I've had broadband since December of 2000. In that time:
(1) I've never run a firewall of any kind.
(2) I've used various P2P software on and off.
(3) I've never had a problem, break-in, virus, trojan or *anything* wrong.
(4) The last virus I had was back in 1988, after installing a DOS game on a 286 machine.
So am I some kind of genius, or are people too paranoid? I use Win98SE, I don't use MS mail software, I scan for viruses & trojans occasionally (fruitlessly, never had one), I keep updated with patches & fixes, everything is set up correctly (that means Windows scripting is disabled). That's all.
Full Version: Am I a genius, or are people paranoid?
As long as I have patched all of my software when new patches come out and I run an up-to-date antivirus program, I have never had a virus, trojan, or a hacker in my system. The second I get lazy and don't do it, I definitely increase the risk dramatically and I have been infected as a result. But if I keep everything up-to-date, read the news on the latest virus, trojans, and hacking stuff and am prepared, I have been fine. I don't run a firewall and I am very very smart about what programs I install. I get e-mail viruses all the time, but thanks to Norton Antivirus I never ever get affected and each e-mail is cleaned.
Yeah, e-mail viruses are all most people will have to worry about. In a corporate environment, however, Win9x on a server will get you killed. Most people will never have to worry about the security risks, though. I don't have any kind of firewall on my system, but I still pass these kinds of tests with flying colors. Disabling services such as Messenger and Remote Registry Access (This kind of stuff is under NT based OSes) will help immensely.
QUOTE(fewtch @ Mar 16 2003 - 12:12 PM)
I've had broadband since December of 2000. In that time:
(1) I've never run a firewall of any kind.
(2) I've used various P2P software on and off.
(3) I've never had a problem, break-in, virus, trojan or *anything* wrong.
(4) The last virus I had was back in 1988, after installing a DOS game on a 286 machine.
So am I some kind of genius, or are people too paranoid? I use Win98SE, I don't use MS mail software, I scan for viruses & trojans occasionally (fruitlessly, never had one), I keep updated with patches & fixes, everything is set up correctly (that means Windows scripting is disabled). That's all.
(1) I've never run a firewall of any kind.
(2) I've used various P2P software on and off.
(3) I've never had a problem, break-in, virus, trojan or *anything* wrong.
(4) The last virus I had was back in 1988, after installing a DOS game on a 286 machine.
So am I some kind of genius, or are people too paranoid? I use Win98SE, I don't use MS mail software, I scan for viruses & trojans occasionally (fruitlessly, never had one), I keep updated with patches & fixes, everything is set up correctly (that means Windows scripting is disabled). That's all.
The thing is it only takes one hacker, one virus to cause huge problems (with some people more than others) on an unprotected PC. I've used various P2P programs with winmx I would get a virus, trojan detected by PC Cillin once in a blue moon with Kazza about 1:5 files, crack, porn sites 1:5 & with DC hubs I think I may have only once.
How are you sure that nobody breaks into your PC without using a firewall?
Before I installed a firewall, I believe that also. But after installing Kerio personal firewall, I saw that every day a new person was trying to break into my pc.
Before I installed a firewall, I believe that also. But after installing Kerio personal firewall, I saw that every day a new person was trying to break into my pc.
QUOTE(_random_ @ Mar 15 2003 - 06:28 PM)
Yeah, e-mail viruses are all most people will have to worry about. In a corporate environment, however, Win9x on a server will get you killed. Most people will never have to worry about the security risks, though. I don't have any kind of firewall on my system, but I still pass these kinds of tests with flying colors. Disabling services such as Messenger and Remote Registry Access (This kind of stuff is under NT based OSes) will help immensely.
Hey thanks... those tests showed my NetBIOS ports were open (altho I have file & printer sharing disabled, of course). I installed NetBEUI (in addition to TCP/IP) and the problem went away, altho access seems very slightly slower than before. Muchas gracias!
Edit -- maybe not... oh well.
QUOTE(Pri3st @ Mar 15 2003 - 06:20 PM)
How are you sure that nobody breaks into your PC without using a firewall?
Before I installed a firewall, I believe that also. But after installing Kerio personal firewall, I saw that every day a new person was trying to break into my pc.
Before I installed a firewall, I believe that also. But after installing Kerio personal firewall, I saw that every day a new person was trying to break into my pc.
Most 'personal firewalls' report an 'attack' every time someone does a scan on your IP. It is highly unlikely that anyone is targetting you personally - all they're doing is scanning for open ports to use later.
I also don't run a virus scanner or firewall and have never had any issues.
