i have norton 2000 running and sometimes im curious if there really anything on my hard drive. i remeber when i had macafee and installed norton it found 4 viruses. i was pretty mad. since i do alot of downloading i was wondering is there a free virus scanner that updates and works really good? just want to make sure.

thanxs

JaYsin

http://www.free-av.com/
I heard from here on SysOpt that is supposed to be a better virus detection program than the other popular ones we all know and love.


Here is an approach to virus detection that I don't recommend for the faint of heart.

I don't run any virus scanning programs and I am constantly on the net with downloads and what not. I keep very upto date with the virus library on the Symantic site:

http://www.symantec.com/avcenter/vinfodb.html

Generic text in an E-mail such as "Check This Out" sets off warning bells in my head. I tell all my contacts that if they want to send me something as an attachment, they had better use my name in the text of the E-mail or it is blown away. If a questionable E-mail comes in I send an E-mail to the sender asking if they did infact send it. Some viruses will access the addressbook of Outlook Express and send themselves to 23 of the listed E-mail addresses in the addressbook the next time the unwary user sends an E-mail. Happy99 was one of these types of viruses.

I teach everyone that I know how to set up there virus scanning software so that I can feel pretty assured that I can receive .exe's and other potentially dangerous files formats from them. Most people think that since they had a virus program setup on their hard drive OEM that they are protected. How wrong can they be. When they look over the program settings they find that E-mail protect wasn't turned on. This is typical. The scanned items does not cover half of what it should.

All programs come with the available preferences and options to be set up. If you don't set them up, the program will not be optimized for use. Virus scanning programs are no different. Even if I had a scanning program I would not set it to boot with Windows since I don't perform actions everyday that could let a virus in. I use the online scan on mcafee.com. To use it at a later date, all you have to do is get a E-mail address that is different than the last one you used to register with them.

ICQ has a neat feature with E-mail. You can check for E-mail on your ISP with ICQ E-mail check and if you see any E-mails you don't want to receive you can Delete them. I have a buddy, Bruce that is into receiving everything that is sent to him and he refuses to setup his Virus scanning program properly. He doesn't see the problem since it seems to be working fine out of the box. Well he has lost his drives 3 times now. Would you receive anything from this guy?. No? Well either would I. I use the ICQ E-mail check and blow away anything he sends with attachments.

Another way to keep virus's from doing to much damage is to keep a proccess of ilimination going on your computer. Do Scandisks and Defrag on a regular basis.

http://www.geocities.com/SiliconValley/Circuit/9147/tippages/beemerswindowstips/maintain.htm

Learn your file system and its contents to a "T". Keep all programs updated and set all your preferences for all programs. Learn and Create what is to be expected from your computer. When you have this type of a system, you will notice any little glitch at a moments notice.

If you think something is happening, hit Ctrl + Alt + Delete and see what is running.

I did just this and found the Pretty Park Virus on here. I shut it down and restarted in MS-DOS Mode and did a scanreg /restore. Blew away the E-mail that contained the file upon returning to windows. Success!

The moral to this story is to no that the hazzard does exist. Take what ever steps you need to take to remove the potential for virus's infecting your system. Do your updates if you are to leave virus detection to a program.

Remember though that virus detecting programs are only as good as the .dat files they are equipped with. If a new virus comes out you had better know about it because your virus program does not.

We can slow down the popularity of creating virus for the world if we can make it hard on the creators. If everyone gets an attitude of serious virus detection techniques, the virus's won't spread.

Ignorance Spreads the Virus

Cheers!

[This message has been edited by Beemers (edited 10-22-2000).]

I use CAs Inoculate.

It's free iffin you sign up for it, or do you have to sign up to just get....

http://www.ca.com/registration/

I use two virus scanners at the same time. One being Norton and the other a freebie called PC'illin.
The downloads/new virus pattern on PC'illin are unlimited and free.

What is interesting is that I have been the victim of a virus twice. The first time Norton caught it and PC'illin didn't. The other time PC'illin caught it and Norton didn't.

Does anyone else use two? Although I have never had a problem I did hear that using two can conflict with each other.

Ooops,

sorry about that, someone replaced my brain with a squashed mushroom.

PC'illin is NOT a freebie. I got it as part of a Mobo package I got a few months ago. It is very good though!

