Computerworld - They come under different names -- SubSeven, NetBus, Deep Throat, Back Orifice or the recent Mydoom -- but they share a common trait: They open a back door to an infected system. You wouldn't leave the back door of your home or business open to intruders, and your computer merits the same prudence.
Most commercially available antivirus products will detect known worms and Trojan horses that open back doors, but malicious code evolves rapidly, and new, more sophisticated threats surface daily. Worms can spread very quickly, and antivirus vendors aren't always able to develop and disseminate updates in time to prevent a major outbreak.
Personal firewalls for antivirus software
Like their malicious-code nemeses, personal firewalls have evolved dramatically. Today's breeds go well beyond protecting against unauthorized intrusions from hackers and crackers. Current offerings actually complement your antivirus software by protecting against malicious attachments and alerting you if certain applications or operating system components have been modified.
Some, like Outpost by Agnitum Ltd., will even prevent users from visiting illegal or inappropriate Web sites. In the event that a fast-spreading worm with a backdoor component avoids detection by your antivirus software, you might still be able to detect it if you use a bidirectional firewall, since the bidirectional firewall will alert you when an unauthorized program attempts to connect to the Internet. The following is an example of how this would transpire:
Let's assume a Trojan horse arrives via e-mail. If you're using a personal firewall, such as Agnitum's Outpost Pro or Zone Lab Inc.'s Zone Alarm Pro, the suspicious attachment will be renamed so that you don't inadvertently open it. However, if that Trojan horse were to infiltrate the system, the personal firewall would warn the user about any connection or port that the Trojan horse attempts to open or use. The user would then provide an appropriate response.
In addition, many personal firewalls display all applications that attempt to access the network, allowing users to trace the local path to these applications. If that Trojan horse attempts to impersonate a trusted application by masquerading as one of its components or injecting malicious code into its working space, the personal firewall will alert the user. Nearly all the major players in the personal firewall arena offer this type of application protection.
Downstream liability protection
We live in a litigious society, and lawsuits are a lamentable fact of life. If your computer is compromised by a backdoor worm or Trojan horse and then used along with hundreds of others in a
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
