XP vulnerabilities?

Discussion in 'Computer Security' started by joe, Feb 21, 2004.

  1. joe

    joe Guest

    OK - please don't flame me for a newbie dumbass question but I have been
    searching the net for a while now without finding a clear answer to the
    following, and I am hoping you can help.
    I have recently changed from Win98SE to WinXP corp pro, running Norton
    Internet Security 2003. Under Win98 I had Atguard and BlackIce running in
    addition to NIS and I came up undetected at every security test site I could
    find. I understand that WinXP has some (many?) holes and was wondering:
    1. How important is it to install the SP's from MS, and what "surprises"
    should I expect from them?
    2. What additional software should I have and/or what settings should I
    change in WinXP to be invisible on the net?
    3. Does Steve Gibson know what he's talking about or not?

    I have also recently changed from dial-up to DSL, hence my increased
    concern.

    TIA
     
    joe, Feb 21, 2004
    #1
    1. Advertising

  2. joe

    *Vanguard* Guest

    "joe" said in news:c16lh4$s05$:
    <snip>
    > I have recently changed from Win98SE to WinXP corp pro, ...


    Then you are probably running a pirated copy of Windows. The "Corporate
    Edition" is what the pirates call an instance they illegally sell off from a
    volume license they supposedly purchased. All instances of the OS in a
    volume license are to be used and remain within the same organization; i.e.,
    buying a 5- or 100-license version of Windows means all of them get used
    within the same organization. There is no such thing as a "volume" license
    for 1 instance of Windows. The minimum for a volume license is 5 instances.
    Selling off "Corporate Editions" of instances from a volume license to
    outside their organization (since there would be no point in *selling*
    anything within their own organization) at the much greater retail price of
    a 1-license copy is a violation of the EULA or contract they made when they
    purchased the volume license. Whomever you purchased the "Corporation
    Edition" is buying the volume license at far cheaper for each instance and
    then selling them off illegally at the full retail 1-license price. A
    single "Corporate Edition" is a pirated copy illegally sliced off from a
    volume license. A "Corporate Edition" of Windows is *NOT* the same thing as
    an "OEM" version.

    <snip>
    > I understand that WinXP has some (many?)
    > holes and was wondering: ...


    Same ones in Windows 2000. Windows XP is to Windows 2000 what Windows ME
    was to Windows 98: some minor changes, some fluff added, but basically the
    prior version on [mild] steriods. Windows ME and XP were not critical for
    businesses nor gave much bang for the buck. They got created because
    marketers recognize that consumers have a need to upgrade and so they
    fulfill that need while making a buck at it. Why do people buy a new car
    after using their old one for only 3 to 6 years? They want something new,
    different, improved, and shinier. Don't confuse continuing updates to, say,
    Internet Explorer, as updates to the OS since IE installs on all the Windows
    platforms and will incur the same security risks across all of them. If a
    buffer run overflow exploit exists in IE then it exists on whatever version
    of Windows it is installed (and the exploit may actually be easier to
    exercise on 95-based Windows due to lack of security).

    > 1. How important is it to install the SP's from MS, and what
    > "surprises" should I expect from them?


    You could always ignore the updates (turn off Windows Update on your Windows
    and never visit windowsupdate.microsoft.com) and leave the security holes
    there. There is no software in which a patch, fix, or upgrade cannot
    introduce another problem. Sometimes they fix the problem. Sometimes they
    trade off a more severe problem to incure a lesser problem. Sometimes they
    fix one problem and create 2 others. Change will always incur risk in
    creating new problems, but stagnation also incurs risk from existing
    problems. That's the world of software whether it be for an OS, word
    processor, defragmenter, or whatever program.

    > 2. What additional software should I have and/or what settings should
    > I change in WinXP to be invisible on the net?


    Got a NAT router? Does it have a firewall? Running a software firewall on
    your computer? Got anti-virus software, having it load and remain enabled,
    and letting it automatically update frequently? Running anti-spyware
    scanners, like Ad-Aware and Spybot? Are you opening any executable
    attachments on e-mails?

    > 3. Does Steve Gibson know what he's talking about or not?


