Computer help thread

[piojita]

I have heard that proper configuration of the firewall is more important than any other security measure. But I haven't found any instructions on how to actually do it and I don't think many people know about these things...any ideas??

Quote:

Originally posted by denial
1. Run Windows Update Regularly [ set to automate download]
2. Run Anti-virus update Regularly [ automate update]
3. Install Firewall

Apparently the automatic anti-virus program updates could be used by troyans to access the net unnoticed, so you should'nt let the firewall access the net at any time.

[denial]

piojita, if you download the Zone Alarm .. its almost perfect with intruction and advice .. (beside it configured with novice/expert option) .. I think its really build for end-user who doesn't know much about network... I just installed it last night ..

.. and if someone try to let say 'telnet' your PC .. it will block it.. then you can click on "more info" .. and it will advice you what to do .. and it even have "Hacker ID" in the info page .. which also show you the map of location where that attack came from .. I mean real map ..like Japan map and show the city .. and you can even report the abuse .. rather than just sit there and not knowing what to do .. they will gather the report and analyse the patern and decide if its hostile or not.

I think it very cool .. and for purpose of learning too .. .. but it only came with the PRO version . but you get to try it for 15 days ..the free version does not have that hacker id option and more .. but still a firewall..

Quote:

But I haven't found any instructions on how to actually do it and I don't think many people know about these things...any ideas??

hmmm ..to me ..internet for new user .. its something like learning to drive .. you can't read from book and become a good driver.. you have to get experience from it .. then you'll learn to drive good ... its a big network out there ..

If you don't want to download the virus-dat automatic .. you can download it manually from the anti-virus site .. and run it ..

Quote:

Apparently the automatic anti-virus program updates could be used by troyans to access the net unnoticed,

.. I am trying to think about how is that possible... DNS manipulation? how did the trojans gets in that pc in the first place.. and change anti-virus software configuration ..change the config file .. ? .. I read this issue before .. so I am used to downloading the virus update manually too .. but I don't know whats the technical story behind it .. maybe I'll find out someday ..

[rosh]

piojita if you have specific questions about specific firewalls and their configuration or set up, im sure at least one person on the forum will probably have it installed as well and would be able to assist

for example, i know how to configure a netscreen, [its a firewall box], zone alarm, norton personal firewall etc.

please feel free to ask

[denial]

Its a weird day today ... from one of the newsletter in my inbox.

Quote:

::: NT/2000 RELATED NEWS

Redmond Attacks Linux Directly

I actually like this. MS is taking Linux seriously. This is good news. Competition keeps everybody on their toes with great benefits to the users. Redmond unleashed a new campaign against Linux. Even created a whole site for people to peruse, and they have a multi-million dollar ad campaign going. The site compiles a bunch of data that 'proves' that the Windows platform is cheaper to use and develop applications on than Linux. Check it out. Redmond feels the heat!
http://www.w2knews.com/rd/rd.cfm?id=...RN-MS_vs_Linux

[QueenBee]

Hehe. They're so stupid

[haku]

Windows is cheaper? LMAO Expensive piece of crap.

MS sucks.

[denial]

oiiii ... you think its only TATU ?? watch Microsoft ! LoL LoL


btw:
Tina .. have you seen this?

Changes to Functionality in Microsoft Windows XP Service Pack 2

WinXPSP2_Documentation.doc

[teeny]

hehe.. thank you for the link, D.
Looks like reading though I'll wait for the SP2 to arrive and then I'll critize the things they missed to correct

[denial]

Why personal firewalls are crucial?

http://www.personalfirewallday.org/


<-- is doing eyes exercise... after all the reading .. LoL

[QueenBee]

denial, you are tooooo funny
You know what? I had an anti virus program for 30 days! It's expired now though.. it was just being annoying. And I didn't have any viruses, thank god. I got Spyretto's advice though. Damn, I miss him.

*Turns happy thread into sad thread*

[nath]

crni ...i'm late but i want to say Thank you very much to you for your help.Now everything is working perfectly

[crni]

Quote:

Originally posted by sunwalk
crni ...i'm late but i want to say Thank you very much to you for your help.Now everything is working perfectly

ur welcome

[piojita]

Quote:

Originally posted by rosh
piojita if you have specific questions about specific firewalls and their configuration or set up, im sure at least one person on the forum will probably have it installed as well and would be able to assist

for example, i know how to configure a netscreen, [its a firewall box], zone alarm, norton personal firewall etc.

please feel free to ask

@ Rosh, Denial Thanks!

