I’ve Got It–How Do I Know if It’s Working?
Simply downloading and installing security software isn’t enough. You often need to configure it and enable or turn on the software and the features that you want to use to protect your system. Usually there are options for personal firewall and security software ranging between very low protection up to maximum protection that blocks all access. Anti-virus software is more automatic and usually defaults to an enabled running state, but you still want to check.
Check That the Software Is Running
This might seem obvious, but it’s the first step. Assuming you’ve installed and configured the software, of course. The exact details for those prior steps depend on the security software you’re using. Anti-virus software usually starts up on reboot without much trouble, but we need to check that it is enabled. Similarly, personal firewall software should start up with the system as well, but it could be disabled or turned off. You can check in the software’s own console or program; there should be an indication that the security features are "On" or "Enabled". If not, take steps to turn on the software and enable the security features you want.
Test AV software with Eicar
If you are checking your anti-virus software, whether you have changed anti-virus vendors, or upgraded or changed your software, there is a standard way to check that it is running and test it. Most every AV vendor will have instructions on how to do this. There is a "test" (fake) virus provided by the industry that is available from the vendors. Attempting to download or access it will trigger your properly installed and running anti-virus software. Instructions on how to perform this test for your specific AV software should be included in your AV documentation or help files or from www.eicar.org.
Run an Online Vulnerability Scan
The next means to check if personal firewall or security software is working properly is by running an online vulnerability scan. Some of you may be checking if software installed or built-in to your router is working properly as well. Run a scan such as ShieldsUp to see what your system looks like from out on the Internet. If the system seems unprotected or services are visible that you believe your security software should be protecting, check the configuration of your security software and try again. Comparing the online scan with a local one such as that described next is helpful.
Test With Nmap
This is a check for a more advanced user. You can use the penetration testing tool or port scanner of your choice. My favorite is Nmap, but others such as Advanced Port Scanner or SuperScan would work for this test just as well. For more information on running a scan, see my article on how to use Nmap.
The goal here is to run a basic scan on your local network, behind your perimeter firewall or the filtering done along with network address translation (NAT) by your router, wireless router, or cable modem. If you find ports open and services available on your computers that you don’t expect, check the configuration of your security software, make changes, and run the scan again. If you find exposed services, it’s a good idea to run a more advanced scan with a tool like Nessus and see what’s vulnerable. Note that if you share files or use remote desktop, those services will likely show up as available. Since you’re using them, blocking them completely won’t work. Your security software may have options to allow access only from certain addresses, or you may have authentication set up for those services, so the fact that they are visible isn’t actually a problem.
For more information and ideas on how to verify that your security software is working, check out my articles on The Top 5 Free Port Scanners, The Top 5 Security Settings That Should be Audited, The Top 5 Security Mistakes That Users Keep Making, The Top 5 Penetration Testing Tools, and A Beginner’s Guide To Penetration Testing.