Great start for a very junior member!

Don't worry about it. You are allowed one.

Cheers!

i do lots of downloading to and i have been online for over 5 years now.I have never ever got a bug at all and i dont even have anti virus program installed or even a fire wall i think they are a waste of space on my harddrive

Let me guess drn.....you don't look both ways before you cross the street either because its a waste of time right?

Just remember, its not the thousands of cars/trucks that miss you that kill ya, its the one you didn't see coming that does!

We'll try to hold our "I told you so" comments in check when you finally get nailed by a virus or a hacker.

Target is well er, umm, well on target. Aptly stated, btw.

In today's age with the size of HD and the small footprint of most AV progs, there really is no excuse.

PO brings up a great point. NOT ALL AVs are equals. MaxPC once did an AV test with 500 viruses (makes you think of a virus that only corrupts viruses...never mind) and 5-6 AV progs. Not one got all 500 (475 was the most) and not one virus remained undetected, but it kinda makes you think...

Not that I am suggesting running 6 AV progs...

Zonelab's (http://www.zdnet.com/downloads/partners/zonealarm/download.html) free firewall is supposed to have a MailSafe feature that contains script files; don't know how well it works though.


Fixed link. -Socalgal

[This message has been edited by socalgal (edited 10-27-2000).]

I didn't think there were 2 of us out here drn. You must do online scans or something?

Cheers!

[This message has been edited by Beemers (edited 10-27-2000).]

I'm using ZA Pro and the MailSafe works well for me. Picks up those attachments right away http://sysopt.earthweb.com/forum/wink.gif

Way to go DRN! I don't have any virus scanners or firewalls running, either. I'm glad to see there's still someone out there that hasn't been brainwashed by these paranoid idiots.

Yes, alrighty, you should certainly run a virus scanner or maybe even two PERIODICALLY. Don't have them constantly running, scanning and rescanning every file on your hard drive. That's just stupid. These thing suck up massive amounts of memory and more importantly, processor power! We're all on the sysopt.com site here, aren't we!?
A virus will sit on your system for an incredably long time before it actually does anything, that is, if it was ever intended to do anything. Think about it. If a virus blew everything up the second it got on your machine, how would it spread? These things stick around forever without making a peep. Running a scan once a week or so is more than enough to catch any nasties that might have made their way onto you computer.
I have over 380 virus' uncompressed, on my hard drive right now. Am I infected with even one? No. That's because you actually have to EXECUTE a file to become infected. If you get an infected e-mail attachment or somebody sends you an infected file over ICQ, it's not the end of the world.
Just turn boot sector monitoring on (it'll be something different on everybody's board, just look for something that says virus) in the BIOS. This actually prevents anything from modifying that boot sector with next to no memory or speed penalty. This is way better that some of the virus scanners out there which only scan and rescan every file for a specific virus. They don't even protect your boot sector. They'll tell you if the boot sector has been modified, but by then you're already infected. And getting a virus out of the boot sector is a hell of a lot hard then cleaning a file or two.

Don't even get me started on these so called "firewalls". What a joke. I have no respect for anyone who has one of these programs on their computer. All these programs do is close every single non-essiential port, then log everything and flash lights at you when something unexpected happens to one of the few ports left open. This causes tons of problems with an infinate number of applications because things have to open ports to work!! And the same thing about speed and memory applies here, too, although not to the extent of a virus scanner. These programs are totally unnecessairy because anyone that has an IQ that can't be calculated with the fingers on one hand can secure an internet connection if you're not running any servers. Hey, I'll even tell you how because I'm such a nice guy. Start by unbinding (or removing all together) file and printer sharing from the adapter that you use to access the internet. That's step one. That'll keep about 95% of the script kiddies out of your machine. Now, open a DOS box and type "netstat -An", this will tell you what ports are open on your computer, and what they're connected to, if anything. It's pretty easy to spot anything that shouldn't be there if you know what ports are supposed to be running. That'll tell you if there are any trojans, back doors, whatever you want to call them running. It also wouldn't hurt to check out the Windows Update page once in a while.

