Personal Firewalls, Anti-Virus, and Host Intrusion Prevention


A personal firewall is a program that you run on your computer which blocks any communication to and from that computer that has not been specifically allowed by you. As such, a desktop firewall can block malicious attempts to penetrate your computer and take control of it. Note, however, that firewalls work by making judgments about how software wants to communicate with your computer; they can only watch what is going out or coming in. Once a piece of mailicious software finds its way its way into your computer and is quietly wreaking havoc, it's too late for the firewall to do anything about it.


Anti-Virus Programs

Anti-virus programs provide some level of protection against malware that has successfully invaded your system, but they work by examining the structure and content of the files that reside there. If a file looks like something that is known to be bad, anti-virus software can quarrantine or remove it before it loads into your computer's main memory and begins to execute. The problem is that many of the newer attacks on your computer are designed to look benign to both an anti-virus program and a firewall, and they don't appear suspicious until they start to run. Most of them then execute silently in the background, so you're not even aware that anything is happening until the damage is done. It's even possible that you won't discover it at all.


Host Intrusion Prevention

Host Intrusion Prevention adds a third level of protection to your firewall and anti-virus programs by continuously monitoring the software that's running in your machine. It detects and shuts down or blocks the action of suspicious programs based on how they're behaving, rather than on the basis of how they look or how they got into your computer.


Managing It All

Unforutunately the only way that security software like firewalls, anti-virus or host intrusion prevention can tell whether something is suspicious is by means of a large, complex and arcane set of rules that tell it how good software should look, act and communicate. If the rules and signatures that your software is using are too lenient, your security software could miss things that it should catch. If those rules are overly restrictive, they will cause desktop programs like email, your web browser, printing or just logging in to malfunction, and the cause of this malfuntion is usually very hard to trace when it happens. Finally, if those rules and signatures are too old, they'll miss newer forms of attack. Given the speed at which new threats now appear and spread through the internet, "too old" can be little more than a day or two.

Effectively managing all of this has become a monumental task that requires more time, attention, and technical knowledge than most of us have. The Mcafee Security Suite, together with ePO, provides a solution to this problem for RIT-owned machines. Once the ePO agent has been installed on an RIT-owned machine, the ePO server will automatically install both the McAfee Viruscan and Host Intrusion Prevention software, and maintain all of the rule sets, signatures aand updates necessary to keep that software working properly. In the event that something requres a change to the rule set, McAfee and ITS can anticipate and make this change, and the ePO server will send it to your computer automatically. You can also make individual changes yourself, although most people never need to concern themselves with this.


Installing Host Intrusion Prevention

If you have an RIT-owned computer and want to run the McAfee Security Suite, you should first remove any existing anti-virus software and turn off the Windows firewall in your Windows Security Center. (McAfee Host Intrusion prevention includes a far more capable firewall than the one Microsoft Provides.) Then install the ePO agent as directed here. You need not do anything further - within a few hours, the ePO agent will install the McAfee Security software, including VirusScan Enterprise and Host Intrusion Prevention.

If you have an ePO managed system and prefer to use a different firewall or anti-virus program, you can call the ITS Service Desk and ask to have the corresponding McAfee component removed. The remaining components should continue to operate and can co-exist with most other security software.