Letting software do its job

Recently I changed my personal firewall software. I was using the default Windows7 Pro firewall, which is fine for basic stuff, but I found a deal on one of my favorite security suites, so I went ahead and sprung for it. One main befuddlement people have with additional firewall software is the amount of nagging it often does when it’s first installed. You open your email client – popup – “program X is trying to communicate on port Y would you like to allow this?” You click yes, and move on. You open your instant messaging client and again – popup – “program X is trying to communicate on port Y would you like to allow this?” This can be annoying but this is usually the training mode of the software, it’s trying to learn what software you use, and it’s relying on you to make educated decisions on whether that software is really what you’re trying to run.

Usually firewalls only do this when they are initially installed and are in their “learning” modes. I usually keep it in “learning mode” for about a week to ensure I cover the plethora of software that I’d typically use. Then I go into lock down mode – blocking all other outbound and inbound traffic. Most people will only resort to a middle ground where most of the known ports are allowed, and others are not.

But this “learning” time period can also be beneficial. It will ask you whenever any program tries to communicate in/outbound – so if you start getting warnings when you’re not actively trying to run a program, then pay close attention to what program is trying to communicate. If it’s not a Microsoft service (windows) or some other service from a trusted source, then most likely it’s malware that’s been residing on your system for some time and you probably didn’t even know.

Most of this is beneficial to you home users, but it can also help those in the IT departments as well. It’s a good learning tool to help those just starting out to realize that there’s a lot more going on than you might expect. There are a lot of underlying communications that can occur especially in the corporate environment. So use these “learning” sessions to help educate yourself, for home and work life; and those in IT should be making notes of what is trying to communicate, and compare those with the known services that your company is running. Once you’ve determined all the proper services and software – opt to block all other in/outbound communications. You should document this in a policy and keep records of this. The last thing you want happening is not knowing what could potentially be coming or going from your networks.