Illustration: Tavis CoburnFirewalls provide an essential layer of protection by blocking the port probes and scans that some bad guys and worms use to decide which PCs are vulnerable to attack. But firewalls aren't foolproof.
Even one from a reputable company can be leaky if it's misconfigured, and a holey firewall combined with an unpatched copy of Windows could permit malicious hackers to break into your system. But a good firewall does its job in the background. So how do you know whether all is quiet because your firewall is operating perfectly or because the hackers just haven't yet spotted your vulnerable system? It's best to test the firewall yourself. (If you don't have a firewall, check "Step-By-Step: Bulletproof Your PC With a Software Firewall" for a list of free ones and for tips on installing them.)
I use several free sites to test my firewalls. They all work similarly: The Web site runs a script that scans the ports at your computer's IP address. If your firewall is properly configured, the test results usually will show that no probes from the scan made it through to your computer. If you run a Web server from your PC, or other software (like an online game) that listens for requests from the Internet, and you've opened a port in the firewall for that program, a scan will show the port as open.
Sygate Online Services Security Scan is one of the most comprehensive scan sites. It offers six varieties of scans, though for most people the Quick Scan or Stealth Scan--which takes less than a minute--will be sufficient. The truly paranoid can choose to scan every well-known port, but that takes 45 minutes.
Once I've run the Sygate test, I head to Audit My PC for its privacy scan. In addition to testing the firewall itself, Audit My PC tests your machine for other vulnerabilities. The privacy scan reveals the weaknesses in your browser and identifies the kinds of information that any Web site can find out about you. The site also explains how to fix the problems.
Last on my list of scans is RV10scan, the real-time service from Qualys, which can be found on Vulns.com. RV10scan not only looks at the port, but also sends commands to the port to see how the computer responds. It effectively figures out which buggy parts of your Windows installation are unpatched--and which spots in your firewall may not cut the mustard.
Once your firewall passes the RV10scan, you can put your feet up, lean back, and breathe a well-deserved sigh of relief.
Andrew Brandt is senior associate editor for PC World. E-mail him at privacywatch@pcworld.com. Click here to read more Privacy Watch columns.
Ad Choices