View Full Version : Vunerable acc to Symantec; now what?


flapsforty
19th Sep 2004, 17:11
Window XP, IE 6 ( I think), Norton Antivirus.
Stopzilla and Adaware installed.

As suggested by Out of Trim on another thread, I have just run http://security.symantec.com/sscv6/default.asp?productid=symhome&langid=in&venid=sym
expecting, as a a faithful follower of all stickies-advice on this forum, to come out clean as a whistle. ;)

I didn't. :*

It tells me that my PC is vulnerable to hackers, because I have an open port. Huh? It gives Ping, loc-srv and Windows NT / 2000 SMB as open. It tells me I need a personal firewall.
Here was me thinking that I had that with my Norton, but apparently not.

PC also vulnerable to Trojans due "Unused Windows Services Block" times 2.

Any advice or links to previous threads on the subject recieved with humble gratitude.



amanoffewwords
19th Sep 2004, 17:40
f40,

Have you got the Windows XP built-in firewall switched on?

The Microsoft site has instructions re how to switch on/check it is on: see here (http://www.microsoft.com/athome/security/protect/windowsxp/firewall.aspx)

Might be also worth checking you have all the latest updates from Windows Update (though I'm not sure whether to recommend SP2 or not)

hth
Charles

ORAC
19th Sep 2004, 18:35
Download and install ZoneAlarm. (http://www.zonelabs.com/store/content/company/products/znalm/freeDownload.jsp?lid=zaskulist_download) It is better than the MS firewall because it protects you not only from incoming probes but outgoing attempts from trojans etc.

Then go to GRC (http://www.grc.com/default.htm) and run ShieldsUP and LeakTest. Shoot The Messenger is also useful...

Out Of Trim
19th Sep 2004, 18:50
Oops - Sorry Flaps!

My PC also showed a few ports open too, but also carried out a further check on Shields UP - and all common and Service ports showed fully stealthed - 100%.

Try testing ports here:- http://www.grc.com/x/ne.dll?rh1dkyd2

Hmmm - I wonder if they're just trying to scare us into buying their Firewall software! :suspect:

However, I did remove a virus from a work PC using the Virus checker option recently.

I run Norton Antivirus 2003 and free version of Zone Alarm personal Firewall at the moment and am so far very pleased with both.

Only had 3 viruses detected so far and all were caught and quarantined immediately.. so no infection! :ok:

-- oops again

ORAC - well done - our posts crossed.. sounds like I was on the right lines then!

ORAC
19th Sep 2004, 23:03
Great minds think alike.....and fools seldom differ.... :(

flapsforty
20th Sep 2004, 16:52
Thank you gentlemen; XP firewall set up as per instructions here. One hole plugged.

However, the more I read, the more confused I get about hoq to really stop these barstewards frum stuffing up my PC. :*

Zone Alarm and Sybot for example; they sound like the kind of thing one should not be without. But i have read that they can create havoc when run together with Adaware, which I already have installed and am pleased with.
Have also read that some of these downloads themselves put spyware on one's PC.
What is an ignoramus to do? :confused:

(I don't mind paying for stuff BTW, just looking for things that are worth the money because they really do the job)

Bewildered from Norway.

Out Of Trim
21st Sep 2004, 00:58
Flaps 40,

Just protect yourself as much as possible.

I run, adaware, spybot , Norton Antivirus and Zone Alarm all together, and no problems experienced at all.

I don't think adaware does anything until you select scan anyway.

Spybot seems a bit better in that it stops some spyware even installing while browsing.. It often warns Doubleclick blocked etc.

It appears that if you don't bother these days you will get multiple virus and spyware infections within minutes wherever you browse.

Barstewards indeed!:{

Ausatco
22nd Sep 2004, 07:52
Flaps,

I run Spybot, Adaware, PestPatrol, ZoneAlarm and PCCillin all together with no probs. I filter popups with Webwasher (highly recommended) and spam with Mailwasher and Benign, in addition to the ZoneAlarm attachment filter.

But I'm not paranoid:ooh: And, touch wood, I haven't been infected.:D

Out Of Trim Try testing ports here:- http://www.grc.com/x/ne.dll?rh1dkyd2

Hmmm - I wonder if they're just trying to scare us into buying their Firewall software! GRC is not flogging firewall software, he just evaluates it and heaps well deserved scorn on pretenders, while praising the good ones. We could all do worse than take his advice, IMO, though there are some that don't like him.

Mostly those who he's exposed as shams and rip-off merchants hiding behind marketing technobabble.

AA

Evo
22nd Sep 2004, 09:15
We could all do worse than take his advice, IMO, though there are some that don't like him...Mostly those who he's exposed as shams and rip-off merchants hiding behind marketing technobabble.