    Depends on who you talk to. I personally don't understand why some folks
    attack him but then some folks are very peurile when you debate their
    opinions, views, or their perceived facts. He's been around in the computer
    arena longer than I have (25 years). I remember figuring out how to detect
    the pattern of the plated media separating from the platter using his
    Spinrite utility over a decade ago when nothing else could. He works with
    the FBI and other gov't agencies in writing software that we'll never see to
    hunt down script kiddies and zombie scum. There are undoubtedly some folks
    around that know more than he does, but he's a far league away from what I
    know. As with any information, it's best if you can corroborate it with
    other "experts" (that you've chosen to recognize as such) and possibly
    educate yourself enough to know whether the advice or information is
    applicable to you. I'd have to see convincing evidence from another expert
    with real facts and corrobated by others before I'd let that other expert
    topple something by Steve. Yeah, he's still human so he will make mistakes
    but he's got a huge foundation of experience and knowledge to draw from that
    we don't. I regard Steve's statements as reliable just like I consider
    articles at tomshardware.com to be reliable.

    > I have also recently changed from dial-up to DSL, hence my increased
    > concern.


    You are now a more delicious target for the scum that proliferate viruses,
    trojans, zombies, and want to use your computer to partake in their nasty
    tactics. You need to at least be using a firewall, even if it is something
    crippled like ICS in Windows XP that only monitors inbound connections. You
    don't have to do everything at once to get protected from your now always-on
    connection. In fact, you might just start by disabling the LAN connectoid
    when you aren't using the Internet. Then install anti-virus software and
    keep it updated. Then try using Windows XP's ICS firewall or pickup a
    freebie firewall (ZoneAlarm, Kerio, Sysgate Personal) and not bother
    disabling the LAN connectoid when you won't be using the Internet yourself.
    Get Ad-Aware and Spybot to periodically hunt for spyware (if you bother to
    download "freebies" that could be possibly polluted with spyware). Get
    SpywareBlaster to safeguard against alternate avenues of infection by
    spyware to cripple them if they manage to get in. Use SpywareGuard to
    afford some protection from IE getting hijacked. Use a popup blocker to
    eliminate the nuisance of popups, but some afford more features, like PopUp
    Cop which also has ActiveX guard (to prevent accidental download and
    installs of ActiveX controls) and a cookie manager (to purge any
    non-whitelisted domains). Start out attacking one source of intrusion and
    abuse and gradually improve your protection.

    >
    > TIA




    --
    ____________________________________________________________
    *** Post replies to newsgroup. E-mail is not accepted. ***
    ____________________________________________________________
     
    *Vanguard*, Feb 21, 2004
    #2
    1. Advertising

  3. joe

    joe Guest

    Thanks for the tips Vanguard. As I said, I'm running Norton Internet
    Security's firewall but I'm not convinced that's enough - under Win98 I had
    many cases of attacks which were only picked up by Atguard or BlackIce and
    not by NIS2003. I have been using computers for 25 years too but would never
    have the audacity to say I know 1% of what Steve Gibson knows but I have a
    fair idea of what it takes to surf safe, hence I obviously never open an
    ..exe file which has been spam emailed, etc. I notice you mention ZoneAlarm
    as a useful firewall, yet I've heard many people rubbish this. What do
    others think, and are there any firewalls I should be using in addirtion to
    NIS?

    "*Vanguard*" <> wrote in message
    news:...
    > "joe" said in news:c16lh4$s05$:
    > <snip>
    > > I have recently changed from Win98SE to WinXP corp pro, ...

    >
    > Then you are probably running a pirated copy of Windows. The "Corporate
    > Edition" is what the pirates call an instance they illegally sell off from

    a
    > volume license they supposedly purchased. All instances of the OS in a
    > volume license are to be used and remain within the same organization;

    i.e.,
    > buying a 5- or 100-license version of Windows means all of them get used
    > within the same organization. There is no such thing as a "volume"

    license
    > for 1 instance of Windows. The minimum for a volume license is 5

    instances.
    > Selling off "Corporate Editions" of instances from a volume license to
    > outside their organization (since there would be no point in *selling*
    > anything within their own organization) at the much greater retail price

    of
    > a 1-license copy is a violation of the EULA or contract they made when

    they
    > purchased the volume license. Whomever you purchased the "Corporation
    > Edition" is buying the volume license at far cheaper for each instance and
    > then selling them off illegally at the full retail 1-license price. A
    > single "Corporate Edition" is a pirated copy illegally sliced off from a
    > volume license. A "Corporate Edition" of Windows is *NOT* the same thing

    as
    > an "OEM" version.
    >
    > <snip>
    > > I understand that WinXP has some (many?)
    > > holes and was wondering: ...

