DE-'BUGGING' COMPUTERS

December 2003
		The Internet has facilitated global communication like never before but also created the need to secure computer networks from viruses and worms. Two security experts on the front line of the battle against these computer "bugs" answer your questions.

Online NewsHour Special Report: Computer Worms and Viruses Forum Introduction I read a lot about vulnerabilities embedded in Web browser code that enable sending data through ports that are normally open and assumed to be safe by most firewalls. Is this a true threat and how serious is it? Have any viruses or worms arrived in .txt or .jpg or PDF files? These are files that by definition have NO executable code and are hence, treated as data and nothing else. Are there NO files that can be safely opened on a PC? I noticed that all of the worms identified on the newshour are w32 ... what responsibility for this security problem should be assigned to Microsoft? Is the ZoneAlarm security program effective against worms? Before switching to a DSL connection, with a (Linksys) wireless router, I always used a (ZoneAlarm) firewall. Now, however, I have been told by many people that there is no need for the firewall as the router serves that function. Is that true, or do I still need a firewall? I have installed a new program for fighting spam - Spam Inspector. It seems to be quite good. My question is that it looks as if the spam is opened (by the spam fighter) to determine if it is spam. Does that opening make me vulnerable to virus attack? Are there free firewalls available on the Web that do the job?	Derek Crowhurst of Wollongong, New South Wales, asks: My question is: Is the ZoneAlarm security program effective against worms? I have had this program operating on my system for 2 years and have not had any problems so far. Larry Rogers responds: Derek: Some of the methods that worms use to spread are stopped by hardware and software firewalls. The techniques that firewalls use are only allowing specific ports to pass through the firewall and further filtering based upon the content of the ports where access is allowed. ZoneAlarm is one such product that can do port and content filtering. However firewall programs can do little with respect to email-borne viruses and worms. Multiple layers of defense (hardware and software firewalls, AV software, staying current with patches and upgrades, and good usage practices) are still the best defense, and even then, unexpected things can happen. That doesn't mean not to have multiple layers. Rather, you need realistic expectations of what these layers can achieve. Jim Feeney of Palo Alto, Calif., asks: Before switching to a DSL connection, with a (Linksys) wireless router, I always used a (ZoneAlarm) firewall. Now, however, I have been told by many people that there is no need for the firewall as the router serves that function. Is that true, or do I still need a firewall? And, if I still need a firewall I assume it should be on every computer connected to the LAN - true? I do run (Norton) virus protection, which I set to auto-update weekly. Larry Rogers responds: Jim: The more layers of defense the better. On my home network, I have a router/firewall and a software firewall on each individual machine. And, they are of different brands so that a vulnerability on one is not necessarily also present on any other. I attach my laptop to different networks when I travel. I need and have a firewall that enforces a consistent policy no matter where it I go. Where is your wireless access point? Is it internal to your router or external? If it is internal, then your computers do not benefit from the hardware router/firewall and therefore need this extra protection. Let me recommend that you update your AV signatures at least daily and perhaps even more often. Some of the more recent viruses and worms spread very quickly, sometimes even too fast for the AV signatures to be effective, but not always. A week between signature file updates is too long according to most recommendations and I heartily concur.