Norton AV 2000


KeyLabs tests confirm e-mail scanner fears in AntiVirus 2000

http://www.msnbc.com/news/349602.asp?cp1=1

Credit to Talismanic at HostClub.

socalgal,
Thanks for the heads up. Interesting article.
Makes ya want to stay off the bleeding edge sometimes, let the vulnerabilities of any new program expose themselves before rushing out and buying the latest...Dang, and I was just starting to ...trust those guys, their blase attitude of late, sure seems to be shining through.
........CHNsaw

Does anyone know if Black-Ice will protect this open port while Norton AV 2000 is scanning the e-mail?

Thanks,
Dave

the "pop" port is open all the time. in sort of a "listing mode, time_wait" you can confirm this by opening a dos window and run the command "netstat -a".

There is entirely too much paranoia;

I have more than one system. I'm sure that many of you do as well. One system has some personal junk on it, but nothing that would break the bank - I seldom go online with that system, my secure system never even sees a network connection. I regularly connect to the internet with a system that I wind up formatting at least every 2-3 months and experimenting with all the time. There is nothing on my Internet system that I care if anyone sees or screws up. Of course I would feel differently if we were talking about a webserver that was my site and livelyhood 24/7 (no need to quote that line in a reply) As for online shopping, I worry much more about the site on the other end than a hacker monitoring key strokes on my end - and as for intercepting 128bit encrypted transactions (2 x^y 128) - let me know when you guys crack RC5 would you?

I am posting this message with a Linux install that is barely a week old - yeah, I am loged on as root ..I know.. I know.. but I am online and off again - power off, and my IP address is dynamicly assigned each time, also, a hacker would first have to have the miracle of finding me a the precise moments I am online. And as far as a hacker reading my email - wow his life would be more boring than mine.

Virus is another matter, and like $ex, the best protection is to abstain from those executables or only do executables with a trusted friend - with antivirus protection of course. But occasionally even the best protection has a hole in it, and that is what this thread is about right - holes?

Beware, the online world is jsut replete with wicked crackers like me lurking in the dark recesses of your mind - seeking out how to enter your machine and rape and pillage...

"Lions and Tigers and Bears ..oh my!...lions and tigers and bears"

~edit: besides that all the little ego tripping cracker wannabes are out Pi$$ing objectional scrolls in AOL chat rooms.

[This message has been edited by CMonster (edited 12-25-1999).]

CMonster,

The lions, tigers and bears have visited me this month. I wasn't paranoid before, and I'm just a crabby mean old woman on this issue now.

Also, please remember that not everyone has or can afford multiple computers. I have 3 systems and two were visited.

Maybe you're right. It's not the lions, tigers and bears you have to be scared of. It's the wicked witch. http://www.sysopt.com/forum/smile.gif

Happy Holidays everyone, and may your new year be virus and trojan free!

I have been scanned quite often in the 2 weeks I have used BID. I got scanned 6 times in one day by different hackers from different areas and am a bit paranoid about it now. When I installed NAV 2K, I found trojans. I didn't like virus scanners becasue I figured noone would want to get on my system anyway, like CMonster alluded to.
Anyway, Does anyone know if BID will defend against this? I would hope that it does but I know there are ways around any protection though.
thanks-Dave

Black Ice? I must have missed this one. Anyone point me too an explanation of what it is and why I might need it? Thanks
Prospero

BlackICE Defender http://www.networkice.com/

A list of intrusions that are detected: http://www.netice.com/Advice/Intrusions/default.htm

daveleau, some more info re NAV2K http://209.31.36.222/bid-issues/_disc_bidissues/00000323.htm

Cruise the networkice site, you'll find many useful links and information.




[This message has been edited by socalgal (edited 12-26-1999).]

Below is some info I found which I believe explains well the setting up of a trojan and how that relates to using BID.

Trojans:

BI blocks command packets that come from outside your machine. A trojan on your machine cannot be activated on your machine without your machine accepting a command from outside to open it. A command to activate a prog on your machine would be viewed by BI as an attack and BI would shed the packets (not accept the activation commands).