    >
    > Same ones in Windows 2000. Windows XP is to Windows 2000 what Windows ME
    > was to Windows 98: some minor changes, some fluff added, but basically the
    > prior version on [mild] steriods. Windows ME and XP were not critical for
    > businesses nor gave much bang for the buck. They got created because
    > marketers recognize that consumers have a need to upgrade and so they
    > fulfill that need while making a buck at it. Why do people buy a new car
    > after using their old one for only 3 to 6 years? They want something new,
    > different, improved, and shinier. Don't confuse continuing updates to,

    say,
    > Internet Explorer, as updates to the OS since IE installs on all the

    Windows
    > platforms and will incur the same security risks across all of them. If a
    > buffer run overflow exploit exists in IE then it exists on whatever

    version
    > of Windows it is installed (and the exploit may actually be easier to
    > exercise on 95-based Windows due to lack of security).
    >
    > > 1. How important is it to install the SP's from MS, and what
    > > "surprises" should I expect from them?

    >
    > You could always ignore the updates (turn off Windows Update on your

    Windows
    > and never visit windowsupdate.microsoft.com) and leave the security holes
    > there. There is no software in which a patch, fix, or upgrade cannot
    > introduce another problem. Sometimes they fix the problem. Sometimes

    they
    > trade off a more severe problem to incure a lesser problem. Sometimes

    they
    > fix one problem and create 2 others. Change will always incur risk in
    > creating new problems, but stagnation also incurs risk from existing
    > problems. That's the world of software whether it be for an OS, word
    > processor, defragmenter, or whatever program.
    >
    > > 2. What additional software should I have and/or what settings should
    > > I change in WinXP to be invisible on the net?

    >
    > Got a NAT router? Does it have a firewall? Running a software firewall

    on
    > your computer? Got anti-virus software, having it load and remain

    enabled,
    > and letting it automatically update frequently? Running anti-spyware
    > scanners, like Ad-Aware and Spybot? Are you opening any executable
    > attachments on e-mails?
    >
    > > 3. Does Steve Gibson know what he's talking about or not?

    >
    > Depends on who you talk to. I personally don't understand why some folks
    > attack him but then some folks are very peurile when you debate their
    > opinions, views, or their perceived facts. He's been around in the

    computer
    > arena longer than I have (25 years). I remember figuring out how to

    detect
    > the pattern of the plated media separating from the platter using his
    > Spinrite utility over a decade ago when nothing else could. He works with
    > the FBI and other gov't agencies in writing software that we'll never see

    to
    > hunt down script kiddies and zombie scum. There are undoubtedly some

    folks
    > around that know more than he does, but he's a far league away from what I
    > know. As with any information, it's best if you can corroborate it with
    > other "experts" (that you've chosen to recognize as such) and possibly
    > educate yourself enough to know whether the advice or information is
    > applicable to you. I'd have to see convincing evidence from another

    expert
    > with real facts and corrobated by others before I'd let that other expert
    > topple something by Steve. Yeah, he's still human so he will make

    mistakes
    > but he's got a huge foundation of experience and knowledge to draw from

    that
    > we don't. I regard Steve's statements as reliable just like I consider
    > articles at tomshardware.com to be reliable.
    >
    > > I have also recently changed from dial-up to DSL, hence my increased
    > > concern.

    >
    > You are now a more delicious target for the scum that proliferate viruses,
    > trojans, zombies, and want to use your computer to partake in their nasty
    > tactics. You need to at least be using a firewall, even if it is

    something
    > crippled like ICS in Windows XP that only monitors inbound connections.

    You
    > don't have to do everything at once to get protected from your now

    always-on
    > connection. In fact, you might just start by disabling the LAN connectoid
    > when you aren't using the Internet. Then install anti-virus software and
    > keep it updated. Then try using Windows XP's ICS firewall or pickup a
    > freebie firewall (ZoneAlarm, Kerio, Sysgate Personal) and not bother
    > disabling the LAN connectoid when you won't be using the Internet

    yourself.
    > Get Ad-Aware and Spybot to periodically hunt for spyware (if you bother to
    > download "freebies" that could be possibly polluted with spyware). Get
    > SpywareBlaster to safeguard against alternate avenues of infection by
    > spyware to cripple them if they manage to get in. Use SpywareGuard to
    > afford some protection from IE getting hijacked. Use a popup blocker to
    > eliminate the nuisance of popups, but some afford more features, like

