kambliarup

Use firewall

The Mad Professor

Short an' to the point , yes a firewall will also help.
XP does have its own built in but it does have a few shortfalls,
Zone Alarm and Sygate are not bad for freeware but if one is really paranoid then I'm told a package called "Black Ice" was pretty good.

__________________
It may seem like a good idea at the time , but never stir your cold coffee with a soldering iron.

ThermalRunaway

Yep I should have installed protection - my main computer is but this is just a media playing machine which rarely connects to the internet so I hadn't bothered. I won't make that mistake again will I!!!

The PC is used for multimedia entertainment. I use it to play my audio music collection, music videos, and for satellite navigation. Also, it records from two discrete video cameras.
It does have wifi capability so I could browse the internet on it if I drove to the nearest insecure domestic wirless router, but I've not used it for that yet. The only reason I had it connected to the internet yesterday was to download and install some drivers and applications.
Unfortunately the main application I use on the system doesn't have a good Linux equivalent so unless I'm willing to give that application up (which I'm not) I'm stuck with Windows.

Brian

Styx

err NO that would not stop a virus!
It will stop a worm IF a port that the worm explioits is blocked

look at the msBlast virus&worm partnership

there was a major vuln in the RPC stack of all NT-based windows and a worm was written to exploit this and overflow its stack dropping to a root-prompt allowing the worm-part or msBlast to download the main virus payload which then infected yr machine and started then probing all known IP addresses (local and global) to spread

all in all a firewall would NOT of stopped this since the port that RPC was on had to be open for windows to work in most cases


Firewall to stop worms and virus-scanner to stop viruses
All a firewall does is blocks internet traffic on certain (or all) TCP/IP ports

__________________
Nothing is impossible.
Once a problem is realised, the rest is just details

The Mad Professor

Without protection the average user has about ten minutes before the machine becomes infected. It's a sobering thought. Now if only some sort of hardware antivirus were available that protect the computer it would solve a lot of woes.

__________________
It may seem like a good idea at the time , but never stir your cold coffee with a soldering iron.

ThermalRunaway

The thing is you have to strike a balance between a protected computer and a useable computer. If your computer is too tightly squeezed with protection software, you'll find that even when you want to do legitimate things the protection software won't let you. For me, my antivirus and firewall software has to be very discrete - I don't want it stopping me from doing the things that I want to do.

It's like that at work at the moment - even downloading a datasheet is a problem and it sucks. If you can find a website where they offer a datasheet as a .pdf to view, then it works fine but if you try most of the datasheet websites where they use a scripting language to start the download process for you, the datasheet download gets blocked and the firewall won't let you fetch it. The amount of time I've wasted because I haven't even been able to get a datasheet is unreal! So the more tightly protected the computer, the more productivity suffers.

Brian

Styx

I dunno my Linux-box is perfectly safe and I can do whatever I like with not alot of restrictions.

its all about conditioning:
do not run as root/Admin,
only install stuff from trusted sites
know what you have installed (on my XP box I audit it every month)
know what is running

thats it

__________________
Nothing is impossible.
Once a problem is realised, the rest is just details

Nigel Goodwin

You would have to be particularly stupid to get infected in 10 minutes!

To catch a virus you have to download and run something - the most comon method of spreading them is by email, and as most are targeted against Outlook and Outlook Express it's a good reason NOT to use them. If you're not downloading emails then that takes care of the biggest problem.

Next is downloading files and running them, particularly from dodgy sources, so if you don't do that, then the next biggest problem is overcome.

I suppose the next problem is direct infection from web pages?, probably the biggest risk here is spyware, but you can catch virus's that way as well. Easiest simple 'improvement' is to increase the browser security and disable all the dangerous facilities like Java or VB scripts.

But I would suggest the first thing you should do is use a router with an in-built firewall, that stops direct attacks on your machine.

__________________
PIC programmer software, and PIC Tutorials at:
http://www.winpicprog.co.uk

spuffock

The reason for viruses? Consider that the world has become lumbered with a piss-poor operating system by default, something that has behaviour reminescent of a tumour. Maybe, by exploiting its many shortcomings in a destructive manner, the virus writers hope to do the world a favour by making it totally unusable?

