Re: Windows Explorer firewall alert
From: Duane Arnold (notme_at_notme.com)
Date: Sun, 08 Feb 2004 06:31:49 GMT
"Ronald Smyth" <firstname.lastname@example.org> wrote in
> I have recently installed Zone Alarm free version. Many times when I
> open Windows Explorer, Zone Alarm will prompt me that W. Explorer
> wants to access the internet. I always said yes. Then I started
> wondering why Windows Explorer is trying to access the net altogether
> and said no. As soon as I did that I got a Norton AntiVirus alert that
> I had two TrojanByteVerify viruses on my system. I then quarantined
> them. I was not accessing email at the time and the only websites I
> had open where news.yahoo.com and the EA Sports website neither of
> which I was even clicking on. I was working with Windows Explorer only
> at that moment. Is there a connection or just a coincidence? I also
> don't understand why I am getting trojanbyte viruses if I have
> downloaded the patch for Microsoft VM (\816093 - MS03-011 Flaw in the
> Microsoft VM) and installed it.
Well who knows where the virus came from and just because you accessed a
site and didn't click on something doesn't mean that something cannot be
downloaded and installed on your machine. That's called a Website Drive by
if indeed the virus did compormise the machine vis the browser. In that
case if using IE, then you configure IE's security so that it doesn't allow
things to download at will like active-x(s), etc.
You can use the HOST to supplement in this area.
The protection starts with the O/S, if configured to protect itself.
Watch the inbound and outbound connections to and from the machine yourself
as Trojans and malware can circumvent a third party host based FW designed
to stop a program from accessing the Internet. Active Ports and Process
Explorer (both free use Google) can help you look.
You can stay off the Internet using an Admin. Account, which prevents the
machine from being attacked as well. I say that and don't do it myself so
take it with a grain of salt. <g>