So there you go. If you like watching 486s scream by your new Thunderbird, then fire up your 23 virus scanners and firewalls.

drn, Mabus - just a little observation from one who was very much like you until recently, I had anti virus but no fire wall and figured I was safe until I tried a free virus checker that came with a fire wall that I wasn't familiar with - did a little poking around my ports with it and discovered that some one(s) re-named my ports (lots of ports) Like "virus king" and "stealth hacker" etc. - I was horrified - I figured that if I stayed pretty much to safe sites and download areas I would be safe. The thing is, these ports were running silently in the background - no telling how long they had been monitored or accessed by persons unknown. Now I take my PC security much more seriously. If you have never looked closely at your system I suggest you download some software at least to look around your system critical areas. I use zone alarm and InoculateIt if any one is interested.

In my opinion it would be irresponsible to not use an AV program.
Recently my wife recieved a virus from a person she knows, and if it wasn't identified by Norton's, she may have opened it because it came from a "trusted" source.
Checking the header of the E-Mail showed that it was sent to about 2 HUNDRED people.

Lets say for example that my wife or I made a mistake and opened that mail without an AV program.
Every single person in our address book would than have recieved it. These people would be my friends. Some of those people are not computer savy and trust me.
Don't know how you would feel, but it would make me feel pretty bad.
Just my two cents.
Dave

InoculateIT and updates are freely available (www.cai.com/)I have installed ZoneAlarm on other peoples PC's it seems to be working very nicely I connect via a firewalled Win2K box here at home and have dutifully followed the advice of Steve Gibson check out Shields Up: https://grc.com/ or a very thorough analysis in the following tutorials: http://grc.com/su-bondage.htm. Turn off auto passwd completion on M$ applications and be selective about where you surf and what attachments you open. I have been infected twice since the 80's once from a floppy (Angelina - yeah ages ago) and last year at a LAN party where I had InoculateIT turned on. Normally I do not allow AV's to use resources just got into the habit of right clicking and scanning any sus files.

It will make no difference to me what anyone has to say I well still think they are a waste of time and hard earned cash. Not to mention the ram they burn up as long as you scan then once in a while you will be fine.
I do lots of downloading as well as send a receive a lot with icq. Never to this day have I ever got anything at all.well with 5 years online without anything at all I real think spending all that cash to keep them up to date is a waste.if you think about it I would have spent over 300.00 bucks in 5 years for nothing at all except a ram hog.
I build sys for a living and anything I send out does not have a AV program on it unless I cant talk the customers out of it.
I have 7 Sys's setup here 6 as severs without any AV programers at all so I really cant see the point of them at all

Drn, I too don't run an AV in the background & only manually on occasion. But you & I probably aren't the average user. Many people simply click on bright, pretty links whenever they see them. Download email attachments that sound cool & run them. Maybe an AV running in the background might detect a virus, maybe not. But it's probably a good idea for the average user to run one.

He he. Thanks for that BFlurie.

BFlurie to non-politically correct translation:

<rant>
People who have a clue don't run idiotic programs like firewalls because they can very easily see which ports are open.

People who have no idea what the hell is going on, the ones who are stumped for hours looking for the any key, should run the firewalls and virus scanners to prevent them from damaging their computers because they ran the e-mail attachment that was named "RUN ME." </rant>

And in reply to Johnqp's remark; it's very easy for anyone to check what ports they have open. One DOS command and you're there. No firewall needed... or wanted. But wouldn't know that because I'm sure you've never even heard of DOS before. In my last message, I did in fact tell you how to check your open ports through DOS.

Yes MABUS I have heard of DOS - as a matter of fact, I prefer it. However I have better things to do with my time than root around DOS looking at my ports. (Whoo Hoo) And finding ports open that shouldn't be open is like closing the barn door after the horses got out, that's why smart people use fire walls and anti virus programs. (at least people who have a life)

Interesting,i haven't got any AV programs ,i do have zone alarm and if i've been out surfing the unknown then i take a trip to http://housecall.antivirus.com/housecall/start_pcc.asp this is free and as good as it gets from PC-illin.com

Mabus, I tried using my Boot sector virus protection long before this post. I found that many of my hardware would refuse to work after I regularly reformatted my HDD. I was able to fix this(by turning off the BSV protection), but I then found that turning this off stopped alot of my programs from crashing as often.
As for checkers, definately do not use MSAV. It is a complete pieca $%^&. Just delete it, it wastes space. Going with a big name checker, such as Norton or Mcaffe does have adavntages, like being able to send a suspicious program in and getting it checked. I had one before that really screwed up my PC. I e-mailed norton and they said it probobbly was. I ended up having to reformat my HDD, but I got the ^&*(ing thing off. I mailed them one of the programs. Point is that they are very helpful in helping you cope with a PCbug http://sysopt.earthweb.com/forum/smile.gif.