Well, I believe that a home computer is relatively safe if you don't do anything foolish. That is opening a mail from someone you don't know or opening a mail with a topic that cleary do not consern you.
Of course you have to keep away from download weird programs (etc. programs to get access to porn).
Only virus I have had was when I was stupid enough to download black orifice just to check it out.
My father have had the nimda virus too when he was stupid enough to open a weird mail.
Of course you have to keep away from download weird programs (etc. programs to get access to porn).
Only virus I have had was when I was stupid enough to download black orifice just to check it out.
My father have had the nimda virus too when he was stupid enough to open a weird mail.
If you're only scanning and not running a real-time virus scanner then you could have viruses and never know about it - quite a number of newer viruses cripple antivirus software when they install themselves.
I can promise you that getting rid of one single virus outbreak can take enough time and effort to have made it worth your while installing and maintaining good realtime antivirus.
BUT, I think most personal firewalls are a pain in the bum.
I get three or four complaints from our ISP each month about one of our users 'hacking' someone's PC.
The complainer is always running some piece of sh*t personal firewall that lists any activity on any port as a hack attack.
A good half of them have kazaa running, and report connections to port 1214 as hack attempts.
I wouldn't normally mind these complete nonces existence, but they always email our ISP with a tone of voice implying they're security experts for a military installation.
It takes an annoying amount of time to go through our logs to confirm that they're actually DSL users running Kazaa and relay this information to our ISP.
A good firewall for home users would surely just block all of their SMB traffic and let them set up NAT the way they liked it.
I can promise you that getting rid of one single virus outbreak can take enough time and effort to have made it worth your while installing and maintaining good realtime antivirus.
BUT, I think most personal firewalls are a pain in the bum.
I get three or four complaints from our ISP each month about one of our users 'hacking' someone's PC.
The complainer is always running some piece of sh*t personal firewall that lists any activity on any port as a hack attack.
A good half of them have kazaa running, and report connections to port 1214 as hack attempts.
I wouldn't normally mind these complete nonces existence, but they always email our ISP with a tone of voice implying they're security experts for a military installation.
It takes an annoying amount of time to go through our logs to confirm that they're actually DSL users running Kazaa and relay this information to our ISP.
A good firewall for home users would surely just block all of their SMB traffic and let them set up NAT the way they liked it.
Another thing that has virtually guarenteed that I will never get infected with a virus is the fact that Norton Antivirus (since the 2001 version) automatically updates its virus definition files. I never have to worry about not being protected from the latest e-mail virus. Gotta be one of the greatest inventions in personal computer security in a long time.
The fact that on Windows 2000 and XP you also have an automatic update notifier is a huge step in the right direction too. No longer do I have to keep checking Windows Update anymore. When a critical update is released, I usually get a notification the same day and within hours I have it installed. I also keep up with all the latest service packs for Windows, Internet Explorer, and Office.
Running Ad-Aware gets rid of all of those pain in the butt ad programs that magically appear on systems (Gator anyone?). Helps big time in stability too.
Finally, I switched web browsers to Phoenix, a Mozilla-based browser. Never have to worry about ad-ware that install via an ActiveX control, never have to worry about the latest IE exploit that STILL hasn't been patched, and so on.
The fact that on Windows 2000 and XP you also have an automatic update notifier is a huge step in the right direction too. No longer do I have to keep checking Windows Update anymore. When a critical update is released, I usually get a notification the same day and within hours I have it installed. I also keep up with all the latest service packs for Windows, Internet Explorer, and Office.
Running Ad-Aware gets rid of all of those pain in the butt ad programs that magically appear on systems (Gator anyone?). Helps big time in stability too.
Finally, I switched web browsers to Phoenix, a Mozilla-based browser. Never have to worry about ad-ware that install via an ActiveX control, never have to worry about the latest IE exploit that STILL hasn't been patched, and so on.
QUOTE(264556 @ Mar 16 2003 - 02:15 PM)
BUT, I think most personal firewalls are a pain in the bum.
I get three or four complaints from our ISP each month about one of our users 'hacking' someone's PC.
The complainer is always running some piece of sh*t personal firewall that lists any activity on any port as a hack attack.
A good half of them have kazaa running, and report connections to port 1214 as hack attempts.
I get three or four complaints from our ISP each month about one of our users 'hacking' someone's PC.
The complainer is always running some piece of sh*t personal firewall that lists any activity on any port as a hack attack.
A good half of them have kazaa running, and report connections to port 1214 as hack attempts.
WHICH firewalls are a pain in the bum?
All personal firewalls i know state clearly that NOT any message indicates someone is trying to hack into teh yuor pc, that not everything is critical and that the users should note this and check what the message means before taking an action like contacting their ISP.