Styx

Actually not.
The most common method for internet connected PC's are via WORM's
I had to re-install windows XP a while back and I had to patch the oh-so-many vuln that existed in windows (MS-Blast comes to mind)
within 5~6min my machine was already infected AND that was just after a fresh install AND trying to patch and update virus-checker & windows!!!

an unpatch Windows ### will get infected within 5min on connection to the internet!!


so question how do you protect yr machine from vuln that exist within the OS and hte only way to patch those vuln is to connect to the internet...

since SP2 for XP there as been over 100patch released for XP, until SP3 is released that can be d/l onto another machine AND then patch a fresh XP isolated from the net (to then upgrade all the other software ) THEN you will just get infected!!

since I am re-building my PC in Nov/Dec I am faced with the prospect of when I goto install XP, even with NOD32 & Kerio install I shall be vuln for at least 5min untill the relevant patches are inplace...

so tell my what to do.

the internet is like a cheep dutch brothel, would you go into one unprotected? but what if the protection you needed was in the brothel?


Also a router with a built-in firewall are ONLY NAT firewall and only protect against packet-attacks (invalid CP/IP packets), the MS-Blast worm was valid TCP/IP data and passed through EVERY single hardware firewall their was. Since most PC's at that time needed the RPC port open the data was not stopped by software firewall, allowing the MS-Blast worm to buffer-overflow RPC and execute local root/Admin command to d/l a remote file (the main virus) to infect yr machine and then spread on

__________________
Nothing is impossible.
Once a problem is realised, the rest is just details

Styx

Basically for my Windows setup I have:

Hardware F/W in router --> S/W firewall (Kerio) --> A/V (NOD32) --> restricted user

For Linux:

Hardware F/W in router -->Kernel firewall (iptables) --> normal user

__________________
Nothing is impossible.
Once a problem is realised, the rest is just details

hjames

?
The MS-Blast worm should be blocked by any external firewall worth it's salt. For example, I've had a low-power Via/Linux machine running for the last 3 years that does NAT and doesn't allow *any* packets from the outside world to touch my (woefully vulnerable) windows install unless it's a reply. Unless you poke a hole in your firewall for TCP port 135 explicitly, no computer outside the firewall even knows of the existence of anything inside the NAT, much less how to send any packets to it.

However, most firewalls aren't configured to block outgoing virus packets, so that might be where things are getting confused...

Styx

yes that port should be closed by a H/W router OR S/W firewall, but at the time (well just before the outbreak) that port was needed to be open becuase RPC liked to talk to MS

after the patch the exploit was fixed and its "wanting to listen" was stopped, but the point still stands

__________________
Nothing is impossible.
Once a problem is realised, the rest is just details

akg

i have been using a win98 for past 3 yrs ,(it has avg) and it has never got any virus. yes i do take precautions .
again disabling scripting will disable a large amount of functionality in the browse (sure it has vulnerabilities) , most of the spy ware comes in the form of ActiveX , taking care of that will help a lot

__________________
Gods own Country
Incredible !ndia

www.flickr.com/photos/_akg/

"Give a man a fish, and he will eat for a day. Teach that man to fish, and he will eat for a lifetime."

evandude

Maybe in 10 minutes, but not much more:
http://www.securityfocus.com/columnists/262
according to that, an average unprotected windows XP computer will be infected in around 20 minutes of being connected to the internet.

I, too, run a computer in my car, and even on that, the first thing I did after installing windows, BEFORE I connected it to the internet to download drivers/etc, was to install AVG antivirus, which is small and free. On my desktop PC, I always install NAV before I hook it up to the network for the first time. AVG may not be anywhere near as secure as the mainstream ones, but it's a whole lot better than nothing, and doesn't use much system resources. That will become even more important if you ever decided to hook up a wireless network card to your car computer to get internet access at the free wifi hot spots you sometimes find. Getting a virus in the middle of a road trip and losing access to your media (and even worse, GPS navigation, if you use it) would really suck!

As for the motivation for people to write these viruses, well the purely malicious ones are mainly for the 'script kiddies' to have their fun and maybe make their name known amongst the hacker community... but the ones with popup ads like you seem to have gotten probably have some financial incentive; the popup ad company makes money off the additional exposure, primarily from not-so-computer-savvy people who don't realize that any company whose popup ad reaches you by way of a virus infection is probably not one you want to do business with.

__________________
EEgeek.net