Fix My Broke PC!

We learned in my previous post that a firewall is only good if we, as the user, manage the program correctly. Microsoft now bundles Firewall software in their operating systems starting with Windows XP SP2. Windows XP SP2 and older operating systems are no longer supported by Microsoft, If you are running any operating system less than Windows XP SP3, you should look into upgrading for security purposes. Here we will go over a few quick and easy ways to check your firewall settings in Windows to Make sure they are satisfactory for your internet use. Please note, if you use a third party firewall, such as Zone Alarm, these settings will not apply to you. If you are unsure of what firewall you are using, please contact your local computer technician for assistance.

Windows XP

• Verify the XP Firewall is turned on
  • Click Start
  • Click Control Panel
  • Click Security Center (If you are in classic view you will not see this option)
  • Click Windows Firewall (double click in Classic View)
  • Verify that your Firewall setting is set to On (recommended)
  • The “Don’t allow exceptions” box should only be checked if you really want to lock down your firewall
• View the programs that are marked as Exceptions to being blocked
  • From above location
  • Click on the Exceptions tab at the top of the window
  • The Program Name that is allowed (or denied) is listed here, if the check box next to the name has a checkmark in it, Windows has allowed that program to be able to communicate over the network. If it does not have a check box, it is currently being blocked from accessing the network.
  • Scroll through the list and see if there are any Program names that you may not want to be able to access the internet. Be careful when unchecking boxes here, it could turn off network access to something that you really wanted to be able to access.
• Add a program to the exception list
  • From above location
  • To add a program to your allow list
    • Click add Program
    • Select your program from the list provided, or click Browse… to browse to your program
  • To add a known Port for your program
    • Click on Add Port…
    • Fill in the Name with a recognizable name for you (I.E. Quake 3 Arena)
    • Fill in the Port number and select TCP or UDP depending on traffic (You can usually find this information by googling firewall and the program name)
    • For advanced use, if you only want to allow access to certain IP ranges, or just to your network, not external (internet) networks
      • Click on Change scope…
      • Select your option that you fit is best. You can use a custom list here. If you require a custom list, you probably should already know how to fill it out. For most users, selecting either “Any computer” or “My network only” should be sufficient.
      • Click OK
    • Click Ok
• Advanced Tab Settings
  • By this point, you may be wondering about the advanced Tab
  • Click on the Advanced Tab
  • Here you will see a list of Network Connections for your machine. The Network connections that are checked have Windows Firewall currently protecting those connections. If they are unchecked, that network connection is unprotected.
  • Feel free to look around at the rest, just remember not to make any changes here unless you are sure of what you are changing.

Windows Vista

• Windows Vista is kind of a cross between Windows 7 and Windows XP. I currently do not have access to a Vista machine to write up an adequate step by step guide, so I am going to link you to a good article (not so much step by step) explaining the settings available in Windows Vista.
  • The Windows Vista Firewall