The problems ISPs are having are with stupid people who don't RTFM that's all, you can't blame the software for it.
QUOTE(Pri3st @ Mar 16 2003 - 03:20 AM)
How are you sure that nobody breaks into your PC without using a firewall?
Before I installed a firewall, I believe that also. But after installing Kerio personal firewall, I saw that every day a new person was trying to break into my pc.
Before I installed a firewall, I believe that also. But after installing Kerio personal firewall, I saw that every day a new person was trying to break into my pc.
Someone tries breaking into my PC at least once a week! Lucky for me I know a thing or 2 about computer security
LOL http://www.dslreports.com/scan freezes when scanning my pc. haha.
i've got a stateful-inspection firewall which is built in into my hardware router.
monitor.dslreports.com scanning 80.129.60.130..
does NOT respond to a ICMP ping
does NOT respond to a TCP ping
does NOT respond to a UDP ping
Probing TCP ports with SYN packets
the smnp manager shows a port scan, closed the port and denied any further access from that ip.
i've got a stateful-inspection firewall which is built in into my hardware router.
monitor.dslreports.com scanning 80.129.60.130..
does NOT respond to a ICMP ping
does NOT respond to a TCP ping
does NOT respond to a UDP ping
Probing TCP ports with SYN packets
the smnp manager shows a port scan, closed the port and denied any further access from that ip.
QUOTE(Xenion @ Mar 16 2003 - 09:25 PM)
LOL http://www.dslreports.com/scan freezes when scanning my pc. haha.
i've got a stateful-inspection firewall which is built in into my hardware router.
monitor.dslreports.com scanning 80.129.60.130..
does NOT respond to a ICMP ping
does NOT respond to a TCP ping
does NOT respond to a UDP ping
Probing TCP ports with SYN packets
the smnp manager shows a port scan, closed the port and denied any further access from that ip.
i've got a stateful-inspection firewall which is built in into my hardware router.
monitor.dslreports.com scanning 80.129.60.130..
does NOT respond to a ICMP ping
does NOT respond to a TCP ping
does NOT respond to a UDP ping
Probing TCP ports with SYN packets
the smnp manager shows a port scan, closed the port and denied any further access from that ip.
I'm curious witch router/firewall you have.
I know that the software router "winroute pro" also uses stateful-inspection.
Do you know more manufacturer's who also make stateful-inspection firewall's?
I think updating your server is not paranoia is it?
Logfile from my webserver last weekend (removed the IP addresses and normal traffic):
edit: Sorry, i had to remove this. Ruined page formatting.
Logfile from my webserver last weekend (removed the IP addresses and normal traffic):
edit: Sorry, i had to remove this. Ruined page formatting.
QUOTE(chrisgeleven @ Mar 16 2003 - 07:36 PM)
Another thing that has virtually guarenteed that I will never get infected with a virus is the fact that Norton Antivirus (since the 2001 version) automatically updates its virus definition files.
It occurs that the virus definition files is only updated once the Norton crew is notified that a virus has started doing some havoc.
Besides, according to a benchmark one or two years old, Norton was able to detect 80 % only of the viruses used for the test (including some old or uncommon viruses).
I ran Norton Antivirus some years ago, updated monthly, and a virus nonetheless broke through and killed the file system of the hard disc.
In the meantime, after deleting Norton DLLs, it renamed autoexec.bat to totoexec.bat. I've never found any mention of totoexec.bat in the Norton virus encyclopedia, nor anywhere in the web.
@WaldoMonster
That is minimal in terms of malicious traffic. You should see some of the logs I am sporting.
l-user log for a slow day on my private linux server. I had one error log of such erronious accesses for one day that ran into 4000+ such tries. And the logs for my sites hosted professionaly. They dwarf them easily.
There should be three morals to the story.
1. Microsoft Windows is the worst coded and secured OS on the face of the earth and possibly the rest of the galaxy and universe.
2. Running Windows as a public server is not for the meak or timid. Not that you have to be a "MAN" to run a public Windows server. Clinical insanity or massochism are the only pre-requisites IIRC.