    PopUp
    > Cop which also has ActiveX guard (to prevent accidental download and
    > installs of ActiveX controls) and a cookie manager (to purge any
    > non-whitelisted domains). Start out attacking one source of intrusion and
    > abuse and gradually improve your protection.
    >
    > >
    > > TIA

    >
    >
    >
    > --
    > ____________________________________________________________
    > *** Post replies to newsgroup. E-mail is not accepted. ***
    > ____________________________________________________________
    >
    >
     
    joe, Feb 21, 2004
    #3
  4. joe

    Gladys Pump Guest

    On Sat, 21 Feb 2004 15:50:08 +1000, "joe" <>, whilst in the
    alt.computer.security newsfroup, articulated the following sentiments :

    >Thanks for the tips Vanguard. As I said, I'm running Norton Internet
    >Security's firewall but I'm not convinced that's enough - under Win98 I had
    >many cases of attacks which were only picked up by Atguard or BlackIce and
    >not by NIS2003. I have been using computers for 25 years too but would never
    >have the audacity to say I know 1% of what Steve Gibson knows but I have a
    >fair idea of what it takes to surf safe, hence I obviously never open an
    >.exe file which has been spam emailed, etc. I notice you mention ZoneAlarm
    >as a useful firewall, yet I've heard many people rubbish this. What do
    >others think, and are there any firewalls I should be using in addirtion to
    >NIS?


    Zonealarm is just hyped/spammed around more than other firewalls. IMO, it's
    ok, but there are many quality alternatives. Personally, I'm a big fan of
    Kerio software. Their free Personal Firewall (2.1.5) rules as far as I'm
    concerned (no pun intended).

    http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

    I don't think it's wise to have more than one personal firewall running on
    the same PC. Maybe one of the other regs here can explain why in detail, but
    I'm guessing at conflicts between the two applications. This goes for AV
    products as well. Although in the latter case, you could have one as an
    'on-demand' scanner, and another vendor's product running in the background
    as an 'active' scanner. Remember though that no matter if you have several
    AV products installed, they're only as good as their last update.

    I think Steve Gibson is a very clever guy. I also recognise the fact that
    he's very good at marketing ideas, particularly his own, and is extremely
    persuasive in his approach. You asked whether or not people thought he knew
    what he was talking about ? What was your initial reaction ? Personally, I
    think he does, but like I said, he's a good 'salesman' too...

    Getting back to Internet security, you can help yourself out a lot by not
    running unnecessary services on your machine in the first place. If you're
    just an individual (not in charge of a company's network), and you've got a
    properly configured firewall, good updated AV, and have your brain engaged
    when using your email client, I would say you're as safe as you'll ever be.

    Might help to change your default browser too if you haven't already. I like
    IE personally, but I'm bowing to the present wind of change in here and
    using Mozilla FireFox for grins.

    http://www.mozilla.org/products/firefox/

    A lot of people I think overestimate their importance (not directed at you
    personally I hasten to add) when it comes to their security. Unless you're
    in charge of thousands of pounds-worth of computers, and you've taken the
    necessary steps to protect yourself, then you're probably not that much of a
    'catch'. At least, not for people who write the cracking tools and really
    know what they're doing.

    Paranoia is not necessarily a bad thing, but do a 'reality update' every now
    and again. :)

    HTH.

    Regs, Pete.
     
    Gladys Pump, Feb 21, 2004
    #4
  5. joe

    Jim Watt Guest

    On Sat, 21 Feb 2004 14:07:09 +1000, "joe" <> wrote:

    >OK - please don't flame me for a newbie dumbass question but I have been
    >searching the net for a while now without finding a clear answer to the
    >following, and I am hoping you can help.
    >I have recently changed from Win98SE to WinXP corp pro, running Norton
    >Internet Security 2003. Under Win98 I had Atguard and BlackIce running in
    >addition to NIS and I came up undetected at every security test site I could
    >find. I understand that WinXP has some (many?) holes and was wondering:
    >1. How important is it to install the SP's from MS, and what "surprises"
    >should I expect from them?
    >2. What additional software should I have and/or what settings should I
    >change in WinXP to be invisible on the net?
    >3. Does Steve Gibson know what he's talking about or not?
    >
    >I have also recently changed from dial-up to DSL, hence my increased
    >concern.


