Re: A new 'Beta' test from Panda

'BoaterDave' wrote:
| I'm actually using the McAfee Internet Security Suite supplied (at extra
| cost!) with my AOL (UK) subscription
| + Windows Defender, AVG Anti-Spyware 7.5 and Ad-Aware 2007 - all up to
date
| on Windows XP Home, SP2 and all updates.
|
| I was referring in my comment to those on another newsgroup who seem
adamant
| that they can identify me regardless of my selected 'nick' for posting
| purposes. If my IP doesn't give me away, I was wondering what other 'spy'
| might be being used to identify me.
_____

And I gave you methods!
I guess another method would be
get the IP address from a recently posted newsgroup message
launch an attack on that IP address through the Internet
exploit a vulnerability to take control of your system
rifle through your files
export information over the Internet to the hacker.

But simple precautions can block this chain at several points.
router with NAT
hardware firewall
software firewall
antivirus and antimalware programs installed, up-to-date, and always
active
secure physical location
up-to-date security patches installed on operating system and
applications


Or someone could just enter the physical location of your system and make
changes.

There is a difference between what CAN be done and what is worth something
to someone to actually DO. At the moment, in the USA, a 'national security
letter' can get the US government most any information requested. But are
you worth the trouble B^)

Phil Weldon

"BoaterDave" <BoaterDave@xxxxxxxxxxxxxx> wrote in message
news:%23RSl$MJ0HHA.3400@xxxxxxxxxxxxxxxxxxxxxxx
| Hello again Phil - slight misunderstanding I fear!
|
| I'm actually using the McAfee Internet Security Suite supplied (at extra
| cost!) with my AOL (UK) subscription
| + Windows Defender, AVG Anti-Spyware 7.5 and Ad-Aware 2007 - all up to
date
| on Windows XP Home, SP2 and all updates.
|
| I was referring in my comment to those on another newsgroup who seem
adamant
| that they can identify me regardless of my selected 'nick' for posting
| purposes. If my IP doesn't give me away, I was wondering what other 'spy'
| might be being used to identify me.
|
| David
|
|
*************************************************************************************************
| "Phil Weldon" <not.disclosed@xxxxxxxxxxx> wrote in message
| news:uRsqi.11417$rR.9799@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| > 'BoaterDave' wrote:
| > | So it seems that they are lying - or I have malware (again!) on my PC!
| > | Now I've got to determine which it is!
| > _____
| >
| > No, not lying - 'Beta' is a warning label that the software may not work
| > as
| > intended. You should not depend on 'Beta' software for critical
| > operations
| > (and keeping your system free of malware is a critical operation.) And
| > even
| > antimalware in production can give false alerts. If you are going to
use
| > an
| > on-line scan, pick one that is NOT 'beta' and that is more thorough than
| > 'Nanoscan'. Symantec and other antimalware publishers have more
thorough
| > on-line scans
| >
| > As a comparison, the Symantec on-line virus scanner will scan every file
| > on
| > a system and take 20 minutes or more (fast system with > 100,000 files)
| > while 'Nanoscan' checks, on the same system in 20 seconds, well, who
| > knows?
| > ( I would imagine 'Nanoscan' checks memory, the registry, and whatever
| > else
| > it can in 20 seconds. Something like 'Nanoscan' might eventually be an
| > quick supplement to other malware detectors, but only a minor
supplement.
| >
| > What antimalware protection do you use, and is it up-to-date (an in
either
| > the very latest definitions or definitions updated within the last two
| > days)?
| >
| > Phil Weldon
| >
| >
| > Phil Weldon
| >
| > "BoaterDave" <BoaterDave@xxxxxxxxxxxxxx> wrote in message
| > news:eXSXPTI0HHA.3940@xxxxxxxxxxxxxxxxxxxxxxx
