By design, firewalls are supposed to help secure your network. They prevent hackers from accessing your workstations. Software-based firewalls on workstations, when properly configured, can even prevent applications from accessing the Internet.
Even though they can add a layer of security, applications can hijack legitimate applications like Internet Explorer and use them to access the Internet without your knowledge, thereby leaking valuable information to the Internet. Here’s how to configure ZoneAlarm Pro to keep Internet Explorer from leaking data.
What’s ZoneAlarm Pro?
ZoneAlarm Pro, from ZoneLabs, is a software-based firewall that you install on the workstations on your network. It analyzes incoming and outgoing packets on your workstation and can either block or grant requests based on the rules you set.
Currently, ZoneAlarm Pro is in release 4.5. Single licenses cost $49.95, with a sliding scale discount applied to multiple licenses. Update and support subscriptions cost $19.95 per year for a single license (the first year is free), with graduated discounts for multiple licenses.
To find out more about ZoneAlarm Pro, see the article “Defend your workstations with ZoneAlarm Pro”.
How can Internet Explorer leak data?
You may have heard of a tiny program called TooLeaky; it was written to prove the author’s belief that firewalls controlling outbound connections are in fact vulnerable, despite their claims to the contrary. (Actually, the word he uses is “useless.”)
When TooLeaky is run, it accesses Internet Explorer in the background, which means the process is invisible to the user. TooLeaky uses IE to transmit and receive info from another Web site. Thus, it appears to punch right through ZoneAlarm’s firewall. Though this particular test is harmless, you can quickly see how such a procedure could be used maliciously.
In fact, TooLeaky is easily blocked with ZoneAlarm, but to do so requires that you never trust IE (you probably don’t, anyway). Open the ZoneAlarm Pro Control Center and click Programs from the Menu Bar. Highlight the entry for Internet Explorer. Finally, double-click, in turn, the Trusted and Internet zone entries and change permissions from Allow to Ask (Figure A). Subsequently, a program such as TooLeaky will raise an alert. If you didn’t initiate the access, deny it. TooLeaky, and programs like it that try to hijack Internet Explorer, will be neutralized.
|Changing IE’s program settings from Allow to Ask will thwart any programs that attempt to commandeer the Web browser behind your back.|
It’s not as much of a pain as it sounds
Although such a change might sound like it will cause Internet Explorer to become annoying, the setting isn’t too onerous. ZoneAlarm will only ask for permission once during each session. That’s not a bad tradeoff between security and convenience. Consider the golden rule of security: trust nothing.
If you’re game, remove the Allow setting for all your Web browsers and e-mail applications, such as Opera, Outlook, and Outlook Express. And remember: though ZoneAlarm Pro is a highly-rated, highly-configurable software firewall with many useful features, at the end of the day, security is only as good as the security guard. Which isn’t the software—it’s you.