If you ignore the hyperbole then he's quite good, and we certainly could do worse than take his advice - he has been very good at publicising some imporant points.

My only irritation with him, which is, as far as I can tell, quite widely shared, is that he comes across as a shameless self-promoter with an apparent inability to recognise the work of others. That's probably why there's a fair bit of antipathy towards him; it isn't his advice, per se, rather the way in which he gives it.

flapsforty
22nd Sep 2004, 20:55
OK, downloaded Spy Bot. If that and Ad Aware run without biting eachother (and without doing my head in) I will venture forth and get Zone Alarm.

Funny how the rest of the family takes zero interest in the systems wellbeing, refuse to learn even how to do a defrag while I'm away but start moaning and requesting help as soon as anything goes haywaire.
I'm like One-Eye, Queen in the land of the blind here at home. :rolleyes:

Thanks to the kind gentlemen in this forum, at least I scrape by! :ok:

mikedurward
22nd Sep 2004, 21:39
Hiya Flaps,

The easiest way to stop getting spam, adds or virus is to hide behind a router of somekind. I use a netgear dg 834g. Costs around 100 and have been virus free for 3 months now. No ads or spam either

Mike

Out Of Trim
24th Sep 2004, 07:51
Ausatco - I concur,

I was actually referring to Symantec's Firewall but, I didn't make it clear enough! As above, Shields up! said all ports stealthed; so was quite happy!

Byrna
26th Sep 2004, 13:59
Hi FlapsForty,

Zone Alarm and AdAware may have issues only if you have, I believe, the full version of Adaware which is payware and it constantly monitors your system for various spyware etc so it is always loaded and running ... I use Adaware only when required and no problems. Make sure, before you run Adaware, say once a week or once a month as you see fit, that you update the signature files so it scans for the latest spyware out there. The adaware signature files can be downloaded automatically from adaware and installed, as long as you are connected to the internet first.

**ROUTER: As suggested by MikeDurward, the router alternative is probably the perfect choice, as it completely hides your PC's IP address, even from your Internet Service Provider - or ISP. The router is a device to which your modem would connect. The modem connects directly to the "outside" - this outside is your ISP. But there is the router in between your PC and your modem so in essence, your computer is completely "inside" a physically (hardware) protected area and is never exposed to the internet. The good router has password protection and thus should be quite resistant to hacking and security compromises and also uses encryption to "scramble" data, making any hacker intercepting your personal info, unable to read it as it is encrypted (e.g. I saw a DLINK router in the store this week which had a maximum of 256-bit encrption.) It is the router which gets an IP address assigned to it by the ISP, not your PC.

** Definition of IP: your IP is your your network ID number. It is made up of those four sets of numbers separated by periods which you may have already seen. For example, 24.64.185.43. This address is unique (or should be in theory) on the internet and can be used to track down your PC. If you have a router, it is the router which has this IP assigned to it and the router is the device which communicates with the outside world - i.e. the internet. Your PC is in turn, assigned an "internal" (or local network) IP address which is "masked" or hidden from the internet by the router. An internal IP address has a specific range and cannot be anything outside of this range - example: 192.168.0.1 (the 192.168.x.y is one of the possible ranges used in internal or "private" IP network addressing and is also used for internal company networks). If it is outside the range, then it can be risking being a duplicate with an internet or external IP address and you'll have issues with connectivity to the internet.

** ZONEALARM VERSUS ROUTER: The difference between how ZoneAlarm or another "software" firewall works and how a router or "hardware" firewall (or one type of firewall for there are other more sophisticated computer/PC-based firewalls) is this: Zone Alarm cannot hide your IP address when it is requested by your ISP for otherwise, you won't be able to connect or maintain a connection to your internet as your ISP will disconnect you if you stop transmitting your "identity" which is done regularly by your PC. This is the "ping" or possibly other methods used by each ISP to make sure a PC is still connected to their service. ZoneAlarm does block many attempts of various kinds to communicate with your PC but cannot block your IP address at all times due to the above reason but will block transmission of your IP under certain conditions where it is not considered essential to maintain communication (e.g. communicating with the ZoneLabs support site, which is an option in ZA).
A router has its own IP address which can be arranged and configured to work with your ISP. It is the router which handles communication of your "identity" to your ISP, not your PC, transmitting its own EXTERNAL IP address periodically when requested by the ISP, so your PC does not have to do anything to communicate "directly" with the internet but rather communicates indirectly via the intermediary of your router.

So with a router, you have two IP addresses then: (1) an EXTERNAL IP address for the internet and (2) an INTERNAL IP address for your PC to communicate and be recognized by the router. This "cushion" created by the router makes your PC physically invisible at the HARDWARE level to the internet.

I hope I made sense about all this.

If you have any questions, let me know.

John

:uhoh: