Re: How to prevent malware from running on your PC
From: Jason Edwards (none1_at_invalid.invalid)
Date: Sat, 17 Sep 2005 13:58:22 +0100
"Art" <email@example.com> wrote in message
> On 17 Sep 2005 08:52:14 +0200, Volker Birk <firstname.lastname@example.org> wrote:
> >Art <email@example.com> wrote:
> >[Windows Update]
> >> The real problem with WU is that it's a Trojan.
> >I don't think so.
> I recently had occassion to do a fresh install of Win 98SE. As is my
> custom, I then proceeded to disable services and make sure the
> adapters were bound to TCP/IP only. The netstat -an result was
> empty as usual.
> After doing a Windows Update ... downloading and installing all
> patches and IE 6 sp1 ... I rebooted and to my surprise the Windows
> logon screen appeared. Sure enough, my work had been nullified
> and netstat -an showed all the usual NETBIOS ports listening. I had
> been on line for quite some time with DSL servcice wide open to
> attack. Luckily, I took no hits.
That's one reason why a quick run of both netstat (I prefer tcpview) and
shields up is a good idea after a fresh install (including updates and
applications) of any version of Windows.
But it's a much better idea for home users to be behind an external firewall
box which filters incoming connection requests by default. This doesn't have
to be NAT but NAT is likely to be the cheapest way.
There is no reason why this filtering cannot be done in a DSL or cable modem
but this may create an administration problem (and thus cost a lot of money)
for ISPs. Some of us would rather do our own filtering but it would be best
for ISPs to do it for others.
> To protect yourself from the WU trojan, you can keep the install
> file of your favorite software fw on CD and install it immediately
> after installing Windows and before going online. Do your OS hardening
> _after_ doing WU since it will undo some of your work. Then if your
> sw firewall is disabled for any reason, you'll still be safe going