| > | So it seems that they are lying - or I have malware (again!) on my PC!
| > | Now I've got to determine which it is!
| > |
| > | Thanks for your coments, Phil.
| > |
| > | BD
| > | ******************************************************
| > | "Phil Weldon" <not.disclosed@xxxxxxxxxxx> wrote in message
| > | news:EBrqi.11448$tj6.10470@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| > | > 'BoaterDave' wrote, in part:
| > | > | When posting to a newsgroup on a private server, it seems that
| > | > | anyone/everyone can identify me, regardless of user name employed.
| > | > Whilst
| > | > I
| > | > | fully appreciate that an individual has a certain style (which can
| > be
| > | > | 'fudged' - obfuscated, if you will) if the IP address changes as
you
| > say
| > | > | (and I believe you!) can you suggest an alternate way they can
| > identify
| > | > | someone without having installed some form of 'reporting' malware
on
| > | > one's
| > | > | PC?
| > | > _____
| > | >
| > | > In the USA be George W. Bush, Alberto Gonzales, or *** Cheney,
bribe
| > the
| > | > ISP, or actually get a court order B^)
| > | >
| > | > Phil Weldon
| > | >
| > | > "BoaterDave" <BoaterDave@xxxxxxxxxxxxxx> wrote in message
| > | > news:e8TIJCI0HHA.1188@xxxxxxxxxxxxxxxxxxxxxxx
| > | > | Phew! Thanks for all that, Phil! I really appreciate the time and
| > | > trouble
| > | > | you have taken to respond so comprehensively.
| > | > |
| > | > | Dare I ask you for further comment? <g> I will anyway!
| > | > |
| > | > | When posting to a newsgroup on a private server, it seems that
| > | > | anyone/everyone can identify me, regardless of user name employed.
| > | > Whilst
| > | > I
| > | > | fully appreciate that an individual has a certain style (which can
| > be
| > | > | 'fudged' - obfuscated, if you will) if the IP address changes as
you
| > say
| > | > | (and I believe you!) can you suggest an alternate way they can
| > identify
| > | > | someone without having installed some form of 'reporting' malware
on
| > | > one's
| > | > | PC?
| > | > |
| > | > | I'd value your advice. TIA.
| > | > |
| > | > | David
| > | > |
| > | > |
| > | >
| >
******************************************************************************************************
| > | > | "Phil Weldon" <not.disclosed@xxxxxxxxxxx> wrote in message
| > | > | news:Wwqqi.12398$Od7.11531@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx
| > | > | > 'BoaterDave' wrote, in part:
| > | > | > | **Indeed - your memory serves you well (this time!) However,
| > that
| > | > does
| > | > | > *not*
| > | > | > | explain why posts from you here invariably have different IP
| > | > addresses
| > | > | > when
| > | > | > | the day changes. You cannot, surely, be suggesting that when
| > folk
| > | > visit
| > | > | > | /this/ group and see the name of Peter Foldes that it isn't
| > really
| > | > you?
| > | > | > | People tend to see a name they trust and follow the advice
| > given -
| > | > how
| > | > | > easy
| > | > | > | it would be to mislead vulnerable folk in such a scenario. So
I
| > ask
| > | > you
| > | > | > once
| > | > | > | again, politely., the reason for the constant change in your
IP
| > | > address.
| > | > | > _____
| > | > | >
| > | > | > In the main, for DSL, an IP address is assigned dynamically to a
| > | > customer.
| > | > | > Each time a system (or for some setups the modem) connects to
the
| > ISP,
| > | > the
| > | > | > ISP assigns a new IP address from the block allocated to the
ISP.
| > A
| > | > | > static
| > | > | > IP address costs extra. If, for example, you were to examine
the
| > | > headers
| > | > | > for my posts to this newsgroup, you would usually see a
different
| > IP
| > | > | > address
| > | > | > on posts from different days. Each IP address would be picked
| > more
| > or
| > | > | > less
| > | > | > at random from the block assigned to the ISP. With a large IP