[This message has been edited by -VictoryFleet- (edited 11-18-2000).]

_VictoryFleet-, that's pretty wierd how your hardware wouldn't work. But as to programs always crashing, that's probably because you're infected with a virus that keeps trying to write to the boot sector. I dunno, I'd check it out. Maybe I'm wrong. =)

Johnqp, man, I don't believe for one second that you know the first thing about DOS. One command shows you all open TCP and UDP ports. Easy as that. I'm a fairly elite hacker and the network administrator of two local elementary schools. I maintain 70 computers, the switched network they run on, a mail and proxy server running NT <<blah>> and a Cisco router. (The router does have firewalling capabilities which are all enabled, by the way. That's the ONLY firewall I believe in, a hardware one) I know C++, Pascal and I'm learning assembly. So all you people in internet land, make your own judgements about who to believe.

Oh and by the way, I was doing some serious testing of firewalls (well, BlackICE, which is supposed to be one of the best, I might add) over the weekend on my friends computer. He was running the new version of BlackICE with the security settings at maximum. I was using my cable connection at my house. At first I tried a few things to see if it would set it off. Nothing. So I tried a few more. Nothing. I went through about half an hour of that with absolutely no reaction out of BlackICE. I found this very odd, but not completely unexpected. I eventually resorted to doing multiple, simultanious port scans of both TCP and UDP on his computer. After about 5 - 7 minutes of that, BlackICE finally woke up and gave him the TWO attacking computers. It turns out that his computer was the one attacking his computer in addition to mine. =) And that was with no IP spoofing or any attempt by me with-so-ever to hide my true identity. What a great program, eh?

O.K. For everyone except Johnqp, because he's too smart, here's how you really see what's happening on your connection.

Hit Start, Programs, then MS-DOS Prompt. Now, type exactly this:

netstat -an

That'll list all the open connections and ports on your computer... including all the ones that BlackICE didn't think you should know about even on maximum security. It'll give you something that looks like this:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 123.123.123.123:137 0.0.0.0:0 LISTENING
TCP 123.123.123.123:138 0.0.0.0:0 LISTENING
TCP 123.123.123.123:139 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
UDP 123.123.123.123:137 *:*
UDP 123.123.123.123:138 *:*
UDP 127.0.0.1:1026 *:*

Now, the 123.123.123.123 is where your IP would be. The number after that is the port. So where 123.123.123.123:137, 137 is the port. Pretty straight forward. Now the stuff on the left columb (Local Address) is about your computer, the stuff in the middle belongs to the remote computers. (Foreign Address) 127.0.0.1 is localhost. Every computer has it, forget about it.

That's what most idle connections should look like. If you're running ICQ or whatever, then you'll have an additional open port. (if you're running a new version you'll have more than one, this is a pathetic attempt by AOL to try to confuse hackers as to which is the real ICQ port. I guess they figured that would be easier than actually writing a secure program) Here's what a computer running ICQ would look like:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:3255 0.0.0.0:0 LISTENING <- ICQ opened Port 3255
TCP 123.123.123.123:137 0.0.0.0:0 LISTENING
TCP 123.123.123.123:138 0.0.0.0:0 LISTENING
TCP 123.123.123.123:139 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
UDP 123.123.123.123:137 *:*
UDP 123.123.123.123:138 *:*
UDP 127.0.0.1:1026 *:*

See the difference? ICQ has now opened up the port 3255. ICQ opens a different port every time, so don't expect to see port 3255 on your computer. If somebody sends you a message, you'll see another connection:

TCP 123.123.123.123:3255 124.124.124.124:1299 ESTABLISHED

As their computer is connected to port 3255 (the one ICQ has opened) and is sending data to that port.