3. Anyone deciding to run a public Windows server should be shot and put out of their misery.
But what should worry you is the fact that most of these attacks are not specific to MS Windows Server or such products. Nope. The fact is with IIS etc any Windows NT OS is just as vulnerable. That includes Windows XP home eddition. And I hear in the next release Microsoft is going to integrate IIS with even the home version. People love personal web servers on their home broadband connection. I have a feeling that all this poor coding and security are done on purpose. Since Microsoft does not run or own the internet nor will they likely ever. If they proppagate bad software all over the world that is connected to the internet. Some day soon an attack could be launched(of which Microsoft will have total deniability in terms of responsibility) that will totally choke, strangle, rape, and bring the network completely to it's knees from virus generated traffic. In swoops Microsoft saying that they will replace the internet with a network built in their own image. But now not only will you have to pay a charge for a monthly connection. You will also have a monthly charge for the hardware to connect you and the Microsoft software it uses. There will also be a per "data packet" charge. And last but not least a per site visit charge(you can be sure than non-MS owned/opperated sites will have a much more heafty fee). Code Red etc was only a small taste. Microsoft is the biggest liability on the Internet period. Don't be looking at me all paranoid like. Especially if you have no good rebuttal. It is not that far fetched. In fact it is nearly plausable.
Oh and fewtch in response to your title for the thread. You are not a genius. People are not paranoid. To put it plain simple/sweet. You are just damned lucky.
That is minimal in terms of malicious traffic. You should see some of the logs I am sporting.
l-user log for a slow day on my private linux server. I had one error log of such erronious accesses for one day that ran into 4000+ such tries. And the logs for my sites hosted professionaly. They dwarf them easily.
There should be three morals to the story.
1. Microsoft Windows is the worst coded and secured OS on the face of the earth and possibly the rest of the galaxy and universe.
2. Running Windows as a public server is not for the meak or timid. Not that you have to be a "MAN" to run a public Windows server. Clinical insanity or massochism are the only pre-requisites IIRC.
3. Anyone deciding to run a public Windows server should be shot and put out of their misery.
But what should worry you is the fact that most of these attacks are not specific to MS Windows Server or such products. Nope. The fact is with IIS etc any Windows NT OS is just as vulnerable. That includes Windows XP home eddition. And I hear in the next release Microsoft is going to integrate IIS with even the home version. People love personal web servers on their home broadband connection. I have a feeling that all this poor coding and security are done on purpose. Since Microsoft does not run or own the internet nor will they likely ever. If they proppagate bad software all over the world that is connected to the internet. Some day soon an attack could be launched(of which Microsoft will have total deniability in terms of responsibility) that will totally choke, strangle, rape, and bring the network completely to it's knees from virus generated traffic. In swoops Microsoft saying that they will replace the internet with a network built in their own image. But now not only will you have to pay a charge for a monthly connection. You will also have a monthly charge for the hardware to connect you and the Microsoft software it uses. There will also be a per "data packet" charge. And last but not least a per site visit charge(you can be sure than non-MS owned/opperated sites will have a much more heafty fee). Code Red etc was only a small taste. Microsoft is the biggest liability on the Internet period. Don't be looking at me all paranoid like. Especially if you have no good rebuttal. It is not that far fetched. In fact it is nearly plausable.
Oh and fewtch in response to your title for the thread. You are not a genius. People are not paranoid. To put it plain simple/sweet. You are just damned lucky.
Russian Kaspersky Antivirus is IMHO most effective solution (finds more viruses than other programs):
http://www.kaspersky.com/
I`m using it from 5 years (KAV is formerly AVP).
F-prot for dos (free fro personal use) is quite good also:
http://www.f-prot.com/products/fpdos.html
http://www.kaspersky.com/
I`m using it from 5 years (KAV is formerly AVP).
F-prot for dos (free fro personal use) is quite good also:
http://www.f-prot.com/products/fpdos.html
QUOTE(WaldoMonster @ Mar 17 2003 - 12:24 AM)
QUOTE(Xenion @ Mar 16 2003 - 09:25 PM)
LOL http://www.dslreports.com/scan freezes when scanning my pc. haha.
i've got a stateful-inspection firewall which is built in into my hardware router.
monitor.dslreports.com scanning 80.129.60.130..
does NOT respond to a ICMP ping
does NOT respond to a TCP ping
does NOT respond to a UDP ping
Probing TCP ports with SYN packets
the smnp manager shows a port scan, closed the port and denied any further access from that ip.
i've got a stateful-inspection firewall which is built in into my hardware router.
monitor.dslreports.com scanning 80.129.60.130..
does NOT respond to a ICMP ping
does NOT respond to a TCP ping
does NOT respond to a UDP ping
Probing TCP ports with SYN packets
the smnp manager shows a port scan, closed the port and denied any further access from that ip.
I'm curious witch router/firewall you have.
I know that the software router "winroute pro" also uses stateful-inspection.