| > like
| > | > mine,
| > | > | > that would be from a address space of millions. If you look at
my
| > | > posts
| > | > | > with time stamps more than a few days apart the IP address is
| > | > different.
| > | > | > The IP address associated with your post is from the block
| > assigned
| > to
| > | > AOL
| > | > | > (172.192.0.0 - 172.216.255.255), an IP address space of just
over
| > | > | > 1,500,000.
| > | > | > My current IP address is as I make this post is 208.187.80.135.
| > If
| > I
| > | > | > disconnect my DSL modem, and post again, the IP address in that
| > second
| > | > | > post
| > | > | > will be different. So newsgroup identities are exactly as you
| > | > thought.
| > | > | >
| > | > | > There is no way to identify a newsgroup poster from the IP
address
| > in
| > | > the
| > | > | > post headers, even if the headers are completely legitimate
| > without
| > | > the
| > | > | > cooperation of the ISP because you need the records the ISP
keeps
| > to
| > | > match
| > | > | > an IP address with the customer AT THE TIME THE POST WAS MADE.
| > Even
| > | > if
| > | > | > the
| > | > | > customers IP address is static, though you might assume the
| > identity
| > | > of
| > | > | > the
| > | > | > poster, you'd still need the account records. This should take
a
| > | > court
| > | > | > order or a 'national security letter' these days.
| > | > | >
| > | > | > Some naive trolls who use different sock puppet posting names
are
| > | > exposed
| > | > | > when [they post from a small ISP (because the pool of ISP
| > addresses
| > is
| > | > | > small) or when they post from a static IP address] AND the style
| > is
| > | > | > suspiciously similar. But that is just exposure of sock
puppets,
| > NOT
| > | > | > actually matching a real identity to a post.
| > | > | >
| > | > | > As for your original question, which I think is about Panda
| > nanoscan
| > | > (ALL
| > | > | > the information for a newsgroup post should be in the BODY of
the
| > | > | > message -
| > | > | > the 'Subject' line should be a short phrase to indicate the
| > content
| > of
| > | > the
| > | > | > message). My thoughts on Panda nanoscan: there is no
compelling
| > | > reason
| > | > | > to
| > | > | > try it. On the down side it is 'Beta' (may have bugs, is not
| > ready
| > | > for
| > | > | > release, is at present for Panda's benefit, not the user's
| > benefit),
| > | > it
| > | > | > can't be very thorough in 20 seconds, requires installing
active-x
| > | > | > controls,
| > | > | > really gives no assurance that the scanned system is clean, and
| > | > requires
| > | > | > an
| > | > | > active connection to the internet. On the up side, it is very
| > quick.
| > | > | >
| > | > | > Phil Weldon
| > | > | >
| > | > | >
| > | > | >
| > | > | > "BoaterDave" <BoaterDave@xxxxxxxxxxxxxx> wrote in message
| > | > | > news:uj8F0CF0HHA.5644@xxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | In-line responses
| > | > | > |
| > | > | > | "Peter Foldes" <okf22@xxxxxxxxxxx> wrote in message
| > | > | > | news:OCx$NTE0HHA.1184@xxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | Sorry Dave . But I cannot comment on your request since I am
not
| > | > | > familiar
| > | > | > at
| > | > | > | all with the Panda software. Maybe someone will come along
soon
| > that
| > | > can
| > | > | > | comment on your question.
| > | > | > |
| > | > | > | **Thanks for your straight-forward reply, Peter. I'll wait
| > | > patiently!
| > | > :)
| > | > | > |
| > | > | > | As far as IP addresses go you do know that they can be spoofed
| > and
| >| > some
| > | > | > | people do it .
| > | > | > | You have been in a similar situation yourself when you had
your
| > ID
| > | > | > stolen
| > | > | > in
| > | > | > | the past so you know what kind of situation it can create
| > | > | > |
