Re: How to prevent malware from running on your PC

From: Jason Edwards (none1_at_invalid.invalid)
Date: 09/17/05


Date: Sat, 17 Sep 2005 13:58:22 +0100


"Art" <null@zilch.com> wrote in message
news:kq1oi1lb8ibt04l3uep2f0r8dl53bvc8hb@4ax.com...
> On 17 Sep 2005 08:52:14 +0200, Volker Birk <bumens@dingens.org> wrote:
>
> >Art <null@zip.com> wrote:
> >[Windows Update]
> >> The real problem with WU is that it's a Trojan.
> >
> >I don't think so.
>
> I recently had occassion to do a fresh install of Win 98SE. As is my
> custom, I then proceeded to disable services and make sure the
> adapters were bound to TCP/IP only. The netstat -an result was
> empty as usual.
>
> After doing a Windows Update ... downloading and installing all
> patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
> logon screen appeared. Sure enough, my work had been nullified
> and netstat -an showed all the usual NETBIOS ports listening. I had
> been on line for quite some time with DSL servcice wide open to
> attack. Luckily, I took no hits.

That's one reason why a quick run of both netstat (I prefer tcpview) and
shields up is a good idea after a fresh install (including updates and
applications) of any version of Windows.
But it's a much better idea for home users to be behind an external firewall
box which filters incoming connection requests by default. This doesn't have
to be NAT but NAT is likely to be the cheapest way.
There is no reason why this filtering cannot be done in a DSL or cable modem
but this may create an administration problem (and thus cost a lot of money)
for ISPs. Some of us would rather do our own filtering but it would be best
for ISPs to do it for others.

Jason

> To protect yourself from the WU trojan, you can keep the install
> file of your favorite software fw on CD and install it immediately
> after installing Windows and before going online. Do your OS hardening
> _after_ doing WU since it will undo some of your work. Then if your
> sw firewall is disabled for any reason, you'll still be safe going
> online.
>
> Art
>
> http://home.epix.net/~artnpeg



Relevant Pages

  • Administrator rights
    ... In loading a 3rd party software on my pc, ... whether I wanted to install the "art cd's" as well, ... drive in order to obtain a graphic image. ...
    (microsoft.public.windowsxp.security_admin)
  • Re: Antidote AV vanishes...?
    ... >>>Hi Art, ... I can't seem to spot for either product the ... I then attempted to install V5 to have a looksee, but, it ... At that point I could not run the V3 uninstall again because ...
    (alt.comp.anti-virus)
  • Re: [SLE] Mplayer & SUSE 9.1 (SOLVED)
    ... Art Fore wrote: ... > libdivxdedorre rpm. ... You didn't install divx4linux using rpm. ...
    (SuSE)
  • Re: border and shading
    ... > place an art border around a document. ... I got a message saying something ... Would you like to install ...
    (microsoft.public.word.drawing.graphics)
  • Re: On Installing Windows
    ... > Art wrote: ... >> Soytenly cable is more secure. ... But some people can't install the ... With wireless you have to understand that hackers can ...
    (alt.comp.anti-virus)