Free Firewall Recommendations (Protect Yourself Online With These FreeFirewalls)

If your home computer is connected to the internet, or to other computers that are connected to the internet - you need a firewall. It's as simple as that.

Hackers and hacker software are constantly probing the internet for computers without a firewall. When such a computer (A.K.A. "victim") is found, it is targeted with spyware, viruses, trojans, key stroke loggers and anything else a deviant mind can devise. If you don't want to be a victim, then you need to protect yourself.

How not to be a victim.

Here are 2 really great personal firewall programs that are absolutely free for personal use.

Comodo

Comodo is free for home use. You may be wondering why a company would give away a program for free that is sold for $40 and more by other companies. This thought alone is often enough for many computer owners to skip the free alternative and shell out the money for the "internet protection" software suites.

This is a very normal concern, but here are some things to consider that will probably alleviate those worries.

1). Take a look at those Internet protection suites and see what's included.
Often times, it's not just a firewall but anti spyware, anti virus, web filters, system tuning and maintenance - in other words, the kitchen sink! This is because the makers of the all-inclusive software suites know that each piece isn't worth the full price alone, or they would charge for each piece. So they package them all together and charge one price hoping you'll need at least one of those products enough to buy the whole suite.

2). Most free alternatives offer a slim feature set in the free version, but increased features for the professional version. Also, the free version is often times only free for indiviual use, not businesses. So the company or developer makes money from business use.

That being said, the free versions of Comodo and Zonealarm are more than enough for most home users.

Comodo Features (courtesy of the Comodo website):

• Complete protection from Hackers, Spyware, Trojans and Identity theft
• Host Intrusion Prevention System stops malware from being installed
• Free Download. No charges or license fees ever
• Powerful and intuitive Security Rules Interface
• 'Smart' Popup Alerts
• Application Behavior Analysis
• Automatic 'Firewall Training' mode
• Windows Security Center Integration
• Self Protection against Critical Process Termination
• Application Recognition Database
• Automatic Updates
• Improved Firewall Event Logging
• Submit Suspicious Files to Comodo

System Requirements (version 3.9)

• Windows XP - 32 and 64 bit versions
• Windows Vista - 32 and 64 bit versions
• 64 Mb RAM
• 50 Mb free disk space

You can read more about the benefits Comodo Firewall here.
You can download Comodo Personal Firewall here.

ZoneAlarm

ZoneAlarm started as a free only firewall, but experienced significant success and rapidly evolved into a Pro verison. I have used ZoneAlarm on my personal computers for years, with great results. When gathering links for this article, I realized it's become pretty difficult to find the free for persoanla use version. It seems that ZoneLabs (the maker of ZoneAlarm) has gotten aggressive in promoting their professional (read: not-free) version. so far, the actual software has remained ad free, so I can't complain too much.

Features:

• Systematically identifies hackers and blocks access attempts
• Automatically makes your computer invisible to anyone on the Internet (Stealth Mode)
• Intrusion Blocking systematically identifies hackers and blocks access attempts.
• Stealth Mode automatically makes your computer invisible to anyone on the Internet.
• Automatic Program Configuration provides safety and simplicity by automatically configuring programs. Automatically decides whether to allow or deny Internet access to individual programs.
• Expert Controls give savvy users precise control over security settings.

You can download ZoneAlarm Free here.

Conclusion

As I said, I've used ZoneAlarm for years and love it. I have only been using Comodo for a little over a year on my laptop and have had no problems with it.

The only downside to both is that the learning mode can be confusing for inexperienced users. Often times a popup will display asking the user if they want to allow application XYZ to act as a server. Most inexperienced users don't know what the hell that means and can get flustered. What I've done is after installing the firewall, I run all known internet user apps (browser, IM chat, anti-virus update, email, etc...) to "teach" the firewall that these are certified apps. After that, I tell the user (usually a relative or close friend) if it prompts you in the future click "no" or call me.