    1. Very important
    2. Pass
    3. Yes he does

    If you have dsl ensure you connect with a router that provides NAT
    that effectivly hides you as far as incoming connections are concerned
    whatever your PC has open.

    The router needs to be correctly configured so that someone from the
    outside cannot change the settings.
    --
    Jim Watt http://www.gibnet.com
     
    Jim Watt, Feb 21, 2004
    #5
  6. joe

    Leythos Guest

    In article <c16lh4$s05$>, says...
    > OK - please don't flame me for a newbie dumbass question but I have been
    > searching the net for a while now without finding a clear answer to the
    > following, and I am hoping you can help.


    Most people don't flame people that have honest questions here.

    > I have recently changed from Win98SE to WinXP corp pro,


    This is a concern - what do you mean by Corp? Since the open license
    version are only available within a company, and since home users can't
    install a copy of their companies open license are we to assume that
    this is a bootleg copy?

    > running Norton
    > Internet Security 2003. Under Win98 I had Atguard and BlackIce running in
    > addition to NIS and I came up undetected at every security test site I could
    > find. I understand that WinXP has some (many?) holes and was wondering:


    Windows XP has more "holes" than Win98, but Win XP is a different
    version of Windows - meaning that Windows NT, 2000, XP are in the same
    family, Windows 95, 98, ME are in another family.

    > 1. How important is it to install the SP's from MS, and what "surprises"
    > should I expect from them?


    If you don't install the Windows Update service packs you are asking for
    a lot of trouble. There are more than security updates that you need.

    I have installed hundreds of copies (licensed) of XP on systems, fully
    patched, and never but hurt by any service pack or critical update.

    > 2. What additional software should I have and/or what settings should I
    > change in WinXP to be invisible on the net?


    When you log-on, do it as a user level account, not an administrator.
    Only run as administrator when installing software or running something
    that absolutely requires administrator level access.

    Set your IE settings on Security for the "Internet Zone" to it's highest
    setting, then put sites you trust in the trusted zone - change the
    trusted zones settings to Medium-Low or Medium.

    > 3. Does Steve Gibson know what he's talking about or not?


    There are many people that will hammer Steve, but I've use his products
    since Spin-Rite came out. I've found his scanner to work well for
    testing my routers and some firewalls for simple holes. In general, he's
    reliable.

    > I have also recently changed from dial-up to DSL, hence my increased
    > concern.


    Your concern should be the same - there is no less threat when you are
    on dial-up.

    Get a DSL router with NAT and then use ONE firewall application. The
    router will block all unsolicited inbound attempts, so that's your first
    layer (border). The personal firewall will block outbound.

    I'd be more concerned about your "Corp" version of Windows XP than
    anything else right now.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 21, 2004
    #6
  7. joe

    joe Guest

    Thanks for the reply Gladys, please see below:

    "Gladys Pump" <> wrote in message
    news:...
    > On Sat, 21 Feb 2004 15:50:08 +1000, "joe" <>, whilst in the
    > alt.computer.security newsfroup, articulated the following sentiments :
    >
    > >Thanks for the tips Vanguard. As I said, I'm running Norton Internet
    > >Security's firewall but I'm not convinced that's enough - under Win98 I

    had
    > >many cases of attacks which were only picked up by Atguard or BlackIce

    and
    > >not by NIS2003. I have been using computers for 25 years too but would

    never
    > >have the audacity to say I know 1% of what Steve Gibson knows but I have

    a
    > >fair idea of what it takes to surf safe, hence I obviously never open an
    > >.exe file which has been spam emailed, etc. I notice you mention

    ZoneAlarm
    > >as a useful firewall, yet I've heard many people rubbish this. What do
    > >others think, and are there any firewalls I should be using in addirtion

    to
    > >NIS?

    >
    > Zonealarm is just hyped/spammed around more than other firewalls. IMO,

    it's
    > ok, but there are many quality alternatives. Personally, I'm a big fan of
    > Kerio software. Their free Personal Firewall (2.1.5) rules as far as I'm
    > concerned (no pun intended).
    >
    > http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe
    >
    > I don't think it's wise to have more than one personal firewall running on
    > the same PC. Maybe one of the other regs here can explain why in detail,

    but
    > I'm guessing at conflicts between the two applications. This goes for AV
    > products as well. Although in the latter case, you could have one as an
    > 'on-demand' scanner, and another vendor's product running in the

    background
    > as an 'active' scanner. Remember though that no matter if you have several
    > AV products installed, they're only as good as their last update.


