(Note: Ken Crandall, our skilled Facilities Coordinator who with his crew of helpers
Keeps our Phantom Lake School classroom computers up and running,
Describes ongoing improvements in our equipment, how they work, and what they mean.).
Firewalls and Virus
Checkers, What’s the Difference?
By KEN
CRANDALL
(Facilities
Coordinator)
At our SeniorNet Computer Learning Center, Puget Sound, we have recently addressed the use of "firewalls" and "virus checkers". Some have asked, what is the difference? I hope that this somewhat simplified message will help clarify the differences.
Firewalls:
When you connect to the Internet, you are automatically assigned an URL (Uniform Resources Locator) address. This is needed so the sites that you visit know where to send the information that you request (even if it is only your home page information). Once this URL address is assigned, anyone using the Internet can connect to your computer using that address. To make it easier to connect to a computer on the Internet, hackers have developed software tools that allow people to scan many random addresses in a very short time hoping to find a computer that they can connect to. Once they have gained access to your computer they do whatever your computer will allow them to accomplish. It is possible to read your data or to plant a Trojan horse program (see virus discussion below).
A good firewall program will accomplish two tasks: First, it will only allow programs that you accept to connect to the Internet. Thus you will be requested to allow Microsoft Word (or some other program) to connect to the Internet. You can choose to allow the program to connect all the time (as you would for your Internet browser or e-mail program), only when approved on a single use basis (as I do with Microsoft Word), or you can prevent to program from connecting to the Internet. This may seem overly complicated, but it prevents Trojan horse programs from automatically sending out information about your computer since you should never allow any program that you do not know to have access to the Internet.
Secondly, the firewall only allows the responses to your Internet inquiries to connect to your computer when you are using the Internet. This blocks these un-wanted access requests to your computer by hackers.
In summary, a firewall is used to control access of programs from your computer to the Internet (you determine which programs can access the Internet) and the others on the Internet to gain access to your computer (only the Internet sites that are responding to your inquiries can access your computer).
Viruses, Trojan horses, and
Worms:
There are people who write malicious programs and they try to place these programs on your computer (some programs will only slow down your computer and pop-up spurious messages. Other programs can cause serious damage like erasing everything on your hard drive). Three general categories of malicious programs exist.
Viruses were the first. They contain a short string of malicious code and they attach this code to all other programs that you normally use (like a word processor). Then they become active whenever you use an infected program and will spread to as many programs as they can. This method of spreading the malicious code, by infecting good programs, resulted in these programs being called “viruses”.
Trojan horse programs are so named because they were often attached to another program (i.e. a game) that you might download and run on your computer. In addition to the game that you wanted, these programs contain other elements that can look up your passwords or other sensitive data and send it to the program’s originator whenever you connect to the Internet. Trojan horse programs can also be transmitted via e-mail or can be downloaded along with other data that you get from the Internet. Good firewalls can prevent Trojan horse programs from gaining access to the Internet.
Worms are so called because they spread by using you e-mail address or Local Area Network book to re-transmit themselves to other computers.
Any of these programs are capable of destroying data on you computer or causing other serious compromises to your computer. Anti-virus programs (e.g. McAfee, Norton, and other manufacturers) have been designed to detect and eliminate these classes of programs. These programs must be periodically updated (or automatically updated if the program allows it) to keep current with new malicious programs.
A shortcoming of these programs is that any new viruses must first be detected on some computers, and then sent to the anti-virus manufactures for determination of how to detect and eliminate the malicious code before updates can be made to their program datasets. Therefore you are always at risk for a short period of time. This leads to a rule that I use. I never open an e-mail attachment from anyone I don’t know well. Secondly, I always virus check attachments before I open them. In addition, I often put attachments that I have not been expecting, into an isolated folder and wait a couple of weeks and then virus check before I open them. This allows the virus-checking routines to be updated for any latent viruses.