Windows 7

• Verify Windows 7 Firewall is turned on
  • Click the Windows Button
  • Click Control Panel
  • Click System and Security
  • Click Windows Firewall
  • Verify Windows Firewall State is set to On
    • Notice in WIndows 7 you have Home or Work Network and Public Network
      • Public Networks should be used in unsecured wireless places
      • Home or Work Networks should be used when you are at home or work, or a trusted secure site
  • To turn on Windows Firewall
    • Click Turn Windows Firewall on or off
    • Select Radial buttons to turn on or off Windows Firewall
    • Select the Check Box for Notify me when Windows Firewall blocks a new program (this will let you know if a program is being blocked)
    • Only check the box for Block all incoming connections even to allowed programs only if you want to shut down network traffic
• View the programs marked as exceptions to be blocked
  • Click Allow a program or feature through Windows firewall
  • The Program Name that is allowed (or denied) is listed here, if the check box next to the name has a checkmark in it, Windows has allowed that program to be able to communicate over the network. If it does not have a check box, it is currently being blocked from accessing the network. Notice how you can configure the selections for separately for Home / Work Network and for a Public Network.
  • Scroll through the list and see if there are any Program names that you may not want to be able to access the internet. Be careful when unchecking boxes here, it could turn off network access to something that you really wanted to be able to access.
• Add a program to the exception list
  • From above location
  • To allow a program to your allow list
    • Click Allow another program…
    • Select your program from the list or click Browse and navigate to your program.
    • Click OK
  • To allow a known port for your program
    • Click Advanced Settings in the left column
    • Click Inbound Rules on the left
    • Click New Rule… on the right
    • Select Port from the radial box
    • Click Next
    • Specify your port(s) and whether you want TCP or UDP
    • Click Next
    • Select the radial box appropriate to your needs, most likely choice is Allow the connection
    • Click Next
    • Uncheck any boxes that you don’t want to be able to access the open port
    • Click Next
    • Describe the Open Ports (like what program you want in there)
    • Click Finish
• Advanced Settings
  • The advanced settings in Windows 7’s Firewall is far superior to Windows XP’s. Here you can use wizards to add or remove ports, programs and view advanced Firewall logs and settings. Feel free to look through here, but it may be best not to adjust these settings unless you told to do so. The link found above in Windows Vista Firewall explains some of these more advanced settings.

I started this question out with, what is a firewall? This is a computer shop, we are not talking about the wall that is built to resist fires. Although it does hold sort of the same meaning. According to Websters, a firewall is “computer hardware or software that prevents unauthorized access to private data by outside computer users.”

So what does this really mean? A firewall can either be software based, a program you install on your computer, or hardware based, a device that is physically plugged into the network at the point where another network would access it. (On a side note, today most household internet routers are hardware based firewalls but are usually turned off by default. You can check your manufacturers website or users manual for information on how to configure the firewall.) Another network is most commonly the internet for household users. In larger business scenarios, another network could be another office location or another department. A firewall is used as a filter to block or allow network traffic based off a set of rules. The set of rules is defined by the user! This sentence is very important, hence the bold. The network traffic can block unauthorized activity as long as it is properly set. The problem is, every network is different, and so is what applications a user uses to accomplish their tasks. For Instance:

• User A uses Program C to complete Task F
• User B uses Program D to complete Task F

Both parties accomplished the same task, but in different ways. That is why it is important that each firewall is treated in a different manor. If you turn on maximum protection on your firewall, you may notice that things like email, instant messengers, or other programs may not be able to communicate over the internet. They do a fantastic job at protecting your computer, but can be an inconvenience if the security is too high. On the other end, if you open the firewall up to allow programs that you don’t use, or relax it to allow any traffic in and out, you have defeated the purpose of having the firewall. A relaxed firewall is convenient for the user, but opens the computer up to the same security risks as not having a firewall in the first place.

So to answer the big question, yes, a firewall is required and should be used to block unauthorized activity from entering or leaving your computer. Examples on why you would want a firewall are:

• A malicious application would be able to transmit data from your computer to the attacker.
• A malicious user could use open ports (unprotected) to access your computer externally to install or retrieve data from your computer.
• A child, or other user, could install software that is used for peer to peer sharing and could accidentally share out the wrong data.

The list goes on, but I hope this helps you grasp the idea.

Part 2 will come next week for learning how to manage your firewall in Windows Vista / 7, and what to do about the built in firewall in XP SP2, or SP3.

Have you ever been on vacation, or at work, or even over at a friends house, and wished you had access to your computer for any reason? There are numerous simple programs that you can use to accomplish this task, and each with their own features. Today we are going to go over, non-commercial use, features of a few of my personal favorites; Logmein and TeamViewer. (I included GoToMyPC Features and a quick blurb on why I did not trial their service.)