Comodo advertises "Comodo Firewall offers the highest levels of perimeter security against inbound and outbound threats" I tend to believe them only because I've found that comodo prompts me WAY more than Zonealarm. It seems that Comodo distinguishes how a url was requested by a browser. For example, if the user clicks a link from a word doc, then Comodo will interrupt and inform the user that another application has requested the browser load ".. www.abc.com..." This is great for experienced users, but will definitely be too much for the inexperenced grandma looking to chat with the grand kids... In that situation, I would recommend ZoneAlarm.

Are Free Antivirus and Firewall Products Really Any Good?

There was a time in my life when I used security and protection suites like Norton and McAfee, but after a while I grew unsatisfied with them.

"But Norton and McAfee are giants in the industry that pack every last bit of there software with features users never dreamed of! What more could you want?", I hear you ask.

Well, that's kind of the point. Over the years, software suites like these just continued full speed down the road to bloatware. They kept accumulating features like a snowball rolling down hill. They've got features and functionality I never used, and don't really need quite frankly. Often times the system tuning and performance components just sat idle, using my system's increasingly valuable and every more rare RAM.

I did what most people do, I suppose. I bitched incessantly about paying for features I didn't use, didn't want, and worst of all had to actively work at removing from my system! Most times that wasn't even an option, since everything threaded together in a tight knot, with system failure at every turn so that you couldn't pick and choose the features you needed without having all the needless bloat to go along with it.

Then I realized that some other bright people were experiencing the same headaches and were in a position to do something about it. What they did was create their own programs to solve each discrete problem. In other words my friends, say farewell to bloatware!

So now I assemble a patch work of software products that do what I need. They do one thing, and do it well. I use one free program for firewall protection, another free program for virus protection, and various other applications for system tuning and performance, spyware, etc....

I admit, I was hesitant at first. I had questions about how safe and effect these products were. I thought that they couldn't be that good if they were free. Why would someone (or a company) produce software for free if other companies could make $40+ selling it?

Well, the answer is pretty simple. Makers of Comodo, and ZoneAlarm (my firewall products) as well as AVG Antivirus make money on the professional versions of their software as well as business users.

The general idea is that they offer a fully functional version free for personal use, and a different version with more features for a price. So far, with Comodo, ZoneAlarm, and AVG Antivirus I have been very satisfied with the performance and feature set of the free versions.

How To Control Disk Thrash From ccmexec.exe (SMS Agent).

Today started like any other day at work. I sat down, logged into my PC and was greeted by the thrashing sound of my hard drive. I've come to realize that the bottleneck in my work PC is by far the hard drive. I don't need any bench marking software, I simple try to access a file or two. Sometimes, I simply open windows explorer and wait.

I finally got so disgusted I fired up procman and dug through the activity to find the culprit.

I had to scroll down to the bottom of a couple thousand lines of activity before I saw a clear pattern, but lo and behold what I saw was incredible!

There were literally thousands of disk writes to my pagefile - and all I had done was log in!

The bizarre part was that the files being read and written to the swap file were files I was not touching.

I saw that the process performing all this thrashing was something called "ccmexec.exe". I'd actually never heard of this process, but after some quick googling I discovered its the exe for the SMS Agent service.

This service (the  Systems Management Server service) performs an indexing or cataloging of all the files on the disk so that windows update will have the latest info on versions of OS files that may need patching. Sounds great, but I'm not sure it's worth the cost considering the downtime and aggravation I experience waiting for this thing to chew through my 150GB drive.

My first instinct was to disable the service in the services control panel applet, but I figured that the corporate IT staff would eventually get a tad upset when they realized my system didn't have the latest patches installed because I disabled the service.

So, I was faced with my own kobayashi maru scenario : I was ineffective while this thing chewed threw my file system, but I couldn't disable the service without sending up corporate red flags that I was a bad citizen.

