Re: The Trackers First Review Response
n1pop_at_hotmail.com
Date: 09/23/03
- Next message: Ed C.: "WORM_SWEN.A"
- Previous message: Phil Weldon: "Re: someone using Microsoft's name for bogus email"
- In reply to: removevalid: "The Trackers First Review Response"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 23 Sep 2003 03:44:48 GMT
tracker <"snailmail(removevalid)222000"@yahoo.com> wrote in
news:3F6DA4AB.95914C11@yahoo.com:
> ME: As a person who was unaware of this, it was a shock. I thought
> of the many people as myself who this was happening to. Looked at all
> the hacker books written and noticed none approached it from a "basic
> computer user" skill level.
This is likely because you weren't looking at basic books. You were
looking at a college-level trig book looking for elementary math.
> All books are written by security experts
> and written so sophisticated that unless your knowledge was on their
> level a person was left out in left field wondering what are these
> people talking about.
True, if you're talking about higher-level discussion. A series called
"For Dummies" proved to me that simple can be quite effective.
> I’ve approached this in a way, simple, tested,
> results that anyone can understand.
If you refer to the text we've seen to date, then what you've written is
not easy to understand. Your thoughts wander from point to point with
no apparent connectivity.
> Learning what the Internet has to offer a basic user isn’t
> an easy task to discover. Look at all the basic and simple questions
> people ask in Usenet alone.
But your book isn't about the wonders of the Internet, it's supposed to
be about computer attacks and security. Don't let your awe confuse your
readers because they may not be awed in quite the same way.
> Well, why haven’t experts written a book and included them with new
> computers warning people about hackers and what to do to make your
> computer secure.
The first reason is because the computer has evolved from a thing used
by geeks and feared by masses to an everyday home appliance. One pays
no more attention to the warning label that comes with their toaster
than they do to any warnings on their computer. Worse, most warnings
and alerts are in electronic form and are not great red tags taped to
the power cord.
I think the second reason is marketing. No one wants to admit that a
user's manual and a set of warnings should be clearly presented to the
new computer owner. Some may think that such a process might scare off
some users: my grandmother wouldn't use a computer until I showed her
how safe and easy it can be.
> A product is made and sold for money, never telling
> people there could be problems, how to approach it and how to prevent
> forth coming issues.
No one bothers to tell you of the potential road hazards when you buy
your first car, either. But consumers seem to understand their
responsibilities when behind the wheel, yet have no concept when at the
keyboard.
> Anger, frustration
> and curiosity helped me write my book.
And you let those traits into your book, which didn't help. One must
write a book of guidance with no bias or emotion. Write the book as you
would teach a child; without wandering off topic or complaining about
some silly ISP and their account policies.
> ME: If all AV applications can detect known trojans, then how did the
> Backdoor Redwood Broker along with six or seven Trojan Horses appear
> on my computers while running PC-Cillian and Nortons?
Because your AV application did not know of the trojan, or the AV
software was not operating (few applications that run in the background
ever tell the operator that they have terminated).
There are several values of AV application, the correct one being
"updated and running." Especially these days, there is no reason not to
update your AV files daily if on broadband, no less often than weekly
otherwise.
> My perspective is
> this - most Windows users don’t disable a number of services,
> including file and print sharing.
Here is a perfect example of wandering. The point was AV programs, and
you've drifted to open ports. AV software would only inspect all
incoming data if told to do so. Since many do not, and because I assume
this is how the trojans made their way in, this may be why your AV
software failed.
But it was not for the failure of the AV software, it was the
vulnerability of an open port.
> A hacker comes along and installs a Backdoor
> and Trojan Horse, including a Virtual Private Network(s), but the
> basic user hasn’t even installed any anti-virus application at this
> point and their computer is already hacked/owned.
How do you know? At what point do you make your assertion? Most
computers sold these days include Windows XP. Included in that package
is usually some sort of AV package. Mine came with McAfee. Before I
put the computer on the net, I have the opportunity to install and
configure not only AV software but the integral firewall.
> There was not even a handful
> of virus alerts from either PC-Cillian or Nortons which showed any
> alerts in 2.5 years.
And in that 2.5 years, how many times did you update your virus
definition files, and how many times did you update your AV engine? If
it's been more than one week for the former and six months for the
latter, then your AV software is too old and incapable of defending
against the newest viruses.
> While my systems were running two
> Virtual Private Networks, Steve Gibsons site and Securityspace was
> used to test for open ports.
Do you have evidence that VPNs were in fact in use and connected? What
was the destination IP address and port?
> Steve Gibsons site revealed port 110 opened during the same testing
> period. The only application open at the time was Netscape 4.7. This
> told me that a hacker was using an e-mail application which was on my
> computer at "the time the port scanning was being performed".