    I'm not sure of this either but all I know is that Atguard would block
    things that NIS let through so I'm wondering if I should run more than one
    firewall?

    >
    > I think Steve Gibson is a very clever guy. I also recognise the fact that
    > he's very good at marketing ideas, particularly his own, and is extremely
    > persuasive in his approach. You asked whether or not people thought he

    knew
    > what he was talking about ? What was your initial reaction ? Personally, I
    > think he does, but like I said, he's a good 'salesman' too...


    Initially (7 years ago) I thought he was the man and BlackIce was my main
    defence, along with Atguard - but, once I upgraded BlackIce, I noticed way
    too many false positives - which his critics say he's doing deliberately.
    So, at the moment, I'm undecided but I have not reinstalled BlackIce.

    >
    > Getting back to Internet security, you can help yourself out a lot by not
    > running unnecessary services on your machine in the first place. If you're
    > just an individual (not in charge of a company's network), and you've got

    a
    > properly configured firewall, good updated AV, and have your brain engaged
    > when using your email client, I would say you're as safe as you'll ever

    be.
    >
    > Might help to change your default browser too if you haven't already. I

    like
    > IE personally, but I'm bowing to the present wind of change in here and
    > using Mozilla FireFox for grins.


    I guess that comes back to how many hours we each have in the day - I have
    heard there are better browsers than IE, better OS's than WinXP, and better
    newreaders than OE but I don't have the time to learn them all unless the
    choice was clear.

    >
    > http://www.mozilla.org/products/firefox/
    >
    > A lot of people I think overestimate their importance (not directed at you
    > personally I hasten to add) when it comes to their security. Unless you're
    > in charge of thousands of pounds-worth of computers, and you've taken the
    > necessary steps to protect yourself, then you're probably not that much of

    a
    > 'catch'. At least, not for people who write the cracking tools and really
    > know what they're doing.


    I basically want to be confident in the knowledge that I can visit any site
    I want on the net and not inadvertently attract spam email, as well as being
    able to repel the regular trolls who randomly ping us all.

    >
    > Paranoia is not necessarily a bad thing, but do a 'reality update' every

    now
    > and again. :)
    >
    > HTH.
    >
    > Regs, Pete.
     
    joe, Feb 21, 2004
    #7
  8. joe

    joe Guest

    "Leythos" <> wrote in message
    news:...
    > In article <c16lh4$s05$>, says...
    > > OK - please don't flame me for a newbie dumbass question but I have been
    > > searching the net for a while now without finding a clear answer to the
    > > following, and I am hoping you can help.

    >
    > Most people don't flame people that have honest questions here.
    >
    > > I have recently changed from Win98SE to WinXP corp pro,

    >
    > This is a concern - what do you mean by Corp? Since the open license
    > version are only available within a company, and since home users can't
    > install a copy of their companies open license are we to assume that
    > this is a bootleg copy?
    >
    > > running Norton
    > > Internet Security 2003. Under Win98 I had Atguard and BlackIce running

    in
    > > addition to NIS and I came up undetected at every security test site I

    could
    > > find. I understand that WinXP has some (many?) holes and was wondering:

    >
    > Windows XP has more "holes" than Win98, but Win XP is a different
    > version of Windows - meaning that Windows NT, 2000, XP are in the same
    > family, Windows 95, 98, ME are in another family.
    >
    > > 1. How important is it to install the SP's from MS, and what "surprises"
    > > should I expect from them?

    >
    > If you don't install the Windows Update service packs you are asking for
    > a lot of trouble. There are more than security updates that you need.
    >
    > I have installed hundreds of copies (licensed) of XP on systems, fully
    > patched, and never but hurt by any service pack or critical update.
    >
    > > 2. What additional software should I have and/or what settings should I
    > > change in WinXP to be invisible on the net?

    >
    > When you log-on, do it as a user level account, not an administrator.
    > Only run as administrator when installing software or running something
    > that absolutely requires administrator level access.
    >
    > Set your IE settings on Security for the "Internet Zone" to it's highest
    > setting, then put sites you trust in the trusted zone - change the
    > trusted zones settings to Medium-Low or Medium.
    >
    > > 3. Does Steve Gibson know what he's talking about or not?

