A friend of mine teaches beginning security classes for a couple of large PC manufacturers. One course is about antivirus software and virus protection, the other about firewalls and basic security. He told me that one question that always comes up from students is "How can I tell if I have a firewall or not?"
It's an innocuous question, but one that's surprisingly difficult to answer. Unless the person running the machine knows how to look for firewall software, and can recognize it when he or she sees it, there's no easy way in current Windows environments for end users to tell if they're protected or not. I think that's why Microsoft is adding a Security Center to Control Panel in Windows XP SP2, and I have to believe it will scan hard drives with a specific set of executable names and/or registry keys to help it identify what it finds.
In the meantime, XP users can employ the techniques I'm about to recommend. These may remain the only way to check for users of other or older Windows (unless Microsoft rolls Security Center back into future updates for Windows 2000). Though it's tricky to define a precise recipe to detect and identify the presence or absence of a firewall on a system (or on a network), there are several intelligent ways to go looking.
For those unafraid of Control Panel, one easy way to seek out firewalls is to open the Add/Remove Programs widget. Items listed under the Currently installed programs button show all applications that create registry entries during installation. In most cases, third-party firewalls and related security software shows up—often with links to support information to help identify items for those intrepid enough to poke around but who may not recognize some items they find. Windows XP users can check if the built-in Internet Connection Firewall is enabled or disabled as described in Microsoft's XP documentation.
But for those uninterested in venturing into these areas, it's easy to point a Web browser at a vulnerability scanner to see how well or ill protected a system might be. Though this won't tell you that a firewall is active on your system (or network), it's unlikely that a clean bill of health will occur on an unprotected or out of date system. Should results indicate that one or more vulnerabilities need remedy, you'll want to obtain an up-to-date firewall, make sure Windows gets all necessary security updates, and use up-to-date antivirus software too.
You'll find two good, free security scans available at:
- Gibson Research: follow the links to the Shields Up! utilities and select at least the File Sharing and Common Ports scans.
- Click on the "check for security risks" button at the Symantec Security Response center.
These services not only identify vulnerabilities, they also describe potential remedies. This helps resolve underlying concerns about PC protection.
Tom Lancaster, CCIE# 8829 CNX# 1105, is a consultant with 15 years experience in the networking industry, and co-author of several books on networking, most recently, CCSPTM: Secure PIX and Secure VPN Study Guide published by Sybex.