Now, if you're looking at a web page, it'll look something like this:

Active Connections

Proto Local Address Foreign Address State
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING
TCP 0.0.0.0:1097 0.0.0.0:0 LISTENING <- A random port temporarily opened (1097)
TCP 123.123.123.123:1097 209.10.73.149:80 ESTABLISHED <- Then, port 1097 connected to the web site.
TCP 123.123.123.123:137 0.0.0.0:0 LISTENING
TCP 123.123.123.123:138 0.0.0.0:0 LISTENING
TCP 123.123.123.123:139 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1025 0.0.0.0:0 LISTENING
TCP 127.0.0.1:1026 0.0.0.0:0 LISTENING
UDP 123.123.123.123:137 *:*
UDP 123.123.123.123:138 *:*
UDP 127.0.0.1:1026 *:*

See how more ports and connections are opened? Now we know that this connection is O.K. because it's connecting to port 80. Port 80 is the HTTP port. 209.10.73.149 is one of the SysOpt.com web servers, by the way.

So it's pretty easy to see how this works. There's a port on the left, that's your computer. Then right next to it is what that port is currently connected to. *.* and all zeros are wildcards, and mean that it's not connected to anything.

Now see ports 135 through 139? Those are Windows networking ports. If you see somebody connected to one of those, odds are somebody's into, or trying to get into your stuff. Now that one's a bit tricky because sometimes you want people in your stuff, like if you share files or printers over a LAN. But if you're not on a LAN, then definately check that out. And great thing is here, you can see their IP. Just write down the time and the IP and call their ISP. Most ISPs will give somebody the boot for something like that.

Now, if you see open ports like 12345 or 31337 on your computer. YOU'RE INFECTED WITH A TROJAN! 12345 is the port Netbus runs on, and 31337 is Back Oriface. Any other suspicious ports you see there you should check out. Some of the other common ports you might see are 135 to 139 (Windows Networking), 80 (HTTP, a port used to look at web sites), 21 (FTP, a file transfer port), 25 (SMTP, mail sending port) and 110 (POP3, mail receiving port). There's a list of ports and what services they represent in a file called SERVICES (not services.txt) which is in your Windows directory. If you're not sure about your connection you can mail me at evilknievel@accesscable.net and I'll help you check it out.

...ARGH! O.K. This stupid message board killed all my tables! Do one of you moderator dudes want to fix them up for me so people can tell what the hell's going on?

Mabus, this UBB soft doesn't support tables and certain formatting.

Also, may I suggest you tone down a bit your disdain for those who to decide to run firewalls and AV programs. Don't put down others here, but rather inform and share your knowledge. That's what this site is about.

In addition to ports 135-139, port 445 is another NetBios port that is used to access files on the Windows network, at least on W2K. Seems to be a neglected port when this kind of topic comes up - why is that?

Another good security practice for users of Outlook Express and Eudora is to set it/them to read email in the Restricted Sites zone. Then, disable everything in that zone.

Edited my statements that were off the mark.

[This message has been edited by socalgal (edited 11-22-2000).]

Well, looks like I rattled a few pocket protectors out there! Mabus, I'm glad I gave you an excuse to post your resume for everyone.
I was just trying to make a point that not everyone has the time (or desire) to be compu-elite. People come here (as the originator of this topic) to be informed. Telling them that you are so elite with computers that you don't need fire walls and virus checkers does not answer their question.
I still fail to see how typing in a simple dos command to view active ports that may be under attack PREVENTS the attack in the first place.
What steps do YOU take to ensure you don't receive a virus or port attack is what's on the mind of the originator of this topic.

Ports, internet and networking are not my strong points so I'm one of the "lame" ones that use a "crutch" to keep myself safe. I used to think Zone Alarm was good and best of all, it was free. Then one day I happened upon a security test over at Symantec's site that tests your system for "holes and weaknesses" that can be exploited over the internet. Zone Alarm did not prevent my browser from sending out info that I did not want spread. Presumably items such as my name, email address, phone numbers, account numbers, passwords and others. The fact that my email address was given out without my knowledge probably explains why I started getting unrequested junk mail about three months ago. I now use Norton Internet Security and I'm quite pleased with it. It passed all of the tests at the Symantec site and yes, I know, it probably should, right? I can prevent whatever specific info I want from being sent out from my computer and I can block ads at the same time so I get faster downloads of pages. If you think nothing's being sent without your knowledge, I wracked up 8148 security area requests that were allowed and 110 privacy area requests that were denied just from surfing to 4 quite prominent sites this evening. As I said, this is not my area of expertise but I find AV programs and firewalls to be good investments for me. I also think they're resource hogs and don't run them when I'm offline.