Then I hit on a solution - a scheduled task to ensure the service did run, just not when I was busy working. I actually used two batch files, one for each task of starting and stopping the service.

Open up notepad (or your text editor of choice), and type the following:

net start CcmExec

save the file as "SMS Agent start.bat"


Now, start a new text file and enter:

net stop CcmExec

save the file as "SMS Agent stop.bat"

Note: you can also replace "net" with "sc", to use the newer Service Control manager command line tool.

Then, set the startup type of the SMS Agent Host service to "Manual" in the services control panel applet.

Next, create a scheduled task to run after hours that runs the "SMS Agent start.bat" file, and another task that runs the  "SMS Agent stop.bat" before you get into the office.

The best of both worlds - you remain productive and a good corporate citizen (after hours)!

Lessons in Software Development From the Apollo Moon Missions.

Monday was the 40th anniversary of the Apollo 11 lunar landing. The story of the Apollo program is an historic and inspirational one, but it's also relevant to software development.

To understand the significance of the Apollo program from an engineering standpoint, we must begin at the beginning...
Gus Grissom, Ed White and Roger B. Chaffee were killed on the launch pad when the Apollo 1 capsule burst into flames just prior to the launch test. What happened? Well, according to Wikipedia (I know, far from an unimpeachable source, but bear with me here):

"Although the ignition source of the fire was never conclusively identified, the astronauts' deaths were attributed to a wide range of lethal design hazards in the early Apollo command module. Among these were the use of a high-pressure 100 percent-oxygen atmosphere for the test, wiring and plumbing flaws, flammable materials in the cockpit (such as Velcro), an inward-opening hatch that would not open in this kind of an emergency and the flight suits worn by the astronauts."

In short, no one knows for sure what specifically caused the fire, but everyone agrees that some fundamental errors led to the conditions (whatever they ultimately were).

what really went wrong was at the planning and design stage. NASA was in such a rush to make up lost time in the space race with the USSR, that they got cocky after early successes, cut corners and went full bore toward a fully manned, Apollo capsule before they were really ready.

The precursor missions to Apollo were the Mercury and Gemini projects. These projects had highly specific mission statements and each was directed toward a discrete piece of the overall lunar landing mission. Project Mercury was directed toward getting a man into space, and back again. The goal of project Gemini was to perform extra-vehicular activity (pre-cursor to space walk), and docking maneuvers.

NASA began the mission to the moon with an iterative approach, but switch to a more waterfall like approach where they tried to construct a whole new capsule module from scratch, with the intent of landing on the moon and returning. They used the knowledge gained from the earlier Mercury and Gemini projects, but constructed new - and untested - equipment for Apollo.

The parallel to software development is using an iterative approach to develop phase I of a project, only to throw it away and start over on phase II. The whole purpose of the iterative approach is to focus on small, achievable parts of a greater whole to maintain momentum but also to limit what must be tested and hence limit (theoretically) the universe of possible bugs.

I think the 2 most important software development lessons we can learn from the Mercury, Gemini and Apollo missions are:

1. To be successful, have clear and concise mission objectives (goals).
2. Start small, and build on each success.

This is what made the Gemini and Mercury missions so successful, and ultimately made Apollo 11 possible and it will drastically improve the odds of your next software project being a success as well.

Fun with Cryptography

Here's a little Friday fun from Monty at MR01001101.

He's got Cryptography and Steganography essays and, here's the fun bit, puzzles that take the user through a chain of tests through his site.

Puzzles range from simple alphabetic substitution to symbolic images to Egyptian hieroglyphs. Fun stuff, and it'll give your brain a workout too.

Wonder what's behind the cryptic sounding name of MR01001101 ? Well, it's not as mysterious as it sounds:

"Why 01001101? It is binary for M and it arrived when I signed up for my first geocities site drunk. I also bought this domain intoxicated. Will I ever learn?"

:-)

The 3 Most Important Questions You Should Ask About Each Bug You Find.

