Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet

• Previous message: sam: "why use cyberguard rather then Checkpoint and Cisco PIX?"
• In reply to: sponge: "Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet"
• Next in thread: curious: "Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: 31 Jan 2004 21:27:27 -0800

yosponge@yahoo.com (sponge) wrote in message news:<8d76ec03.0401311000.413d1dba@posting.google.com>...
> On 30 Jan 2004 18:50:39 -0800, heyimjustcurious@yahoo.com (curious)
> wrote:
>
> >yosponge@yahoo.com (sponge) wrote in message news:<8d76ec03.0401301159.638e56a5@posting.google.com>...

> >
> > <snip for brevity>
>
> No, you shouldn't have any problems denying ActiveX unless that's
> specifically needed, although some .NET applications might use them.
> Frankly, you can usually accomplish the same tasks with Java applets,
> which are much safer and can be cross-platform.

 I looked and noticed that *they* were still disabled; I remembered
talking comcast tech support and asked about it. That guy seemed
knowledgeable.

>
> My hat's off to that Comcast tech; very few even KNOW to disable
> ActiveX let alone will take the time. Buy that man a Guiness next time
> you see him.

 Well, the first guy sent was in training and messed up the
installation. The second one was experienced.

<snip>

> > I have started using IPCONFIG /RELEASE and IPCONFIG / RENEW since
> >last night. I don't understand what you ean by creating and placing
> >shortcuts. I am not too familiar with DOS commands. Need to learn ...
>
> It's just a link that you can put on your desktop or wherever that
> allows you to execute a command. On your desktop, right click a blank
> area,

  Neat! Before, I only created shortcuts for the ones in
Start->Programs.

<snip>

> >
> > I went to microsfot website and noticed that 'Critical Updates and
> >Service Packs' showed 0, i.e none available. I checked "view
> >installtion history" and saw that the last time Windows Update was
> >done automatically was in November, 2003.

<snip>

> >Anyway, I downloaded and installed other Windows Updates (not
> critical
> >ones). The last time I did that was in April 2003 or so. Is that what
> >people called patches? And, under "Windows Security", I saw other
> such
> >as
>
> Well, kind of. When security folks talk about "patches", we are
> generally talking only about "critical patches" that affect security.
> Most of the non-critical ones are feature upgrades or fixes for minor
> bugs that are not security concerns. One maxim you should remember, if
> nothing else, is that "feature" equals "potential exploit". So, you've
> got to weigh whether that extra functionality -- if you even use it at
> all -- is worth the increased risk. As a rule, except for hardware
> drivers like video and sound cards, I NEVER recommend installing
> non-critical patches.

 Unforunately, I did today but not Blaster Worm Removal Tool for
Windows XP . I won't anymore. I also put IE 6 Service Pack 1 after
reading in a book at B&N a few days ago.

>
> >Blaster Worm Removal Tool for Windows XP and Windows 2000 (KB833330)
> >Internet Explorer 6 Service Pack 1
> >Cumulative Security Update for Internet Explorer 6 Service Pack 1
> >(KB824145)
> >
> > Should I put those? I read somewhere that "patches" cause more
> >problems...
>
> Unfortunately, Microsoft's patches tend to introduce as many problems
> as they fix; most of us security folks have been saying that for
> years. It's so sadly true. You definitely should install any Operating
> System critical patches (critical patches which don't say anything
> about Internet Explorer). The Internet Explorer patches are the worst,
> since they often introduce new features, and therefore new exploits.
> This is the primary reason why I tell people that IE simply cannot be
> used safely, period, finish. If you MUST use IE for anything other
> than Windows Updates, then install all the Internet Explorer critical
> patches too and keep your fingers crossed. There's a section on
> hardening IE at my site, www.geocities.com/yosponge/browser.html But
> even then, there are still lots of 'sploits out there.

It's only recently (after I staretd reading ngs) that I came to hear
about IE problem. I plan to switch to another browser but it may be a
while.
 
>
> BTW, as far as the scans go, just run HJT and post what's running. You
> can create custom rules in Sygate to disallow incoming traffic to
> those ports which are open. But I'm just wondering WHY they're showing
> open.

 I haven't downloaded TCPview from sysinternals.com qnd run yet. I
just did stealth scan again nd the result is shown below. I need to
take care of something but I will continue with this process and
posts....

                 ----------------------------------

Ideally your status should be "Blocked". This indicates that your
ports are not only
closed, but they are completely hidden (stealthed) to attackers.
 
Service Ports Status Additional Information

FTP DATA 20 BLOCKED This port has not responded to any of our probes.
It appears to be completely stealthed.

FTP 21 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

SSH 22 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

TELNET 23 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

SMTP 25 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

DNS 53 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

DCC 59 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

FINGER 79 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

WEB 80 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

POP3 110 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

IDENT 113 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

NetBIOS 139 BLOCKED This port has not responded to any of our probes.
It appears to be completely stealthed.
 
HTTPS 443 BLOCKED This port has not responded to any of our probes. It
appears to be completely stealthed.

Server Message Block 445 BLOCKED This port has not responded to any of
our probes. It appears to be completely stealthed.

SOURCE PORT 1054 BLOCKED This is the port you are using to communicate
to our Web Server. A firewall that uses Stateful Packet Inspection
will show a 'BLOCKED' result for this port.

SOCKS PROXY 1080 BLOCKED This port has not responded to any of our
probes. It appears to be completely stealthed.

WEB PROXY 8080 BLOCKED This port has not responded to any of our
probes. It appears to be completely stealthed.

          You have blocked all of our probes! We still recommend
       running this test both withand without Sygate Personal Firewall
       enabled... so turn it off and try the test again.
 
    ------------------------------------------------------------

Comment: I don't see port 1024 and others listed.

>Alternatively, use Kerio 2.1.5 and a ruleset file from my site.

 Will check.

> Sygate's a good firewall, but needs to be tweaked and it doesn't allow
> one to use pre-written rulesets like Kerio 2.1.5.
>

 I don't mind spending time with Sygate; good for learning. wish, I
have more time. Thanks for all the help.

> Sponge
> Sponge's Secure Solutions
> www.geocities.com/yosponge
> My new email: yosponge2 att yahoo dott com

• Previous message: sam: "why use cyberguard rather then Checkpoint and Cisco PIX?"
• In reply to: sponge: "Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet"
• Next in thread: curious: "Re: AdAware, SpyBot S &D, etc. + leave PC connected to Internet"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]