Responding to rising security concerns, Excite@Home will announce an
agreement next week to provide personal firewall software to subscribers of
its cable modem access service.
@Home (ATHM)
officials declined to provide specifics on the announcement. But Jay
Rolls, vice president of network engineering, said the gesture was aimed at
giving users peace of mind.
“Even in the cases where we think they don’t really need it, we’re going to
endorse that as a thing you can do if you are really concerned,” Rolls said.
The move by @Home comes as personal firewalls, once a niche product, have
moved into the mainstream, mimicking some of the functionality of the
industrial-strength firewalls used by corporations to protect their networks
from external attacks. Besides blocking access attempts, many packages also
enable the individual user to identify the source of the attack.
Leading PC software marketer Symantec has added firewall functionality,
licensed from WRQ, to its Norton Internet
Security 2000 utility, which began
shipping last month. And ZoneLabs this week announced the addition of
firewall capabilities to its freeware Internet security tool, Zone Alarm
2.0.
Helping to spur interest in PC firewalls are recent media reports of tools
such as automated port-scanners coming into widespread use by recreational
and malicious hackers. These homemade utilities enable the hacker to perform
unattended probes of a range of Internet protocol addresses, examining ports
at each IP for vulnerabilities. Also driving adoption of firewalls is the
rise of broadband. Any Internet connection, including dial-up, is vulnerable
to probes from outsiders, but experts say always-on cable and Digital
Subscriber Line connections
present a more persistent target to attackers.
While the gesture by @Home may console some subscribers, putting personal
firewalls into the hands of inexperienced users could backfire. In many
instances, once the software is installed and begins notifying them about
attempted intrusions, users often find their worst fears are realized.
“It’s unbelievable. A typical user will report 10 probes per day, from
machines across the planet, from people they don’t know who are looking for
vulnerabilities in their machines,” said Steve Gibson, president of Gibson
Research Corp., a publisher of computer systems utilities who operates
a site that enables users
to test the
security of their Internet connections.
According to Gibson, almost a third of the nearly 1 million visitors to
the site break the cardinal rule of personal Internet security — they
needlessly have file and print sharing enabled on their Windows PCs.
For early adopters who have configured their PCs properly and use firewalls
to defend against port scans and other network attacks, there’s growing
frustration with the responsiveness of Internet service providers in
shutting down attackers. Ed Chaban, an @Home user Silicon Valley, added
firewall software when his cable-modem service was installed six months ago.
“Anytime I’ve tried to send off anything to abuse@anywhere, the only one
that has responded is my provider, @Home. At the others, it just seems to go
off into the bit bucket. And these are not just port scans. They are looking
for Back Orifice, and it’s obvious these guys know what they’re doing,” said
Chaban.
Some ISPs may be reluctant to pull the plug on reported port-scanners
because of the current legal ambiguity about port scanning. Eric Goldman, an
attorney with Cooley Godward, who has
assisted
numerous ISPs in drafting terms of service, said
courts have yet to rule on
whether merely scanning without entry or committing data theft constitutes a
violation of federal or state computer fraud and abuse statutes.
According to Goldman, some ISPs may appear unresponsive to scanning
complaints because its a new and still low-priority issue compared to gripes
about junk e-mail and other abuse.
“Most places’ abuse desk is swamped with all kinds of complaints and they
need to prioritize. And if it’s a choice between an unhappy customer who’s
getting pinged now and again and being put on the RBL (Realtime Blackhole List), guess
which one wins,” said Goldman.
Many ISPs, however, are on high alert about the possible threats to their
subscribers. @Home, for example, now requires subscribers to initial a form
at installation of the service confirming that the technician has disabled
file and print sharing.
John Navas, and independent telecommunications analyst, said the threat of
port scanning has been overblown by the media. He notes
that “spyware”
software such as Back Orifice or another trojan horse must be installed on a
PC for a port scan to result in a privacy compromise or stolen data.
“My fear is that ISPs are going to feel pressured into doing something
drastic, and that’s going to make the Internet much more restrictive even to
people trying to do legitimate things,” Navas said.
Others however are calling on ISPs to do more and take action at the network
level, by filtering external attempts to access certain ports on their
users’ systems. Rolls of @Home says “chasing ports” is a losing battle.
“The more scrutinizing and blocking you do, the more overhead on the
network. And the last thing you want to be doing is overburdening equipment
with lots of individual filters.”
But Gibson says it’s only a matter of time before market forces and
technology shift the responsibility for subscribers’ security back to the
access provider.
“All of what we’re seeing is signs of an immature industry. In the future,
ISPs are going to be running firewall software and blocking spoofed
addresses and have some system for automating their intrusion stuff,” Gibson
said.