The internet does not send commands to your machine in order for you too browse. Commands to open your browser and go to url's comes from you not from the internet and therefor are not blocked.

Example: If you go to an ftp DL site and click on something to DL BI will log that an ftp port was opened. It will not block it because the command to open the port originated with you by clicking on it however BI will blink because it is opening a port and finds it suspicious. It will only stop transmission if the command to open the port came from outside your machine first. BI doesn't block ports it blocks packets.

They are activated from the outside. They come in two parts the exe in your machine and the run prog in the attackers machine. For you to have BO in your machine you had do DL an infected prog somewhere and have inadvertantly installed it when you opened the "someprog".exe. it doesnt run from startup because the command to run has to be sent to it.

Its like any other .exe prog on your machine, except you only have half the prog., the other half is on the attackers machine. A BO attack is a command sent to your machine to open BO.exe (the actual name is disguised and hidden).

If your machine accepts the command then BO opens a port for connection. The BI firewall protects your machine from command packets sent to it from outside. I run both jammer and BI at the same time. Jammer is a BO and NETBUS trojan protecter.

The idea being that if a hole is found in the BI firewall jammer will catch it because it is unlikely that they will both have the same security flaw.


[This message has been edited by socalgal (edited 12-26-1999).]

Just a thought but the SubSeven trojan is called msrexe.exe and sits in your windows directory, it is loaded weither through the win.ini, the system.ini or the registry.

Interesting, I downloaded and installed black ice last night and low and behold, I was attacked while at work. Thanks for the info Socalgal.
Prospero

oh my beejeezus..... this is scaring me....

What about just not enabling poproxy in NAV2K? Wont this close the hole?

I know cable modem users are more vulnerable, but this is getting out of hand. My second probe from an @home user in less than four hours! Any relevent laws here? Both attempts have been from other states, maybe something federal about attempting across state lines? By the way, they were from RI and CT.
P.S. Yes I know port and trojan scans are pretty harmless unless you have the program running on your system. I still feel that my computer is my property and they are tresspassing. You wouldn't want someone peeking in your window or seeing if your door was unlocked by trying to open it would you?

[This message has been edited by Prospero (edited 12-27-1999).]

I dunno, I wouldn't be that worried about trojan scans. I am positive that I don't have the netbus patch, or BO trojan, and I'm using NAV 5.0 so I'm reasonably safe, right?

Well, I guess I attribute a bigger sense of security to my AtGuard firewall. It's like BID, but has a lot more features... and it's a bit more complex. In order to do anything, you have to set rules and give certain programs access or they're automatically blocked by the firewall.

Good info Socalgal. I'll have to look into Jammer. Thanks-Dave

No surprise there, huh? That'd be like Billy G. admitting that windows wasn't exactly the best operating system in existence!

It just kills mehow much we (gladly!) hand over to get the "latest" and "greatest" OS's, programs, etc., and they are, sometimes, making us worse off than we were before.

hmmmmmm.

Mike P.

I don't see your point Grandslammer...

Is NAV now equated to MS?

Or are you spreading negativity?

Some of you may want to try an "online" scanner in addition to your current anti-virus scanner. (just to check?)

Trend (PC-cillin) has "House call" which is free, and you don't have to input your email address unless you want to. You do have to download a plugin for your browser tho. http://housecall.antivirus.com/pc_housecall/

McAfee also has an online scanner, but it's a free trial, not just free. http://www.mcafee.com/
(click on the clinic free trial)

You probably have to turn off your "auto-protect" part of your scanner (real-time portion) to run these, otherwise I'd think they would bleep at each other.

The update sucks!!!!! Now it takes forever for netscape to load, and I have to hit the icon several times!! Errghhhh this pisses me off!@

I did the update and it works great...maybe something went wrong with yours elite

Looks like Symnantec called my bluff..

"New LiveUpdate Patch Removes Alleged Security Hole Created by the Norton AntiVirus 2000 Email Protection Feature". Hmm... "alleged" - sounds like they still aren't admitting it.. http://www.sysopt.com/forum/wink.gif
http://service1.symantec.com/SUPPORT/nav.nsf/docid/1999122317000206