@Home (ATHM) officials declined to provide specifics on the announcement. But Jay Rolls, vice president of network engineering, said the gesture was aimed at giving users peace of mind.
"Even in the cases where we think they don't really need it, we're going to endorse that as a thing you can do if you are really concerned," Rolls said.
The move by @Home comes as personal firewalls, once a niche product, have moved into the mainstream, mimicking some of the functionality of the industrial-strength firewalls used by corporations to protect their networks from external attacks. Besides blocking access attempts, many packages also enable the individual user to identify the source of the attack.
Leading PC software marketer Symantec has added firewall functionality, licensed from WRQ, to its Norton Internet Security 2000 utility, which began shipping last month. And ZoneLabs this week announced the addition of firewall capabilities to its freeware Internet security tool, Zone Alarm 2.0.
Helping to spur interest in PC firewalls are recent media reports of tools such as automated port-scanners coming into widespread use by recreational and malicious hackers. These homemade utilities enable the hacker to perform unattended probes of a range of Internet protocol addresses, examining ports at each IP for vulnerabilities. Also driving adoption of firewalls is the rise of broadband. Any Internet connection, including dial-up, is vulnerable to probes from outsiders, but experts say always-on cable and Digital Subscriber Line connections present a more persistent target to attackers.
While the gesture by @Home may console some subscribers, putting personal firewalls into the hands of inexperienced users could backfire. In many instances, once the software is installed and begins notifying them about attempted intrusions, users often find their worst fears are realized.
"It's unbelievable. A typical user will report 10 probes per day, from machines across the planet, from people they don't know who are looking for vulnerabilities in their machines," said Steve Gibson, president of Gibson Research Corp., a publisher of computer systems utilities who operates a site that enables users to test the security of their Internet connections.
According to Gibson, almost a third of the nearly 1 million visitors to the site break the cardinal rule of personal Internet security -- they needlessly have file and print sharing enabled on their Windows PCs.
For early adopters who have configured their PCs properly and use firewalls to defend against port scans and other network attacks, there's growing frustration with the responsiveness of Internet service providers in shutting down attackers. Ed Chaban, an @Home user Silicon Valley, added firewall software when his cable-modem service was installed six months ago.
"Anytime I've tried to send off anything to abuse@anywhere, the only one that has responded is my provider, @Home. At the others, it just seems to go off into the bit bucket. And these are not just port scans. They are looking for Back Orifice, and it's obvious these guys know what they're doing," said Chaban.
Some ISPs may be reluctant to pull the plug on reported port-scanners because of the current legal ambiguity about port scanning. Eric Goldman, an attorney with Cooley Godward, who has assisted numerous ISPs in drafting terms of service, said courts have yet to rule on whether merely scanning without entry or committing data theft constitutes a violation of federal or state computer fraud and abuse statutes.
According to Goldman, some ISPs may appear unresponsive to scanning complaints because its a new and still low-priority issue compared to gripes about junk e-mail and other abuse.
"Most places' abuse desk is swamped with all kinds of complaints and they need to prioritize. And if it's a choice between an unhappy customer who's getting pinged now and again and being put on the RBL (Realtime Blackhole List), guess which one wins," said Goldman.
Many ISPs, however, are on high alert about the possible threats to their subscribers. @Home, for example, now requires subscribers to initial a form at installation of the service confirming that the technician has disabled file and print sharing.
John Navas, and independent telecommunications analyst, said the threat of port scanning has been overblown by the media. He notes that "spyware" software such as Back Orifice or another trojan horse must be installed on a PC for a port scan to result in a privacy compromise or stolen data.
"My fear is that ISPs are going to feel pressured into doing something drastic, and that's going to make the Internet much more restrictive even to people trying to do legitimate things," Navas said.
Others however are calling on ISPs to do more and take action at the network level, by filtering external attempts to access certain ports on their users' systems. Rolls of @Home says "chasing ports" is a losing battle.
"The more scrutinizing and blocking you do, the more overhead on the network. And the last thing you want to be doing is overburdening equipment with lots of individual filters."
But Gibson says it's only a matter of time before market forces and technology shift the responsibility for subscribers' security back to the access provider.
"All of what we're seeing is signs of an immature industry. In the future, ISPs are going to be running firewall software and blocking spoofed addresses and have some system for automating their intrusion stuff," Gibson said.