Do you know more manufacturer's who also make stateful-inspection firewall's?
i'm using a Lancom 1621/ISDN-DSL
i'm really proud of it because it'S the best piece of hardware i have in my house. the software is perfect, the options of the router are unbelieable and it's stable. i never had to resync or something. i'm online now for half a year or so. big firms use this router also just because it's better than many other router which cost 10000$. this router costs something like 400€. i think it's not so popular in other countries but that's because it's a new german manufactor which didn't make too much promotion in other countries. Lancom was ELSA sometime ago but ELSA is dead now so they founded a new firm which only does this networking stuff.
http://www.lancom-systems.de/produkte/lc_1...1_adsl_isdn.php
QUOTE(fewtch @ Mar 15 2003 - 06:20 PM)
Hey thanks... those tests showed my NetBIOS ports were open (altho I have file & printer sharing disabled, of course). I installed NetBEUI (in addition to TCP/IP) and the problem went away, altho access seems very slightly slower than before. Muchas gracias!
Edit -- maybe not... oh well.
Edit -- maybe not... oh well.
If you were using NT/2K/XP, I would tell you to disable the TCP/IP NetBIOS Helper Service. Unfortunately, I don't think you can disable NetBIOS in 9x without killing your internet access. I don't know your situation, but this might be related to your problem. I would almost certainly disable file/print sharing if it is active. Aside from upgrading to a newer OS (Avoid ME like the plague), this might be your only option. Hope it helps.
I've been using win98 for years without firewall antivirus etc, just didnt do stupid things... running The Bat! as emailclient (wonderfull!) and Mozilla for webbrowsing, so most virussus wont get in. and I watch my system...
and now Im on linux, so I wont have to worry at all ;-)
and now Im on linux, so I wont have to worry at all ;-)
I think AVG Personal Edition (free outside of europe) is good. After countless issues with Norton Antivirus (including buying 21 licenses for nothing, because updates stop coming after 3 months) i decided to discard it completely. Also, the first thing viruses love to do, is to bypass the AntiVirus. And Norton is just plain too much resource intensive.
For Spyware, in the past Adaware was nice, but its not as good as Spybot Search & Destroy which is also freeware and much better done.
The firewall is done in another FreeBSD machine acting as a router/gateway, a good ol' pentium 100 with 2 LAN cards can do much better than any 1000$ router will ever do, and even some more, such as serving a little home web server, bandwidth control, and added things like that.
For Spyware, in the past Adaware was nice, but its not as good as Spybot Search & Destroy which is also freeware and much better done.
The firewall is done in another FreeBSD machine acting as a router/gateway, a good ol' pentium 100 with 2 LAN cards can do much better than any 1000$ router will ever do, and even some more, such as serving a little home web server, bandwidth control, and added things like that.
When I got broadband it was only a few days before I was hacked on a linux system. I think the key was that
my kids accounts were their (common) first names, so easy to guess, and their passwords were the same. I forgot to
start enforcing real password rules when we went full-time on line.
They set up an IRC bot running off files in a hidden directory. I never would have known if I hadn't seen an unexpected
process and decided to track it down. The logs showed the remote access was from an IP address at a prison.
edit: this irc bot was running for several months before I spotted it. As I said, it was installed just a few days after we
got the cable modem.
my kids accounts were their (common) first names, so easy to guess, and their passwords were the same. I forgot to
start enforcing real password rules when we went full-time on line.
They set up an IRC bot running off files in a hidden directory. I never would have known if I hadn't seen an unexpected
process and decided to track it down. The logs showed the remote access was from an IP address at a prison.
edit: this irc bot was running for several months before I spotted it. As I said, it was installed just a few days after we
got the cable modem.
Yeah. No ammount of security can save you from a weak password. Good thing Windows XP does not even suggest people use passwords. 
The only virus that I have ever received was when I downloaded it and executed it on a windows 3.11/DOS machine.... I was young and stupid. I do not worry about them at all now, and as for e-mail worms and whatnot, they are not actually "e-mail worms" they are bugs exploited in MS's outlook express, which (this may come as a suprise), is not the only e-mail client out there, just the most bloated/insecure. And virii on linux..Ha.
QUOTE(cjanscen @ Mar 20 2003 - 01:06 AM)
MS's outlook express, which (this may come as a suprise), is not the only e-mail client out there, just the most bloated/insecure. And virii on linux..Ha.
I hope they have wised up, but the thing about MS mail program was not JUST that it is popular, but
you couldn't disable it from automatically malicious code imbedded in the message.
This is still a major means for spammers to verify your address.. there are instructions in the
mail message to download an image from the spammer's web site. The image might have an address
in essence: "http://www.spammer.com/verify_sucker_address_234532.jpg"
On my mail program the default is not to download images, so you can tell the spam by it's empty areas.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.