Here is my scenario for what I was looking for: I have multiple computers that I use. I have multiple Windows machines ranging from Windows XP to Windows 7 and I have one Macbook. So I was looking for something that worked with both the Mac and the PC. I also have a few friends that I wanted to support that use Windows and Linux, so I wanted to research how I would be able to assist them as well with this. All three of these platforms are compatible with the PC and Mac. Now there are other programs you can use, like VNC, but they usually require some sort of tweaking in firewalls or routers to get them to work from outside internet access. This post is looking at simple, easy to install and use remote access. One of the three remote access program even covers Linux! LogMeIn has a free version and a paid version that increases the amount of benefits you can get from the program. So here goes!

LogMeIn has, by far, been my favorite. You sign up for an account at LogMeIn’s website and click on Add Computer. When you initially start, it automatically installs the Pro version under a 30 day trial. You can try the extra features out for a bit if you would like to, then to change it over to the free version you click on Properties next to the computer name, go to Subscription and change the subscription in the drop down box to free. Okay, back to the review! After installing I was able to log in to my LogMeIn account (first set of login credentials needed). Then when I went to remote access my computer, I was asked for my computers credentials (second set of login credentials). The speed was very reasonable and I was able to remote access my computer from a Mac and from a PC. I looked at the Security settings in the Program and found that I could also set a “computer” password (third set of login credentials). After verifying your second set of login credentials, you would be prompted with Random characters from your “computer” password that you have to select from a drop down box. I found this to be an awesome addition to the already double credential login. (Plus it helps prevent hacks from key loggers as you are not typing keys but selecting from a drop down box. Meaning, if you HAD to remote into your computer from a cyber cafe, or a public computer, you could feel a little better about doing so.) The Free service allows you to install the service on as many computers as you want, so if you want to be able to “assist” friends and family, you can get their permission to install it so you can. To top it all off, for a $29.99 fee, you could purchase the LogMeIn iPhone app to remote control your computers from your iPhone. So far this has been the best service I have found. Their service provided quality speed, good service, and has been reliable.

GoToMyPC is the priciest, and thus because of the cost, I did not review their services adequately. The Citrix online company is the only one that did not have a “free” service for consumers. They also won’t allow you to test drive their software without putting in your Credit Card data. I have heard a lot of people speak well about the speed and functionality of GoToMyPC, but we’ll have to leave that one to someone who has more money on their hands and wants to play with something different. I prefer more features for a lesser cost.

TeamViewer is the only simple remote access program that also covers Linux. Once installed, it assigns an arbitrary number and a random password. The number you will have to memorize, because that is the number you will need when trying to access your computer using another TeamViewer. Unless of course, you use their online web application. It is optional and you can sign up for it from their website, input your number, and assign a description to simplify the access to your computer. The random password can be regenerated at will, or after each connection. You can also assign a static password so that you won’t have to worry about not having the next random password in the list. The random password is helpful when desktop sharing with other friends and family or providing remote support. Remote connecting into a computer requires that either you have the logon credentials for the optional web app, and then the password to connect to the remote computer. Or, you can just download the TeamViewer application and type in the arbitrarily assigned login and either the set password or random password to login. Using the web app, you still have 2 credentials to verify, however, with the TeamViewer application there is only 1. Unless of course you already have your computer password protected, which you should, and as long as it is locked. If you are using it at the time when you remote in, you come in right where you are at. They also have an iPhone app that is free, and you can put your arbitrary number and password in to connect to your remote computer. I was not impressed with the screen refresh rate (set at Auto) within TeamViewer while remote controlling another computer. We were both connected via DSL and it just seemed to crawl.

Feature Chart:

My recommendation is to look over the list and see what best fits your needs. I like TeamViewers ability to provide remote support, without installation, for free. I am not keen on the security of allowing TeamViewer run 24/7 on my computer with the current lack of security features it has. For providing needed remote support, the security is fine, just make sure you close out the program when done. LogMeIn’s additional security features give me a “warm fuzzy” feeling, and thus I don’t feel as bad running it on my computer 24/7. If you have any other services like the above mentioned, please provide your own review and if possible compare some of the features to the services provided.