| > | > | > | **Indeed - your memory serves you well (this time!) However,
| > that
| > | > does
| > | > | > *not*
| > | > | > | explain why posts from you here invariably have different IP
| > | > addresses
| > | > | > when
| > | > | > | the day changes. You cannot, surely, be suggesting that when
| > folk
| > | > visit
| > | > | > | /this/ group and see the name of Peter Foldes that it isn't
| > really
| > | > you?
| > | > | > | People tend to see a name they trust and follow the advice
| > given -
| > | > how
| > | > | > easy
| > | > | > | it would be to mislead vulnerable folk in such a scenario. So
I
| > ask
| > | > you
| > | > | > once
| > | > | > | again, politely., the reason for the constant change in your
IP
| > | > address.
| > | > | > |
| > | > | > | BD
| > | > | > |
| > | > | > |
| > | > | >
| > | >
| >
______________________________________________________________________________________
| > | > | > |
| > | > | > | "BoaterDave" <BoaterDave@xxxxxxxxxxxxxx> wrote in message
| > | > | > | news:%23%23FF5pA0HHA.484@xxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | > Hello Peter! Thank you for the reminder.
| > | > | > | >
| > | > | > | > It would, though, have been even more helpful had you also
| > given
| > | > your
| > | > | > view
| > | > | > | > on the new facility from Panda as I'd requested.
| > | > | > | >
| > | > | > | > Whilst I'm here I noted that your IP address is currently
| > | > | > 64.228.81.234
| > | > | > | > Having checked your other posts on this group since 31 May,
| > each
| > | > IP
| > | > | > | > address
| > | > | > | > is different (save for on 5 July when 3 replies were made on
| > the
| > | > same
| > | > | > | > day).
| > | > | > | > The previous training given by you - to me - suggested that
an
| > IP
| > | > | > address
| > | > | > | > may be used to identify a particular poster. Others posting
| > here
| > | > *do*
| > | > | > | > maintain the same IP address. Will you, please, explain why
| > yours
| > | > | > changes?
| > | > | > | >
| > | > | > | > An additional query. On a separate newsgroup, on a private
| > server,
| > | > the
| > | > | > IP
| > | > | > | > address of a poster is shown as 127.0.0.1, viz:-
| > | > | > | >
| > | > | > | > X-Trace: dogagent.com 1185373384 26976 127.0.0.1 (25 Jul
2007
| > | > 14:23:04
| > | > | > | > GMT)
| > | > | > | >
| > | > | > | > I'd be grateful if you, or anyone else knowledgeable on such
| > | > matters,
| > | > | > | > would
| > | > | > | > comment on this. Thank you.
| > | > | > | >
| > | > | > | > David
| > | > | > | >
| > | > | > | > ***************************************
| > | > | > | >
| > | > | > | >
| > | > | > | > "Peter Foldes" <okf22@xxxxxxxxxxx> wrote in message
| > | > | > | > news:%23e7LSG$zHHA.5152@xxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | > multiposted not crossposted. Even worse
| > | > | > | >
| > | > | > | >
| > | > | > | > http://www.blakjak.demon.co.uk/mul_crss.htm
| > | > | > | > --
| > | > | > | > Peter
| > | > | > | >
| > | > | > | > Please Reply to Newsgroup for the benefit of others
| > | > | > | > Requests for assistance by email can not and will not be
| > | > acknowledged.
| > | > | > | >
| > | > | > | > "BoaterDave" <BoaterDave@xxxxxxxxxxxxxx> wrote in message
| > | > | > | > news:uRDXih8zHHA.4004@xxxxxxxxxxxxxxxxxxxxxxx
| > | > | > | >> Forgive the cross-post but, on reflection, I felt this
might
| > be
| > a
| > | > | > more
| > | > | > | >> appropriate place to ask this question!
| > | > | > | >>
| > | > | > | >> Hi - just wondering is any of the gurus here have tried it
| > and
| > | > might
| > | > | > wish
| > | > | > | >> to
| > | > | > | >> comment: See: http://www.nanoscan.com/
| > | > | > | >>
| > | > | > | >> David
| > | > | > | >>
| > | > | > | >>
| > | > | > | >
| > | > | > | >
| > | > | > |
| > | > | > |
| > | > | >
| > | > | >
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| >
| >
|
|
|


.