[This message has been edited by Mark (edited 11-21-2000).]

I too, have been a heavy PC user for the past 6 years, and have NEVER encountered a virus on any of the computers that I have owned. I have cleaned & fixed many computers that have been infected. I also do not run firewall or virus protection (i agree - they are hogs...taking up system resources). I believe that if you know what you're doing, and don't open attachments from strangers...you'll be fine. I do have my equipment imaged, just in case of failure.

I ran netstat -an and I see a lot of what you are talking about. But on mine, in the column under State, I also see TIME_WAIT, ESTABLISHED, CLOSE_WAIT, as well as LISTENING. What does that mean?

HOW SAD http://sysopt.earthweb.com/forum/frown.gif

A FINE thread occupied by Brilliant minds such as

Beemers
Target
Johnqp
Bflurie
and many others,

There was a CHANCE to make it into a great learning experience for those who are not so very Experienced.

This Chance was destroyed by some who wish to cause disruption.

Probably the same personality types who caused disruption as children in School.

Another thread TRASHED http://sysopt.earthweb.com/forum/frown.gif

DrVette

It still is, Richard. I saved this page 'cause the netstat -an command is very interesting, along w/some other stuff.

To any others, do you have Microsoft Networking (or Netware) installed & bound to the TCP/IP protocol? Or File & Printer sharing enabled & bound to TCP\IP? All this can be found in Control Panel/ Network. This is definitely a no-no unless a box sits behind a very good firewall(s).

[This message has been edited by BFlurie (edited 11-22-2000).]

^bump^

Here's another Internet Security Analysis site which gives a somewhat different kind of analysis than the Symantec site:
http://privacy.net/Analyze/

Richard_cranium72, man! Don't be so sensative. It's all in good fun. You've never been to HardOCP, have you. http://sysopt.earthweb.com/forum/wink.gif ...just ordered a Duron 700 and board by the way. Already got my water cooler built. =) Chevette heater core and a 12v windshield wash pump. Works mint. =)

Johnpq, the entire purpose of the SYSTEM OPTIMIZATION site is to get more speed out of your system. I was TRYING to show the people who actually wanted to know, how to secure their connections without using a firewall. If you actually bothered to try this out, you'd see very quickly how powerful the netstat command is. I.E. You wouldn't need that firewall to tell you that those ports that horrified you so much were open. And this command tells you what ports are open, that's the whole idea behind making a connection secure. What exactly do you figure firewalls do? Shut down ports. That is how this makes your connection secure. It's just I'm showing them how to do it manually without having a program continuously running in the background. I'm sorry. I should have described a little about the inner workings of TCP/IP before I jumped into telling you guys how to shut down ports. A PORT HAS TO BE OPEN FOR SOMETHING TO CONNECT TO YOUR COMPUTER. There we go.
But in addition to telling you what ports are open, it also tells you any open connections. This is only good if you catch somebody in the act, but hey, it's there. I use it a lot as I get around 5 or 6 attacks each week because I purposely leave a ton of ports (that are totally secure) open and a whole mess of hard drive shares just because I like bashing script kiddies so **** much. And pocket protector, nice jab. Just because you know a lot about computers doesn't mean you're a dork. FYI: I race and modify motorcycles.

Socalgal, hey you have me all wrong. You definately have to run a virus scanner. How else would you know if you did manage to catch a virus? And yes, I've had a bunch of virus' in the past. I'm just saying don't leave your virus scanner running continuously because that's a TOTAL waste of your supped up processor.
And about the port 445 Windows 2000 thing. You're only partly right. Port 135 through 139 (both UDP and TCP) are in fact used for NetBIOS, but port 445 on Windows 2000 is certainly not NetBIOS. Windows 9x just pipes all it's SMB data through NetBIOS, and SMB is the protocol used for file and printer sharing. Now when they came out with Windows 2000, they just figured they'd finnally cut out the middle man and give it it's own port.