I did some more research and found two specific things you can do to increase security with firewalls. One (the most crucial one) is to configure the firewall to warn you every time one program wants to use another to access the internet (like this: Do you want to allow PROGRAM.EXE to use Internet Explorer to access the Internet?) the other one is to block all ports and then open the relevant ones.
I use Norton and Zone alarm (not pro) but can't figure out how to configure them like this, so if any of you guys can help it's very appreciated.

[denial]

Hi piojita, congratulation on the research.

Sorry for late reply.. I havent been to this thread. About the "program.exe" .. yes it can be very tricky there.. as we can't know what all the program's filename for.

While using Zone alaram .. I will click on MORE INFO first .. and read recomendation .. when it tell me to decide myself ..I write down the program name and do the search in google to see what the program related to. So I decide to allow or not.

But if you really-really not sure .. better to BLOCK it .. then you can post here so we can look what its also about.

If the program is okay .. we can later set to allow the program to access internet.

Quote:

One (the most crucial one) is to configure the firewall to warn you every time one program wants to use another to access the internet (like this: Do you want to allow PROGRAM.EXE to use Internet Explorer to access the Internet?) the other one is to block all ports and then open the relevant ones.

I don't have to configure this .. its already default when I install Zone Alarm. When it start running, it already ask me if I want to allow this "program.exe" to access internet or not .. I have to answer some questions at first .... some that is common . I set it to "Remember the asnwer" ... then later not much bothering anymore. And I also set not to show pop-up of blocked alert and I can surf peacefully. Later I will check the log.

To answer your question, when you open Zone Alarm panel, click on the "Program Control" .. there you can see the list of program .. and it's rules.

If you left- click on the [ check or ? or x ] .. you have option to "allow" , "block" or "ask" .. for your question .. you should select "ask" .. so it will ask everytime it want to go to internet.

[piojita]

Quote:

Originally posted by denial
Hi piojita, congratulation on the research.

To answer your question, when you open Zone Alarm panel, click on the "Program Control" .. there you can see the list of program .. and it's rules.

If you left- click on the [ check or ? or x ] .. you have option to "allow" , "block" or "ask" .. for your question .. you should select "ask" .. so it will ask everytime it want to go to internet.

Thanx for answering! yeah zone alarm notifies me when a program wants to access Internet and I always check out the programs before I let them do it. The thing I don't get is how to make zone alarm (and norton) to notify me when one program uses another program to access . For instance the program Explorer can be used by other programs (like troyans) to access Internet. Without this configuration Zone alarm will only ask if you want to let Explorer access and if you choose "allow" you will actually let the troyan access Internet, not only explorer, without knowing it...

[denial]

Quote:

Originally posted by piojita
to notify me when one program uses another program to access .

ohh dang! never thought of it that way!


I've also install the iHateSpam program, and it work with my Outlook Express. When I get a spam, it will mark the spam email, and move it to deleted item folder and send reply to the sender that he/she sending me a spam email.

When my Outlook Express want to reply this spam email, the Zone Alarm will prompt me again of another program asking to access the internet. Those are another iHateSpam program with task to send mail back to the sender.

**But I'm not sure if this related to your doubt.

Another example is I open 'filename.doc' using Internet Explorer. And it just open the file, even inside Internet explorer, its use Microsoft Word. But in this case.. its not Microsoft Word that going out to the internet .. just open the file in it already downloaded.

** okay so now I'm trying to open using Adobe Acrobat ..
Same its not asking .. probably same reason with above situation. hmm..

mmm... good news.. I just tried with .asx file to play stream video. Internet Explorer will open Windows Media Player for this .. and the Zone Alarm asked me if I want to allowed wmplayer.exe to access too 127.0.0.1:2050

Ohh .. and the destination is local .. but still it prompt for permission ..

