"There is no technical difference between someone being able to see your computer from the outside when you are on a modem or on DSL, except that you are not on as long," he said.
Such concerns may be the reason home PC users should load personal firewalls onto their computers, but the spread of the Code Red worm and the SirCam email virus are the reason for an upswing in firewall sales this summer, according to Amazon.com.
The online retailer announced Monday that sales of Norton AntiVirus 2001 jumped 112 percent in one week to the No. 1 spot on both the Amazon.com software prepackaged and download lists in late July. The surge in sales took place after Code Red started spreading across the Net.
Despite the reaction to such threats, though, a large number of home PC users are still unprotected.
"For consumers, no matter how many times you indicate to someone that they ought to have antivirus software and a firewall installed, they have to be in the right mindset or they don't do it," said Eric Hemmendinger, research director for information security at the market analysis firm Aberdeen Group.
The government-sponsored Computer Emergency Response Team (CERT) Coordination Center released on Tuesday a summary of incidences from the early summer and warned that home PC users must wake up to the threat.
"Many home users do not keep their machines up to date with security patches and workarounds, do not run current antivirus software, and do not exercise caution when handling email attachments," read the information security group's statement.
And in July, CERT warned home PC users that they need to take security more seriously.
"Intruders know (that home PCs are insecure), and we have seen a marked increase in intruders specifically targeting home users who have cable modem and DSL connections," the advisory stated.
A firewall in every den
While such dire predictions are good news for makers of personal firewall software, a widespread solution to the problem--the inclusion of a barebones firewall in Microsoft's next-generation consumer operating system, Windows XP--may threaten that market.
"The personal firewall market is dying and is going to be dead with Windows XP," said Robert Graham, lead architect for network protection company Internet Security Systems. "That doesn't mean that those products will go away, but they will migrate to different markets."
A firewall's ability to close off access to certain data channels, commonly known as ports, will become a standard operating system feature, Graham said.
Yet others assert that Microsoft's spotty past on security may mean that few will trust the included software.
"Microsoft's track record...is one of 'we don't get no respect.' And in this case, it's deserved on their part," Hemmendinger said.
Worse yet for the uneducated home PC user, Powledge said, is that the firewall in Windows XP could make matters worse, not better.
"I think that the firewall in the operating system is rudimentary. And unfortunately it will provide a false sense of security," he said. "Unfortunately, you can set up that firewall and feel you are protected against the range of threats on the Internet--from Trojan horse, from spyware--and you are not.
"That is a really key problem for that product."