Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet

From: sponge (yosponge_at_yahoo.com)
Date: 01/31/04


Date: 31 Jan 2004 10:00:19 -0800

On 30 Jan 2004 18:50:39 -0800, heyimjustcurious@yahoo.com (curious)
wrote:

>yosponge@yahoo.com (sponge) wrote in message news:<8d76ec03.0401301159.638e56a5@posting.google.com>...
>> heyimjustcurious@yahoo.com (curious) wrote in message news:<ca3e516b.0401300047.53ba0d08@posting.google.com>...
>
> <snip for brevity>
>
>> >
>> > Would you recommend a name. I don't mine the cost. I want to
make
>> > sure about the secuirty.
>>
>> Make sure it is a router and FIREWALL. Some are just routers and
are
>> numbered similarly to the firewalls. While those will still offer a
>> lot of protection, the firewall-ish features only cost a few bucks
>> more and can offer some nice stuff like ActiveX blocking, etc.
>
>It will be a while I get the router and do that.
>
>About ActiveX, I have a webhosting account given permanently from
>school where I planned to put a couple of my small school project
that
>uses a little bit of asp, a bit of jsp, a bit of perl (registration
>system) when i took a course for web developing. Will blocking
>ActiveX prevent me from looking at my website after loading the files
>(need to locate those files anyway)? The comcast guy - when came for
>installation - had disabled JavaScript and ActiveX but I have enable
>them recently.

No, you shouldn't have any problems denying ActiveX unless that's
specifically needed, although some .NET applications might use them.
Frankly, you can usually accomplish the same tasks with Java applets,
which are much safer and can be cross-platform.

My hat's off to that Comcast tech; very few even KNOW to disable
ActiveX let alone will take the time. Buy that man a Guiness next time
you see him.

>> Dlink
>> has the 704P which is nice. The ever-popular Linksys BEFSX41 is
>> another popular choice (it can overload and glitch though, under
>> extended, heavy periods of running). All are about the same.
Likewise,
>> the Netgear FR114P is another good choice, and I'd probably take it
>> over the others. SMC reportedly makes some good router/firewalls
too.
>> Just don't get wireless if you can avoid it and be sure to check
the
>> labelling on the box to be sure it has firewall features.
>
>Thanks. I did read somewhere to avoid wireless router.
>
>>
>> > >
>> > > >Or is it better to disconnect my PC from the modem (to
Internet) when
>> > > >not using it? Just that I have Windows Update scheduled
everyday and
>> > > >Norton Anti-virus scheduled everyweek.
>> > >
>> > > Since I assume you are not running a server,
>> >
>> > No I am not.
>> >
>> > > I'd disconnect it
>> > > whenever it's not in use. You generally do not ISP software
(which
>> > > often contains spyware and other junk) to connect to the net;
if you
>> > > have a high-speed connection, use IPCONFIG /RELEASE to
disconnect and
>> > > IPCONFIG /RENEW to connect.
>
>> > I have highspeed (comcast). I need to learn how to disconnect and
>> > connect as you suggested above. IPCONFIG /RELEASE and IPCONFIG
/RENEW
>> > the commands I need to use for disconnecting and reconnecting? I
>> > shall try immediately.
>>
>> > > You generally have to run this from a DOS
>> > > window,
>> >
>> > In my case, command prompt. I have XP prof.
>>
>> Just type CMD from the run menu, and enter those commands in.
>> IPCOFNIG\ /RELEASE and test your connection, then try IPCONFIG
/RENEW
>> Adapter #. Run IPCOFNFIG | MORE to find out the adapter number and
>> just see what's going on, and you can jjust use that in the future.
>> Once you've got that down, creating shortcuts is easy.
>>
> I have started using IPCONFIG /RELEASE and IPCONFIG / RENEW since
>last night. I don't understand what you ean by creating and placing
>shortcuts. I am not too familiar with DOS commands. Need to learn ...

It's just a link that you can put on your desktop or wherever that
allows you to execute a command. On your desktop, right click a blank
area, select New, and from the menu that appears, select Shortcut.
Simply enter in IPCONFIG /RELEASE and click Next. Give the shortcut a
name, like Disconnect from Internet, and click Finish. Do the same
with the reconnection command. Now, all you have to do is double-click
the shortcut item to get off and on the Internet. Test them out in the
command prompt first - mainly, if you have more than one method of
connecting to the net (Ethernet card, dial-up modem, etc.) you need to
be sure you reconnect the right one.

