We then hit each firewall with three simulated hacks: installing and accessing the Back Orifice Trojan horse, running a port scan, and conducting a denial-of-service attack. We ran each test at the programs' default security settings. (Some default to the highest security setting, while others default to the second-highest.) If a firewall failed a test, we tried it again at a higher setting.
In the Back Orifice test, BlackICE did not stop the attack at its default security setting. However, it did stop the Trojan horse when we bumped the security up a notch. (The newest BlackICE version, not available in time for our comparison testing, does stop Back Orifice at its default setting.)Three products - McAfee.com, Norton, and ZoneAlarm - identified Back Orifice by its file name, Umgr32.exe, and asked permission to run it. Not many PC users have heard of Back Orifice, let alone Umgr32.exe, so they might not know whether to block the app or let it run. ESafe's built-in virus checker identified the Umgr32.exe file and asked whether we wanted to delete it. Secure Desktop failed the Back Orifice test - and all other attack tests - even at its highest security setting.
We next hit our test PC with a port scan, having deliberately left two ports open to see how the firewalls would handle them. The first port, called NetBIOS, is opened when printer and file sharing are enabled. The second port was opened for our Back Orifice Trojan horse. (Some firewalls look for standard ports used by Trojan horses, but we upped the ante by choosing a nonstandard port.) A personal firewall can hide your PC by putting ports into stealth mode so they will not respond to a hacker's port scan; the ports will thereby offer no evidence that your computer exists.
At their default settings, BlackICE, McAfee.com, and ZoneAlarm put the two ports into stealth mode, but ESafe, Norton, and Secure Desktop failed to hide the ports we left open.
Finally, we ran a miniature denial-of-service (DoS) attack, hitting each firewall with a flood of meaningless data intended to confound the operat-ing system. In the real world, a DoS attack overwhelms your Internet connection, making it difficult or impossible to access the Net. It can also crash your system. Malicious hackers can increase the pressure by launching a distributed denial-of-service (DDoS) attack, in which multiple computers are commandeered and used to launch an attack. Such assaults are usually directed against major Web sites and the servers that support them.
In the unlikely event your PC is targeted for a full attack, a good firewall may block the incoming data packets and prevent your machine from crashing, but no firewall can ensure that your Internet connection will remain open.
At their default settings, four of the firewalls we tested - BlackICE, McAfee.com, Norton, and ZoneAlarm - prevented a crash, although BlackICE was the only product that correctly identified the nature of the attack. Norton gave no indication an attack was under way. We were disappointed that ZoneAlarm repelled the attack only at its default (High) setting, and Secure Desktop and ESafe failed to prevent a crash even at their highest settings.