Re: Is complete home security possible?

From: Joe (noone_at_no.com)
Date: 02/05/05


Date: Sat, 05 Feb 2005 14:33:39 -0800

Joe Samangitak wrote:
> I recently got hit by a trojan (Kaspersky called it
> "Backdoor.Win32.rBot.Gen"). I saw this thing either take over my TFTP
> program (or install one of its own). It installed several programs on
> my HD to start up with Windows (XP Pro), like "IEXPLOREUP.EXE", and
> used them to transfer data out to the net, via TFTP. Exactly what it
> was transferring, I have no idea. I have since renamed Windows
> TFTP.EXE file, because I don't know why it is even there, if it can be
> exploited so easily by hackers. My security before this occurred was
> Kerio 2.1 as a firewall (always made sure I got 100% stealth ports on
> GRC's "ShieldsUp!" test), Kaspersky (always ensure my definitions are
> updated), and for good measure, GIANT AntiSpyware. I have TrojanGuard
> on the system, but only use it for scanning, to conserve resources.
>
> Despite all these measures, some mofo still managed to circumvent my
> security. I don't know how, but all I know is at one point, my
> firewall and virus program stopped loading with Windows. I don't know
> if the trojan somehow disabled them, but I know I didn't take them out
> of startup. I just wasn't so quick to put them back and next thing you
> know... There was a point where I saw Kerio crash before my eyes, and
> then it just took itself out of memory and was no longer active. Never
> saw it do that before, and again, I don't know if the trojan was
> responsible for this.
>
> Which leads me to my question: I have a hi-speed connection, and I'm
> thinking of
> leaving it on all the time (ease & convenience), rather than just
> starting it up whenever I do browsing. For this to happen, I would
> want to have bulletproof security to where I'm confident my firewall
> is not going to go south on me. I don't know yet whether SP2's
> Security Center will protect me from hackers trying to disable my
> firewall via trojans. What if I have a backup software firewall in
> place in case the first one gives out? Is it possible to acheive a
> level of software security to where a home user under XP Pro SP2 can
> be confident in leaving a hi-speed connection open without fear of
> hackers circumventing the security measures? In other words, WHAT AM I
> DOING WRONG HERE??!
>
> Thanks for your opinions.

Joe, I want to thank you for writing in here. You're story is kinda
heart felt for me cus I am also interested in your question being
answered. I don't have any problems, but am curious to see peoples
answers for you.

I personally have a hardware router and in that alone am protected
enough I never worry or have problems. We run windows xp pro here and
sp1 or 2, doesn't matter. We've never had a virus unless we downloaded
something from a bad web site or email thing. That's only happened maybe
1 or 2 times in our lifetime of using the net on our cable modem durring
the last 5 years.

I leave my cable modem on 24/7 and never have security issues. You
should be able to do the same. DSL or Cable doesn't matter. Have a
hardware router and you should be fine so long as no one there goes to
sites and downloads stuff that might be infected or open email
attachments etc.

I personally have a SonicWALL TZ150. I just got it a couple days ago. I
got it for the IDP, Virus and Content filtering. IDP is intrusion
prevention which looks for trojians, worms etc and p2p stuff, etc. The
virus feature looks at all incomming email and web and ftp transfers for
code that might be a virus and it blocks it from comming in. All this
done at the gateway/router. You still should have virus software, but to
me it's not as needed as without this type of router. It's still good to
have tho.

Joe



Relevant Pages

  • Re: MS04-013/KB837009/Trojan
    ... Those folks who write virus files have found ways to bypass ... To secure your computer and prevent possible future security breeches, ... Norton Internet Security 2004 ... | MhtRedir.gen trojan and has been deleted to complete the Clean process. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: how can I remove Trojan.Generic.IS.559211
    ... My Anti-Virus Program is about to expire do you know of a free ... I don't understand why my security program listed this trojan as ... | Can anyone help me find a solution to remove this virus? ...
    (microsoft.public.security.virus)
  • Re: The Coalition against Personal Firewalls
    ... I didn't say it was a trojan. ... bypass firewalls - the concept of writing a function. ... A virus is code, which propagates itself. ... Volker have contributed his knowledge and experiences in the security ...
    (comp.security.firewalls)
  • Re: spoolsv.exe How can i remove it?
    ... Jhony wrote: ... Then search their security page for the name of the virus or trojan that their scan finds. ...
    (microsoft.public.windowsxp.basics)
  • >>>> REMOVE MANUALLY <<<<
    ... Remove Virus Manually ... How To Remove Spyware Manually ... Manually Remove Trojan Horse ... Manually Remove Symantec Antivirus ...
    (sci.math.num-analysis)