I think this is a misdiagnosis. When a port is open, it means there is a
server of some kind that is listening to that port and ready to respond.
Netscape is a client program, not a server, so it could not have been the
program involved.
This does not mean that port 110 was closed, or that someone was not
using your system at the time. But it does mean Netscape was not the
program in use.
So why was the port open? What program answered to that port? Did you
telnet to your machine on port 110 to find out what answered?
> Out of
> the "two years" of port scanning my computer, God decided to pick only
> these two moments to help me along the path to discover what
> "No One Else In This World Has Discovered".
Getting evangelistic doesn't help your cause. If you were otherwise
blind for two years (lose the quotes, Debbie), and God only saw fit to
give you two examples, why did he allow so many other resources yet
prevent you from viewing them?
> ME: My book was written mainly for the basic computer user, not high
> tech specialists.
I think your book was written for you, and not any particular audience.
> My first firewall installed was a free copy of Zone
> Alarm. Basic computer users have no reason to be aware of which
> Window services are running or to know basic practices for security.
> In my possession is a listing of 80,000+ computer victims running a
> million different Open Ports, Backdoors and Trojans.
How do these three points relate? You drifted so fast I almost lost the
second sentence altogether.
And how did you come to the conclusion that so-called basic users have no
reason to understand how their computer works or what's going on inside?
> Them words should speak for themselves.
But they don't. You assume we all think like you, when no one else does.
You need to think like others to really see what's been shown to you so
you can show others.
> Hell, "France Telecom" had
> two Networks or Servers with Backdoors or Trojans on them.
So what? How does this benefit a basic user who has no reason to know?
> The malicious hackers sure
> were pissed at me for discovering this.
Anyone who is inconvenienced by those wanting to stop their progression
will be upset at the obstacle. I fight spam all day and plenty of
spammers are pissed at me. But I don't brag about it, and I'm certainly
not going to include their anger in any book I write.
> Their IP addresses are listed
> in my book.
Their addresses have likely changed by now. Any address you put into a
book will be obsolete before the book is printed.
> By using the free Zone Alarm, it was noticed that you had
> to leave the "Security" setting to medium. So what good is a firewall
> when your computer is already hacked or owned. Many of the firewall
> logs from victims are published in my book.
Well, to state the obvious, it serves little or no purpose to close teh
barn doors after the horses have run off. The point of computer security
is to start with a hardened system. If you start off with the barn door
closed and a good lock installed, the horses will not get out and no
trojan horses will get in.
> ME: The additional Blackice firewall proved to me that it was probably
> connected to the Virtual Private Network(s).
Evidence? You say probably, but you also seem confident that some hacker
is using VPN.
> Granted, your answer
> should have been correct, but the Blackice firewall on my computer
> proved that one firewall was mine and another belonged to a hacker; so
> your statement that a firewall blocks traffic and could prevent access
> is wrong.
What drew you to this conclusion? What is your evidence that some
firewall belonged to a hacker?
And the statement on its own is quite valid. A firewall does block
traffic and can prevent access.
> [firewall log was here]
Apart for the randomness of the datestamp, I see that all the access
attempts appear to be blocked or refused.
> ME: All I can say is to give this method a try and anyone with basic
> skills will open their eyes to what hackers have installed on their
> computer if it’s hacked or owned.
This goes against your earlier statement that a basic user has no reason
to be aware of these things. And no, it won't open their eyes unless
they know what they're looking at. Your implication that something awe-
inspiring will be immediately obvious is wrong.
> You don’t actually think hackers
> are going to reveal all their actions out there in the open on your
> hard drive, do you?
Well, where else do you expect them to store all their toys? The
registry? That's on the hard drive.
> Checking for running processes isn’t going to
> show you all the pornography, remailer information and e-mails others
> are abusing on your system; to name a few.
This depends on how you check for running processes. Yes, if you're
using an obsoleted OS like Windows 98 then one can hide applications from
the apps list. But diving deeper and checking the process tree will show
you all the programs, including the kernel, that are running. For older
systems you may need to use a third-party application to view the process
tree.
> Displaying all files in a tedious method to determine what processes
> are running on your computer. Checking the running processes and
> identifying those that are running would prove more beneficial than
>
> ME: See above remarks
See above dispute. Besides, when a basic user has actually viewed all
his or her hidden and system files, exactly what are they expected to
see? There will be no glowing light, no "The Rabbit is in here!" sign,
nothing that will obviously point the basic user to the malicious file.
That's what working AV software and other malware detectors are for.
- Next message: Ed C.: "WORM_SWEN.A"
- Previous message: Phil Weldon: "Re: someone using Microsoft's name for bogus email"
- In reply to: removevalid: "The Trackers First Review Response"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