Mark, that's awesome. Shot down another one for me, thanks. =) But now you have me curious about Norton Internet Security. I'll have to check that one out because it seems we might actually have a legitimate one here boys! =)
As for the 8148 security area requests, I'm almost certain that's just the web page requesting cookies from your computer. That's nothing you should be worried about. The other 110 that were denied were probably just requested cookies that Norton figured gave about a bit too much information, so it denied them. Personally, I couldn't care less about how a web site tracks how many times I've visited it. But hey, that's me. If you're the ultra-paranoid, built a bunker for Y2K type, then you might want to disable it so "the man" can't see what you're doing.

Techcoor, uh.... maybe that's not the greatest idea in the world. I just said don't have one running ALL of the time and to do regular, periodic scans. Not eliminate them from your system all together.

Ricomania, excellent question!! I'm impressed that you spotted that! Actually, there are 6 states a TCP port can be in. But you got the important ones. Basically all you have to know is LISTENING means that the port is open and is waiting for information, but nothing necessairily has to be connected to it. All the others have to do with connections that are in progress. But really, that's a great question.

BFlurie, uh, actually you only have to unbind file and printer sharing from the adapter you use to connect to the internet. If you're on a LAN you'll probably want to keep that around so other people can get to your stuff. Just go into TCP/IP -> (whatever adapter you use to surf the net) then bindings. Uncheck file and printer sharing. Ta da! Now file and printer sharing is effectively disabled for the internet, but not your LAN. Even if you have it bound, but you have no shares, you're fine. Right now mine's bound with my drives shared as read-only. I like that because it lets people in, but they can't mess things up. I don't even have a password on my shares. I let everyone in because if you have this set up correctly, you can view and EXECUTE other people's stuff exactly as if you were browsing a share on your LAN. And with somebody with an MP3 collection as extensive as mine, I think it's fun because anyone can play them right off my drive, without having to download them. =)

Woah, just a little note on something I spotted at the very beginning of the thread. Defrag and Scandisk have nothing to do with catching virus'. Scandisk corrects errors on your drive, and defrag rearranges your stuff so things load up faster. You MUST have a virus scanner if you want to be able to scan for bugs.

...and by the way Richard, I'm still in school.

Mabus, welcome back. I guess we know now why we haven't heard from you for a while. http://sysopt.earthweb.com/forum/smile.gif Thanks for the feedback.

I'm not particularly paranoid but I don't like the idea of someone snooping around my computer without me knowing about it, especially since I use an older financial management program to track my meager resources. The fact that it's possible to "sneak in" unannounced got me interested in putting up a "fence". Norton allows me to specifically prevent info such as passwords, account numbers, phone numbers, email addresses and anything else I want from being sent out without my permission. I can also, of course, block Java and ActiveX. I'd read some of the stories and didn't want to become a victim myself. Therefore, after doing some research I bought the program. I agree that the info my firewall allowed in and out was innocent but I'm not so sure about the 110 blocked requests. Anyway, I was amazed at the amount of data your browser will let out if you allow it. I checked out the site Bflurie mentioned, http://privacy.net/Analyze/, and I'm trying to decifer the results. I also tried your netstat command and I find it informative but not necessarily practical. It seems to me that each time you visit a new site that you have to rerun the command to see if and who is trying to access you from there. In other words, to find out if it's one of the sites that operate maliciously. If I'm just a little too slow running the command I think that it would be possible to either loose valuable info or incur an unwanted intrusion. If I realize somebody's doing something I don't want then I have right click and disconnect quickly. It just seems cumbersome and slow. Perhaps you know another way. Anyway, I'm interested in learning a little more.

Mark

JaYsin ~

In addition to the others mentioned above, a free AV online scanner is at
TrendMicro (http://housecall.antivirus.com/) . I have no experience with this one, but there it is.

I've also had great luck with AVP (http://www.avp.com/) which I ran on my Win9x system, and there's a free trial download (as many AV progs do).

I agree that one AV program may catch something another will miss, and it's good idea to have an up-to-date backup resource for this purpose.

---

Thanks for the clarification on port 445, Mabus. Security is a hobby-interest of mine, and I soak up whatever info I can.

