Do Cable-Modem Users Face Risks DSL Subscribers Escape?

I mentioned in Friday morning's look at the stumbles and fumbles we've seen in the emerging (and maybe already fading ... ) DSL industry that one dirty little secret often rumored about DSL's competition -- cable-modem access -- has a quick and easy solution. For free.

According to urban legend, when you connect your personal computer to a cable system to access the Web, you open yourself to a big risk of getting hacked by some malicious person with evil intent.

But if you use DSL, that risk goes away.

That's half-right: There's risk both ways.

I'm a big believer that anyone using any kind of fast-access Net connection ought to put up a defense, known as a firewall, against getting hacked over that speedy connection. Yes, it's true that cable-modem subscribers are somewhat more vulnerable to hack attacks than DSL, satellite and other fast-access customers. But all methods of connecting to the Net involve security vulnerabilities.

This is a problem that's so easy to fix, or to prevent, that I find it hard to accept the notion that cable access is at a competitive disadvantage because of its somewhat increased exposure to hackers.

The problem is simple: The architecture of cable systems means that your Internet connection makes you one node in a cluster of customers sharing the service. Since cable connections at your PC are via an Ethernet card, in effect you're just one fat and happy network user, sitting there waiting for some smart hacker to move in on you.

Many PC users are under the illusion that once they've hooked their PCs up to a cable-access Net connection, they are only at risk of being invaded while they are actually using the Net ... or at least, only when they have a Net browser open. So they carefully shut down their browser, sometimes even when they are just going to be away for a few minutes.

Big mistake. You're at risk of getting hacked -- of having an intruder come in and read files on your hard disk, or erase that hard disk, or even plant a little software bomb set to go off at some later date -- any time that PC is turned on, whether you're using it or not, whether a browser is open or not, whether you're looking at a Web site or not.

The rule: If you're connected to the network, you're at risk, period. If you doubt that you're vulnerable, download and run a free copy of my buddy Steve Gibson's LeakTest program. It will point out specific vulnerabilities in your system. And, probably, scare you a little.

The cable providers could help here, making your connection safer. But they don't, and I have the sense that "greater customer security from unwanted intrusions" is not high on the cable outfits' to-do lists. So you have to protect yourself.

The simplest way to do that is to disable file-sharing and print-sharing in your operating system. But that defeats the purpose of home networks, which are all about file- and print-sharing. And home networks and fast Internet connections go hand-in-hand for many PC users these days.

So you have to use some sort of active protection, not just bury your PC's head in the sand.

One way to do this is to interpose a so-called "hardware firewall" between the cable connection and your PC's Ethernet connector.

Hardware firewalls -- small boxes, to which you connect both the cable from the cable jack in the wall, and a second cable to your Ethernet card in your PC -- do a great job of keeping out intruders, and at $300 or so and up (and up, and up ... ), they're a good choice for some. But they can be fiendishly difficult to set up. And expensive. A better idea for most of us is a "software firewall" -- a piece of code which, always running inside your PC, watches for interactions between your other software and the Net, and stops cold any inappropriate incoming activity.

There are a number of good and affordable software firewalls intended for use by individuals, including Symantec's (SYMC:Nasdaq - news - boards) Norton Personal Firewall 2001, Network Associates' (NETA:Nasdaq - news - boards) McAfee Personal Firewall, and Network ICE's BlackICE Defender.

I like Zone Labs' ZoneAlarm best of the lot. The individual version is a completely free download -- no strings, no shareware, no "pay if you like it" -- from www.zonealarm.com. It's by far the easiest software firewall to set up, while providing substantial protection. If, after you've used ZoneAlarm for a while, you may want to upgrade to ZoneAlarm Pro, which costs only $39.95, and offers a lot more tweaks. But you won't really need it -- and for most connected PC users, I think tweaking is just what you want to avoid.

Either way, after installing any of these software firewalls, run LeakTest again, to see if you have all the holes plugged. (If you really get into this, you may want to download Steve's free IP Agent and Shields UP! programs, to further explore intrusion vulnerability.)

If you're into masochism, check the logs your software firewall maintains from time to time. You'll be amazed at the number of intrusion attempts turned aside.

With one of these inexpensive, reliable programs installed -- and, please, upgraded frequently, to keep the ravening hordes at bay -- you will no longer worry about cable connections' vulnerabilities. Nor put up with phony arguments about cable-access connections having a fatal security flaw, certain to fell them in their contest with DSL.

---

While I'm talking about useful year-end freebies, grab a copy of PC Magazine's great new Net-connection performance-measurement tool, NetPerSec.

I get a constant stream of mail from RealMoney.com and TheStreet.com readers asking how they can tell what kind of speed they're really getting from their Internet service provider, whether dial-up or fast-access flavor.

There are a number of commercial software products to determine actual instantaneous and average connection speeds, but none work better than perhaps not even so well as NetPerSec, an excellent piece of work by Mark Sweeney, published as a free utility by PC Magazine.

---

Jim Seymour is president of Seymour Group, an information-strategies consulting firm working with corporate clients in the U.S., Europe and Asia, and a longtime columnist for PC Magazine. Under no circumstances does the information in this column represent a recommendation to buy or sell stocks. At time of publication, neither Seymour nor Seymour Group held positions in any securities mentioned in this column, although holdings can change at any time. Seymour does not write about companies that are, or have been recently, consulting clients of Seymour Group. While Seymour cannot provide investment advice or recommendations, he invites you to send your feedback to Jim Seymour .