    >
    > There are many people that will hammer Steve, but I've use his products
    > since Spin-Rite came out. I've found his scanner to work well for
    > testing my routers and some firewalls for simple holes. In general, he's
    > reliable.
    >
    > > I have also recently changed from dial-up to DSL, hence my increased
    > > concern.

    >
    > Your concern should be the same - there is no less threat when you are
    > on dial-up.
    >
    > Get a DSL router with NAT and then use ONE firewall application. The
    > router will block all unsolicited inbound attempts, so that's your first
    > layer (border). The personal firewall will block outbound.
    >
    > I'd be more concerned about your "Corp" version of Windows XP than
    > anything else right now.


    Thanks for your comments but - are you taking on the role of the net police?
    For your information, I run my own company from home so I have installed the
    valid corp edition on all my networked computers. Nice of you to jump to
    conclusions - and why the hell are you so personally "concerned"?

    >
    > --
    > --
    >
    > (Remove 999 to reply to me)
     
    joe, Feb 21, 2004
    #8
  9. joe

    Leythos Guest

    In article <c17lgk$n1f$>, says...
    > > I'd be more concerned about your "Corp" version of Windows XP than
    > > anything else right now.

    >
    > Thanks for your comments but - are you taking on the role of the net police?
    > For your information, I run my own company from home so I have installed the
    > valid corp edition on all my networked computers. Nice of you to jump to
    > conclusions - and why the hell are you so personally "concerned"?


    I was concerned because I've been in places where the open license key
    was disabled when doing SP1 updates because it was handed out to people
    it should not have been given to. This caused every system in the office
    that was under an open license to have XP reinstalled with the new open
    license key before SP 1 could be properly installed.

    Also, it was mentioned for your protection, so that if you unknowingly
    got a bootleg copy that you might be aware of it and not necessarily
    think that your copy was legit. Based on your posting, neither myself or
    the other chap could tell that you were legit and it was a valid concern
    in case you got screwed by someone that you purchased it from. I was not
    claiming that you were a pirate.

    Now, for the content - you should really get a NAT router if you have
    DSL, you will be glad you did.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 21, 2004
    #9
  10. joe

    Gladys Pump Guest

    On Sat, 21 Feb 2004 15:16:53 GMT, Leythos <>, whilst in the
    alt.computer.security newsfroup, articulated the following sentiments :

    >Now, for the content - you should really get a NAT router if you have
    >DSL, you will be glad you did.


    Leythos, I have a Linksys BEFSR41 router which is great IMO. I noticed
    earlier on that a poster was concerned about making sure no one could log
    into a router remotely.

    To (hopefully) remedy this on my router, I've port-forwarded port 80 to a
    non-existant internal address. AFAIK, this is effectively 'stealthing' the
    port. Did I need to do this ?

    I'm asking as I tried logging into my router using my external IP address,
    and up popped the user/pass box. If it does this with any remote request,
    then I don't think I'd like that too much.

    After I 'stealthed' the port 80 (no web services running), I could still log
    into the router using it's internal 'gateway' address, although if I tried
    the external method, I just timed out.

    So again, did I need to 'stealth' that port IYO, or did the router 'know' it
    was me trying the previously mentioned external log in ?

    Thanks for your time and any info you might have.

    Regs, Pete.
     
    Gladys Pump, Feb 21, 2004
    #10
  11. joe

    *Vanguard* Guest

    > I notice you mention ZoneAlarm as a useful firewall,

    Mentioned only because it is better than nothing, just like using ICS is
    better than nothing (if you are using Windows XP). I couldn't tell from
    your post of your level of computer expertise. I also currently use NIS2003
    but have finally gotten to the point where I need to investigate more robust
    and stable firewalls. NIS all too often goes brain dead. Their ccApp.exe
    will refuse to permit a connection (but no errors are reported), or their
    ccPxySvc.exe goes brain dead. Sometimes all connectivity is lost.
    Sometimes just connectivity is lost for a particular application (and
    deleting and recreating the app rule doesn't help). Many times I have to
    disable NIS to get a connection to work but then reenabling it means the
    connection goes dead again. Sometimes disabling NIS doesn't help, so I use
    the following commands in a .bat file to unload/stop NIS and restart it:

    To stop NIS:
    pskill.exe ccApp.exe
    net stop "Symantec Proxy Service"
    net stop "Symantec Event Manager"