But then the firewall issue is one that, especially with an always on connection, I'm not going to fool with. I don't have the reckless abandon to chance my system merely because I don't have the time nor all the knowledge it takes to consistently monitor my ports. Hence, my little firewalls.

I currently run one AV, 2 firewalls and a Trojan scanner. I also keep one browser security very high and tend to agree there's probably not much risk in contracting a nasty while just surfing on more 'trusted' sites - or, depending on what sites are visited and what 'features' are accessed within other sites.

Another browser I use with minimal security for other certain sites and at those times I do enable my real-time, updated AV and Trojan scanning. Firewalls run 24/7.

I'm here to learn as well, and it appears you have alot to offer. Keep the good stuff coming.



[This message has been edited by socalgal (edited 11-23-2000).]

Looks like some changes were made with the AVP name; Central Command now calls their product AVX (http://www.avx.com/news.html) .

I still use the dos based f-prot =) It's free for non commercial use and has always served me well when there have been system files infected that cannot be modified when windows is running.
-M

If an individual does not use a virus scanner or other protection, how does this individual know their system is clean?

Last week I updated my Norton's and scanned my system and found two Trojans. They were not detected prior to the update.

J http://sysopt.earthweb.com/forum/smile.gif

the comment in regards to ZoneAlarm and Hogging resources..

ZA uses 3mb of RAM to operate, I don't consider this very large..

BTW, I too am still in "School" if you will, however I have over 25 years with Southern Energy and have used/installed/repaired computers with them since inception.

I don't feel the NEED to show off what little areas of expertise that I do possess.. http://sysopt.earthweb.com/forum/smile.gif

DrVettt

There's a prog called TCPView that does 'bout the same thing as Netstat, but in a Window's graphical view. D/L here:
http://www.sysinternals.com/95util.htm

Whatever. I give up. You people are just completely unwilling to accept the fact that your trusty firewall isn't so trusty. In fact, from what I've seen with BlackICE, I don't think they do anything at all! I hope you all realize that none of these, regardless of how good it is, is going to catch a "hack" attempt unless somebody successfully connects to one of the ports that you have open. Which is the reason at the very core of why I think software firewalls are so useless. Don't get me wrong, I think hardware firewalls are great, they block the connections before they ever get to your computer, and still allow your computer a basically unrestricted connection port wise. Besides, haven't you noticed that a whole mess of stuff stopped working when you installed your firewall? Ever try sending a file over ICQ, or playing an online game? And how can you possibly say that 3 megs isn't much!? And that's not including the amount of processor time it sucks up. Close down all your firewalls and trojan scanners (exact same thing, by the way) and see how many more FPS you get in Quake 3. I bet it will be huge.

Notice how far down on the thread I said that? I only felt a need to because I had to show at least some evidence I knew what I was talking about. Besides, YOU JUST DID THE SAME THING! And Richard, I hardly think that qualifies about being in school. I'm 17. If you have 25 years of experience in anything, then you certainly can't be in school in the same sence that I am. You're just being difficult because I insulted the only thing that keeps your mind at ease. Can't possibly accept the fact that they DON'T WORK.
Do you run any of flavor of Unix or xBSD? Have you ever tried to find one of these firewalling programs for one of them? Why do you figure there are none available? Probably because you HAVE to know what's going on when you use *nix or BSD, so they just expect you to secure your own connection.

Well, like I say, whatever. Do what you want. Find anyone who has a computer science degree or knows a bit of Unix, and I guarantee you that there will be no firewalls wasting space on their Windows box.

And as to your question Mark, that something TOTALLY different. If you close the ports, they can't connect. Period. Websites that get information from your computer is something totally different. They use the bugs in Internet Explorer, send malicious Java or ActiveX to try to get your browser to caugh things up. These won't come up in netstat because they run over HTTP.

I run a little batch file set up as this

"@echo off
cls
echo packet sniffer running [press crl-c to stop sniffing]
netstat -na 3 > log.txt"
feel free to paste this in notepad and save it as log.bat then you can view connections in log.txt..oh and remove the quotations before saving it..hey..call me lazy
http://sysopt.earthweb.com/forum/wink.gif

BTW
...oh..forget it..




[This message has been edited by smokin1 (edited 11-29-2000).]