I stumbled upon (quite literally) an article by Tom Van Vleck titled Three Questions About Each Bug You Find today, and thought I would share it:

"The key idea behind these questions is that every bug is a symptom of an underlying process. You have to treat the symptoms, but if all you do is treat symptoms, you'll continue to see more symptoms forever. You need to find out what process produced the bug and change the process. The underlying process that caused your bug is probably non-random and can be controlled, once you identify what happened and what caused it to happen."

Tom uses these questions to get to the heart of the matter and weed out the root cause of the bug.

1. Is this mistake somewhere else also?

You want to know if this bug was unique, or due to a problem in a pattern of approach to the specific problem. If it's unique, you can move on to the next question, but if it's systemic, you'll need to address your approach to the development problem the code was intended to solve and devise a new pattern or correct the one in place.

2. What next bug is hidden behind this one?

Often times a bug will either halt the execution of code, or cause the lines after the bug to be bypassed. once you fix the bug, those other lines of code will begin to execute. Be sure to check those for any bugs. Also, consider whether your fix to this bug could cause any new bugs to be introduced.

3. What should I do to prevent bugs like this?

Learn from this mistake. Could the problem be avoided by adding a new test condition to your NUnit test(s)? Should you implement a change to your pattern to check for null reference or out of bounds exceptions sooner? Bugs happen, but if you can use them as teachable moments and learn from them, then they will at least provide some value and make you less likely to run into the same bug in the future.

It's not always an easy process, mostly because it requires a sort of detached introspection and willingness to be critical and objective when looking at your work. These character traits are not always in high supply, and we humans can often get in the way, but if you can master these techniques you will go far young padawan.

Google Chrome: the OS.

Google announced last Tuesday that it has its sights on dethroning Microsoft as desktop OS king:

"The new operating system, announced late Tuesday night on Google's Web site, will be based on the company's nine-month-old Web browser, Chrome. Google intends to rely on help from the community of open-source programmers to develop the Chrome operating system, which is expected to begin running computers in the second half of 2010."

Google is focusing on the Netbook market, which is a smart first step. I'm not sure how successful they will ultimately be beyond that though. Netbooks are perfectly suited to a browser based OS - they've got inherently less RAM and CPU power and are targeted specifically to the Internet/e-mail user. I don't see any wholesale switch from Windows anytime soon for one of Microsoft's major demographics - business users.

Also, gamers and developer are likely to stay with Linux and Windows, at least for the time being. But, having said that, Google's OS is built on Linux, so there probably wouldn't be that big a change from, say Ubunto to Chrome (or whatever they end up calling it)..

Of course, I'll still have to give it a try when it comes out... just for curiosity's sake! ;-)

Dude, Where's my Folder treeview?!

After a wee bit O' overzealous registry cleaning last week, I had a minor panic. Well, a picture being worth a 1000 words, here's what I saw when I opened windows explorer:

The good news (I suppose) is that I knew the instant I hit the Delete key that I had selected the wrong key. The bad news was that I had no way of finding out what key that was.

So, I did some Googling for various permutations of "missing windows explorer folder treeview" and eventually stumble upon the following registry edit:

REGEDIT4

[HKEY_CLASSES_ROOT\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}]
@="Explorer Band"

[HKEY_CLASSES_ROOT\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}\InProcServer32]
@="C:\\WINNT\\SYSTEM32\\SHDOCVW.DLL"
"ThreadingModel"="Apartment"

[HKEY_CLASSES_ROOT\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}\Implemented Categories]

[HKEY_CLASSES_ROOT\CLSID\{EFA24E64-B078-11d0-89E4-00C04FC9E26E}\Implemented Categories\{00021493-0000-0000-C000-000000000046}]

I saved that to a new notepad document, saved it with an ".reg" extension and double-clicked it. Voila, my missing treeview returned!

It sure beats reinstalling the OS for something so simple.