>> > > You can create shortcuts and place them wherever you want.
>>
>> > > Windows Update and Norton LiveUpdate are of no consequence; if
they
>> > > cannot connect to the net at a certain time, they will wait
until a
>> > > connection IS available.
>> >
>> > Well..Norton LiveUpdate has been doing that, i.e prompting me to
>> > download whenever i connect to internet but Windows Update hasn't
been
>> > doing that since I had my PC disconnected from internet.
Something
>> > wrong?
>>
>> I don't think so. It shouldn't be a problem. Just run WU and see if
>> anything is amiss. IIRC, WU can operate silently in the background,
>> and is smart enough to back off on updating when you're busy so as
to
>> not clog your connection.
>
> I went to microsfot website and noticed that 'Critical Updates and
>Service Packs' showed 0, i.e none available. I checked "view
>installtion history" and saw that the last time Windows Update was
>done automatically was in November, 2003.
>
>Since I had been keeping my PC physically disconnected from modem
when
>i wasn't online, it seems that it may just have been that there was
no
>critical update since then, i.e in December and January BUT...
> .. ....more possibly, I may have removed the scheduled tasks for
>Windows Update after seeing 'Never' under "Last Run Time" in
>"schedule task" list. I must have removed Windows Update scheduled
>after seeing "Never" there too. The thing is I moved here from
another
>state and the PC was not set up or connected to Internet for about
3-4
>weeks. So, I was seeing weird thing and hence went and bought Norton
>AV 2003 and put it and scheduled it. When scheduling, the password
was
>issue got me to raed the user guide...
>
>
>The schedule task Symantic NetDetect runs fine and infact, it was the
>only one sceduled until 2 days ago when I added the scheduling for
> Norton AntiVirus 2003 Professional (everyday 3am) and
> Windows Upadte (Every Sat 800AM).
>
>What I noticed - just looked at it again 1 min ago - was that
"Never"
>is displayed for Norton AntiVirus 2003 with 'Status' saying 'couldn't
>run because of incorrect password'. (I have no idea what password it
>is talking about; in the past, I looked in the user guide and saw
>none. I did registered the software. The one I bought (last August)
>is good for 2 PC and not sharing it with anyone though I plan to put
>it in my sister's PC).
>
>This reminds me that the password was the same reason I removed it
>before. I don't remember about the Windows Update, i.e why I removed
>it. Just now, I had scheduled it again without putting a password
>starting tomorrow. Let's see whether it will scan. So far, I manually
>scaned the hard drive.
>
>Anyway, I downloaded and installed other Windows Updates (not
critical
>ones). The last time I did that was in April 2003 or so. Is that what
>people called patches? And, under "Windows Security", I saw other
such
>as

Well, kind of. When security folks talk about "patches", we are
generally talking only about "critical patches" that affect security.
Most of the non-critical ones are feature upgrades or fixes for minor
bugs that are not security concerns. One maxim you should remember, if
nothing else, is that "feature" equals "potential exploit". So, you've
got to weigh whether that extra functionality -- if you even use it at
all -- is worth the increased risk. As a rule, except for hardware
drivers like video and sound cards, I NEVER recommend installing
non-critical patches.

>Blaster Worm Removal Tool for Windows XP and Windows 2000 (KB833330)
>Internet Explorer 6 Service Pack 1
>Cumulative Security Update for Internet Explorer 6 Service Pack 1
>(KB824145)
>
> Should I put those? I read somewhere that "patches" cause more
>problems...

Unfortunately, Microsoft's patches tend to introduce as many problems
as they fix; most of us security folks have been saying that for
years. It's so sadly true. You definitely should install any Operating
System critical patches (critical patches which don't say anything
about Internet Explorer). The Internet Explorer patches are the worst,
since they often introduce new features, and therefore new exploits.
This is the primary reason why I tell people that IE simply cannot be
used safely, period, finish. If you MUST use IE for anything other
than Windows Updates, then install all the Internet Explorer critical
patches too and keep your fingers crossed. There's a section on
hardening IE at my site, www.geocities.com/yosponge/browser.html But
even then, there are still lots of 'sploits out there.

BTW, as far as the scans go, just run HJT and post what's running. You
can create custom rules in Sygate to disallow incoming traffic to
those ports which are open. But I'm just wondering WHY they're showing
open. Alternatively, use Kerio 2.1.5 and a ruleset file from my site.
Sygate's a good firewall, but needs to be tweaked and it doesn't allow
one to use pre-written rulesets like Kerio 2.1.5.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com