The Anti-virus Times

Monday, June 6, 2022

Imagine: you come home and lock the door on several locks. Bars are on the windows. And then you hear someone outside the door starting to pick the locks. And it's clearly not just one stranger—from the sound, it seems that a whole gang is trying to break through your door. Then your attention is distracted by a typical nasty groan—these strangers are already using a glass cutter to get into your house. And a rock is thrown into a second window (it's good that bars are on it). "Normal stuff", you think, and you get ready to hang your coat on the hook. And at that moment, you are horrified to find that your wallet isn’t in your pocket. But it was definitely there when you arrived at the flat...

You will probably agree that this sounds like an episode from a surreal thriller. Meanwhile, if our society existed in the digital world, everyday life would be just like that. At least for now. Order and security in our "digital civilization" are roughly at the level of the Stone Age. Unfortunately, you cannot even think about leaving windows and doors open, trusting all your neighbours unconditionally, and leaving the house without undertaking special security activities.

We often talk about the importance of a modern comprehensive anti-virus and its components. The firewall is one such component. For many users, this component is something mysterious. It deals directly with the network, and sometimes it may seem that it lives a life of its own: one moment it is invisible, then the next moment it starts to display incomprehensible warnings; after this, situations from the category "I pressed something and everything broke" can occur. To avoid such troubles and make friends with the firewall, we suggest you find out a little more about it.

Let's start with the fact that firewalls can be different — software and hardware. Hardware firewalls are a topic for another day, although how they work is no different from software implementations. Any firewall is based on special software, so in this article we will consider the firewall as software. Any firewall is a filter program that monitors and filters network information passing through it in accordance with defined rules.

The firewall included in the Dr.Web anti-virus is a traditional software firewall. To fundamentally understand its work, appropriate, albeit basic, knowledge of computer networks is required. We will try to draw more illustrative analogies.

Imagine your computer and the information stored in it as a house. To protect your house from intruders, you need a security perimeter—a reliable fence, doors and a properly configured access system. The firewall is such a security perimeter. The mass distribution of firewalls coincided with the development of computer networks—the need for such protection became obvious. Imagine that your computer is connected to the Internet directly (that is, there are no gateways between the computer and the global network, and it is completely open to incoming connections). Let's assume that a traditional anti-virus is installed on your computer. Even if you do not access the Internet and do not establish any outbound connections from this computer, it will be open to network threats from outside. Such threats can include intruders who scan networks and use various methods to gain access to your PC, and network worms that spread automatically and infect everything they can reach. Many years ago, in the era of rapid local network development, it was often possible to observe a situation when an anti-virus feverishly detected hundreds of "incoming" threats on a PC. This was due to the absence of a firewall. The anti-virus neutralised malicious code, but it was unable to “bang the door” in front of the threat itself. And a source of persistent infections could be, for example, a worm wandering through a network.

It is important to understand that the most frequent (albeit mostly unsuccessful) network infection attempts are made by establishing an inbound connection with certain parameters, such as IP address, port, and network protocol. The firewall analyses all incoming and outgoing network traffic and, depending on the settings, passes it through itself or filters it according to defined rules. In the case of our network worm, the malicious program will be unknown to the firewall, which means that its network activity will be blocked as suspicious. This is a simple example of how the firewall protects your computer from network threats.

Nowadays, an Internet connection for home computers is organised differently—all home devices are protected by a router which, as a gateway between the home and provider networks, serves as a firewall. A home router is also behind the provider's gateway, so network infections from outside have become much rarer. But this does not mean that you do not need a firewall on your home (and especially your office) computer.

As previously mentioned, the firewall can block both inbound and outbound connections. This is important if your computer has been infected with a trojan. Almost any modern trojan has network functions to establish communication with a control server and transmit compromised data. A properly configured firewall is also used to prevent data leakage when such infection occurs. Another example is encryption ransomware. Before encrypting files, a trojan receives a special key from a control server to generate a unique encryption key, and then encrypts the files. An outbound connection initiated by encryption ransomware will be blocked. As a rule, in case of failure, a standard key will be hardcoded into the trojan’s body as a spare. But files encrypted with a standard key are much more likely to be decrypted.

The firewall is useful for monitoring any applications, even trusted ones. The user can block the network activity of some applications or only allow inbound or outbound connections. This can be useful when fine-tuning a system and organising a truly secure perimeter. For example, an arbitrary program can be allowed to connect only to the specific ports and addresses necessary for its operation. Thus, you can be sure that the program will perform only those actions that are required of it, and any third-party network activity will be blocked.

There are many other scenarios that illustrate the need to use such an important security component as a firewall. Needless to say, any corporate network must be protected by a firewall that operates on a network gateway. Therefore, you should not neglect to use this tool, especially since it is included in Dr.Web Security Space by default. We hope this information has convinced you that your anti-virus needs an assistant to protect your digital home effectively.

#firewall #Internet #firewall_configuration #Dr.Web_settings #terminology