So I click on More Info:


127.0.0.1 is a loopback address, not a valid Internet IP address

A loopback address is a special IP address that a computer uses to refer to itself. Many Windows programs send information to the loopback address before sending information out to the network or to the Internet. Some programs may use the loopback address even when they are not about to send information to the network or the Internet, due to some peculiarities in the way Windows handles TCP/IP.

Any address that begins with "127" is a loopback address. The most commonly used loopback address is 127.0.0.1.

This address cannot be used as the IP address of a computer on the Internet. It only has meaning on the computer that generated it. Therefore, if this is an inbound alert, the source address was probably forged in order to hide the identity of the sender.

Now I'm gonna click 'Yes' ..okay the video is play .. but the destination is loopback.

What else?

I tried windowsupdate website . but I have nothing to update and Zone Alarm didn't asked me anything to allow or not. Maybe later ....


------

Then I use ICQ to view my contact "User's Unified Mesaging Center" which will open Internet Explorer. No it didnt asked if I want to allow or block IE to access internet .. because the rules already allowed IE to access internet.

I change the rule to set IE to "ask"

I did ICQ thing again .. and Zone Alarm did asked me if I want to allowed IE to access internet.

-----

There is another setting in Zone Alarm Program Control -- Main - highlight the IE .. at the bottom right .. click on "Option" .. there you can check "This program may use other programs to access internet" .. mine is set to UNCHECK.

In Zone Alarm Program Control -- Components - you can see details of components (DLL files) - same way .. you can set them to 'allow" or ask.

-----


...If its trojan .. then its anti-virus's task I think.

BUT .. let say its a trojan .. an act as a server in computer .. definetely Zone Alarm will alert because its a new program want to access internet an act as a server to accept connection from internet.

Or trojan that act as client trying to access to its server on internet.... if it using IE .. I think it can go through.

I use telnet to access a website. Zone Alarm prompted me of telnet.exe wants to access internet --


*waits for Rosh* ..


Added:
Piojita ... you can also try Zone Alarm Forum.

http://forums.zonelabs.com/zonelabs

[DAZ]

Hi people!!!
I was just checking through my Hotmail account and noticed some suspicious looking e mails about 24k in size with attachments!!
Thought i'd warn you all to keep your eyes open for these!!!
Its one of those mass mailing worm things again!!!
Without getting technical(as i couldn't even if i wanted to)
Hers what to look out for in your e mail title etc

The email has the following characteristics:

From: <spoofed>

Subject: (One of the following)
Re: Your website
Re: Your product
Re: Your letter
Re: Your archive
Re: Your text
Re: Your bill
Re: Your details
Re: My details
Re: Word file
Re: Excel file
Re: Details
Re: Approved
Re: Your software
Re: Your music
Re: Here
Re: Re: Re: Your document
Re: Hello
Re: Hi
Re: Re: Message
Re: Your picture
Re: Here is the document
Re: Your document
Re: Thanks!
Re: Re: Thanks!
Re: Re: Document
Re: Document

Body: (One of the following)
Your file is attached.
Please read the attached file.
Please have a look at the attached file.
See the attached file for details.
Here is the file.
Your document is attached.


Attachment: (One of the following)
your_website.pif
your_product.pif
your_letter.pif
your_archive.pif
your_text.pif
your_bill.pif
your_details.pif
document_word.pif
document_excel.pif
my_details.pif
all_document.pif
application.pif
mp3music.pif
yours.pif
document_4351.pif
your_file.pif
message_details.pif
your_picture.pif
document_full.pif
message_part2.pif
document.pif
your_document.pif

If you manage to get this worm click here for the removal tool and other info!!!

http://securityresponse.symantec.com...tsky.d@mm.html


Hope this is of help to you all!!!

[goku]

Haven't been here in a while. I haven't missed anything (important), have I?

DAZ, thanks. New worms and viruses nowadays can generate random messages in their subject line, creating a deceptive look. Make sure you never open an e-mail if you don't know who sent it, and definately do not download unknown attached files.

[teeny]

Quote:

my_details.pif

I got that one.. the sender was from Russia.. I was so tempted to click it

Thank you for the warning DAZ.. Better check my system for virus one more time.

[Veggie Delite]

check out this website (tests if u'r firewall works ok)
http://grc.com

some advices:
http://grc.com/su-fixit.htm