Firewall alerts come in all shapes and sizes, and vary greatly depending on the type of firewall you’re using at the moment.  Let’s take a look at what they mean, how to decide whether they’re legitimate, and how to respond to them.

If you’re running any type of firewall on your system, you’re probably very used to its alerts by now.  Every time you open a new program, access a new Web site, open an email, etc. an alert pops up- but what do they all mean?  Should you respond to all of them?  Should you approve all “firewall access” alerts?  There’s a lot of questions regarding these alerts that most people aren’t aware of.  In most cases, users click OK on every firewall alert that pops on their screen.  While this is fine in some cases, it’s better to understand what each type of alert means, what to look for, and how to handle each one specifically.

For a firewall to do its job, it will constantly oversee all “network-based” connections, meaning anything that accesses the Internet or any other networked piece of hardware or software.  As you can imagine, a firewall can track hundreds if not thousands of these connections on any given day and know how to handle each instance.  Sometimes, however, the firewall doesn’t know what to do, and will ask for input from the user on how to proceed.  The firewall does this by issuing an alert with some options.  Usually whether to allow or deny access to a certain program or process.

Legitimate Internet traffic, such as checking email, browsing most Web sites, etc. will never trigger a firewall alert, while “unrequested” traffic always will.  “Unrequested traffic” is caused by software that uses a quick Internet request for something as menial as a CD title or Twitter update, and since the traffic is “unrequested” so to speak, and therefore unusual to the firewall, it will trigger an alert.  Most firewall alerts fall under this category and will say something like: “x software” is trying to access the Internet, and then ask whether to allow or deny the connection.  “x software” could be anything, such as chat software, antivirus software, etc.  The key is to know what the software is and if it’s safe to access the Internet and/or parts of your network.

A lot of the time, the name of the software or action that triggered the alert will ring a bell with you, and you’ll know whether it’s safe or not, but some times the name is unfamiliar, or it uses a familiar name along with extra characters or numbers.  This could be spyware, malware or other forms of malicious software or scripting running in the background that could be using a familiar name to trick you and your firewall.  In this case, simply look at the full filename.  If it’s something like “ICQ.exe,” you’ll know that it’s the actual program and it’s safe to access the Internet.  If it were to look something like “ICQ-GSS.exe” or “ICQ.exex,” then you would know that something is off, and deny the connection.

As a good rule of thumb, every time a firewall alert pops up, simply look at the filename or process that’s in question and determine whether it looks different than normal or something that’s completely unidentifiable.  Your firewall should detect both incoming and outgoing connection requests, so take a close look at every one and assess its legitimacy based on simple common sense.  Each firewall has different alerts, and different wording for each alert, but instead of simply hitting OK every time an alert appears, take a second look.

Based on what you use your computer for, you can also adjust the settings of your firewall to reduce the number of alerts you receive overall.  If you start to notice that you’re getting a higher number of alerts, it might be time to run an antivirus/spyware scan for starters, and to take a look at your firewall settings.  In most firewall instances, you can select an option for “no exceptions,” which means it will always deny all suspicious connection requests without triggering an alert.  This is the most secure and least troublesome of the settings as you’ll never get any alerts, and your protected from almost every thing.  This is good for public places, hotels, etc. where the risk is much higher than at your home or office.

On the other hand, you can turn your firewall completely off to avoid annoying alerts and the accompanying slowdown of constant checking, but it’s not recommended for obvious reasons.  Unfortunately, most people get so aggravated with seeing constant alerts that they disable their firewall completely and are therefore susceptible to all sorts of attacks and spyware.  The best middle ground is to adjust your firewall settings by going down the list of possible exceptions and choosing which ones to alert you on.  This way, you can determine whether to only be alerted when something serious or overly suspicious is trying to access your network, or whether to deny or accept the connection automatically.  This way, you still have the benefits of a firewall without the hassle of constant alerts.  It’s worth the extra time it takes to go down the list by hand and determine which ones you think are OK, and which ones aren’t.  It’ll pay off in the long run.

The bottom line is you always want to pay attention to every alert, don’t just pass it off and click OK.  That’s the worst thing you can do, and it defeats the purpose of having a firewall in the first place.  Taking a second look can save yourself from being affected by the magnitude of malicious attacks, spyware, trojans, etc. that are so prevalent these days.  Use your best judgment, and if it doesn’t look familiar, always deny the connection unless you’re positive.  Sometimes one simple letter or number can determine whether the connection is legitimate or not.  Now, hopefully next time you receive that dreaded firewall alert, you’ll at least know what it means and what to do.

Related:

Entry was posted on Sunday, March 1st, 2009 at 10:33 pm under Antivirus, Tips and advice, Tutorials.

Read more entries by Justin Montgomery.
Stumble It!