Re: Is complete home security possible?
From: Joe Samangitak (joesamang_at_address.com)
Date: 02/06/05
- Next message: Charles Newman: "Re: First new figure skating results coverage"
- Previous message: Arthur Hagen: "Re: Is complete home security possible?"
- In reply to: Joe: "Re: Is complete home security possible?"
- Next in thread: Joe: "Re: Is complete home security possible?"
- Reply: Joe: "Re: Is complete home security possible?"
- Reply: Joe: "Re: Is complete home security possible?"
- Reply: Duane Arnold: "Re: Is complete home security possible?"
- Reply: Jason Edwards: "Re: Is complete home security possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 6 Feb 2005 00:05:53 -0800
Joe <noone@no.com> wrote in message news:<20050205173357.762$Nt@news.newsreader.com>...
> Joe Samangitak wrote:
> > I recently got hit by a trojan (Kaspersky called it
> > "Backdoor.Win32.rBot.Gen"). I saw this thing either take over my TFTP
> > program (or install one of its own). It installed several programs on
> > my HD to start up with Windows (XP Pro), like "IEXPLOREUP.EXE", and
> > used them to transfer data out to the net, via TFTP. Exactly what it
> > was transferring, I have no idea. I have since renamed Windows
> > TFTP.EXE file, because I don't know why it is even there, if it can be
> > exploited so easily by hackers. My security before this occurred was
> > Kerio 2.1 as a firewall (always made sure I got 100% stealth ports on
> > GRC's "ShieldsUp!" test), Kaspersky (always ensure my definitions are
> > updated), and for good measure, GIANT AntiSpyware. I have TrojanGuard
> > on the system, but only use it for scanning, to conserve resources.
> >
> > Despite all these measures, some mofo still managed to circumvent my
> > security. I don't know how, but all I know is at one point, my
> > firewall and virus program stopped loading with Windows. I don't know
> > if the trojan somehow disabled them, but I know I didn't take them out
> > of startup. I just wasn't so quick to put them back and next thing you
> > know... There was a point where I saw Kerio crash before my eyes, and
> > then it just took itself out of memory and was no longer active. Never
> > saw it do that before, and again, I don't know if the trojan was
> > responsible for this.
> >
> > Which leads me to my question: I have a hi-speed connection, and I'm
> > thinking of
> > leaving it on all the time (ease & convenience), rather than just
> > starting it up whenever I do browsing. For this to happen, I would
> > want to have bulletproof security to where I'm confident my firewall
> > is not going to go south on me. I don't know yet whether SP2's
> > Security Center will protect me from hackers trying to disable my
> > firewall via trojans. What if I have a backup software firewall in
> > place in case the first one gives out? Is it possible to acheive a
> > level of software security to where a home user under XP Pro SP2 can
> > be confident in leaving a hi-speed connection open without fear of
> > hackers circumventing the security measures? In other words, WHAT AM I
> > DOING WRONG HERE??!
> >
> > Thanks for your opinions.
>
>
> Joe, I want to thank you for writing in here. You're story is kinda
> heart felt for me cus I am also interested in your question being
> answered. I don't have any problems, but am curious to see peoples
> answers for you.
Joe <noone@no.com> wrote in message news:<20050205173357.762$Nt@news.newsreader.com>...
> Joe Samangitak wrote:
> > I recently got hit by a trojan (Kaspersky called it
> > "Backdoor.Win32.rBot.Gen"). I saw this thing either take over my TFTP
> > program (or install one of its own). It installed several programs on
> > my HD to start up with Windows (XP Pro), like "IEXPLOREUP.EXE", and
> > used them to transfer data out to the net, via TFTP. Exactly what it
> > was transferring, I have no idea. I have since renamed Windows
> > TFTP.EXE file, because I don't know why it is even there, if it can be
> > exploited so easily by hackers. My security before this occurred was
> > Kerio 2.1 as a firewall (always made sure I got 100% stealth ports on
> > GRC's "ShieldsUp!" test), Kaspersky (always ensure my definitions are
> > updated), and for good measure, GIANT AntiSpyware. I have TrojanGuard
> > on the system, but only use it for scanning, to conserve resources.
> >
> > Despite all these measures, some mofo still managed to circumvent my
> > security. I don't know how, but all I know is at one point, my
> > firewall and virus program stopped loading with Windows. I don't know
> > if the trojan somehow disabled them, but I know I didn't take them out
> > of startup. I just wasn't so quick to put them back and next thing you
> > know... There was a point where I saw Kerio crash before my eyes, and
> > then it just took itself out of memory and was no longer active. Never
> > saw it do that before, and again, I don't know if the trojan was
> > responsible for this.
> >
> > Which leads me to my question: I have a hi-speed connection, and I'm
> > thinking of
> > leaving it on all the time (ease & convenience), rather than just
> > starting it up whenever I do browsing. For this to happen, I would
> > want to have bulletproof security to where I'm confident my firewall
> > is not going to go south on me. I don't know yet whether SP2's
> > Security Center will protect me from hackers trying to disable my
> > firewall via trojans. What if I have a backup software firewall in
> > place in case the first one gives out? Is it possible to acheive a
> > level of software security to where a home user under XP Pro SP2 can
> > be confident in leaving a hi-speed connection open without fear of
> > hackers circumventing the security measures? In other words, WHAT AM I
> > DOING WRONG HERE??!
> >
> > Thanks for your opinions.
>
>
> Joe, I want to thank you for writing in here. You're story is kinda
> heart felt for me cus I am also interested in your question being
> answered. I don't have any problems, but am curious to see peoples
> answers for you.
I'm curious to see an answer that helps me out with advice that I
don't already know. Recommendations for virus programs etc are not
going to help, since I already mentioned in my ad that I had what may
be the best virus program on the market installed, still got a trojan.
Same with firewalls, had one installed, spent a lot of time with the
Kerio ruleset, blocking off dangerous ports like 135, until ALL open
ports were stealthed, and still got a trojan. I'm not running as
Administrator, just as a user with admin rights, still got a trojan.
I don't need a network setup, so don't have a router. Even so, if you
say I should steer clear of any sites where I might download a virus,
then the hardware router is obviously not going to protect me either.
I can't know which site might send me a trojan.
Bottom line, I don't have a problem knowing when I'm infected. I don't
need programs like HijackThis, because I already know what should and
shouldn't be present in the task manager. My problem is avoiding
getting infected in the first place, since SP2, a good virus program
and firewall, as well as a resident program that alerts me to other
programs trying to install themselves in my startup have proven to be
insufficient in protecting me. Especially if the trojan can disable
these programs (I'm assuming hackers have already figured out how to
disable SP2's systray warning from the security center). And I've been
using FireFox and Opera for a long time, avoiding IE like the plague.
But my browser choice had nothing to do with the trojan's ability to
load programs on my system and use TFTP to send data out.
- Next message: Charles Newman: "Re: First new figure skating results coverage"
- Previous message: Arthur Hagen: "Re: Is complete home security possible?"
- In reply to: Joe: "Re: Is complete home security possible?"
- Next in thread: Joe: "Re: Is complete home security possible?"
- Reply: Joe: "Re: Is complete home security possible?"
- Reply: Joe: "Re: Is complete home security possible?"
- Reply: Duane Arnold: "Re: Is complete home security possible?"
- Reply: Jason Edwards: "Re: Is complete home security possible?"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