    To restart NIS:
    start "Symantec Common Client" /b "C:\Program Files\Common
    Files\Symantec Shared\ccApp.exe"
    net start "Symantec Event Manager"
    net start "Symantec Proxy Service"

    pskill.exe is a utility from SysInternals that lets me kill a process by its
    [partial] name rather than require a PID (process identifier found in Task
    Manager). Sometimes this help to kick NIS in the butt to get it working
    again (because it forces a reload of a new instances of ccApp.exe and
    ccPxySvc.exe). Sometimes neither disabling NIS nor restarting it using the
    batch file will help and I have to reboot. If it weren't for NIS going
    brain dead every day or two (I leave my computers always up although it
    might go in Standby mode), I'd stick with it. Also, Symantec assumes every
    user is an idiot and cannot figure out to configure and use a proxy so it
    made NIS a transparent proxy. I'd like the option to use it as a
    non-transparent proxy.
     
    *Vanguard*, Feb 21, 2004
    #11
  12. joe

    *Vanguard* Guest

    "Gladys Pump" said in news::
    > Leythos, I have a Linksys BEFSR41 router which is great IMO. I noticed
    > earlier on that a poster was concerned about making sure no one could
    > log into a router remotely.


    Disable (don't delete) your custom firewall rules in your router and then
    visit grc.com to run its Shields Up to check which ports are stealthed by
    your router.

    My D-Link 604 at home showed one port that wasn't stealthed which was port
    113 used for the obsolete IDENT/AUTH protocol used only by some really old
    mail servers (but routers don't want to get a reputation of not being
    compatible with e-mail, even for old servers). So I did the trick you
    mentioned of defining a route for that port to a static IP address on my
    intranet that the DHCP server in the router could never possibly assign.

    I have a buddy that has the Linksys BEF<something>. Might be the same as
    you. His didn't fare so well on the Shields Up test. On successive tests,
    different ports shows as unstealthed (and even replying "Closed" means it
    isn't stealthed). However, each repeated test showed more and more ports
    got stealthed, until many days later when he ran the tests and it seemed
    like he was starting from scratch again. Apparently Linksys uses some
    "adaptive" detection of port polling to determine which ones it will stealth
    (i.e., the first attack isn't detected but subsequent ones are but
    apparently this record gets expired). He downloaded and installed the
    latest firmware update (which also gave him more options in controlling his
    router) and the results were much better but still not solid on the first
    few tests. I didn't have time at the moment to check all his settings and I
    wasn't familiar with the web pages shown for configuring the Linksys.
     
    *Vanguard*, Feb 21, 2004
    #12
  13. joe

    *Vanguard* Guest

    > Thanks for your comments but - are you taking on the role of the net
    > police? For your information, I run my own company from home so I
    > have installed the valid corp edition on all my networked computers.
    > Nice of you to jump to conclusions - and why the hell are you so
    > personally "concerned"?


    Note that I also questioned your use of the "Corporate Edition" of Windows.
    In your original post, the implication was that you were asking about a
    single computer. Now you are claiming to have several (which would have to
    be a minimum of 5 hosts since the 5-license contract is the smallest you can
    get in a volume license). Also, the only folks that I've seen refer to a
    "Corporate Edition" are those that purchased just 1 copy of Windows. I
    can't find any mention of "Corporate Edition" (other than for non-Microsoft
    products) in a search at Microsoft. Once someone mentions "Corporate
    Edition", the rest of us nod our heads knowing it is an illegally slice of
    instance from a volume license (much like we nod our heads knowing the real
    reason why users ask why Outlook doesn't have the slide show option that OE
    used to have for picture attachments).

    If you were indeed running a network of 5 or more hosts for which you
    purchased a volume license then we wouldn't be talking about installing a
    "personal" firewall on each of them but instead talking about a gateway or
    firewall host running the firewall software through which all your intranet
    hosts would make their Internet connections. Or we would be talking about a
    NAT router which has a firewall in it (but, as with Windows XP ICS, only
    protects against inbound initiated connections) which may prove sufficient
    for you.

    Trying to keep 5, or more, intranet hosts sync'ed together can result in
    errors and inconsistencies. While they may perform their auto update okay
    while independently protecting just the one host, you'll have to manually
    define the firewall and application rules on each host for each independent
    firewall program. Perhaps one of the other firewall products lets you
    export their rules so you can migrate them easily to another host, but NIS
    really sucks for rules as you cannot export and then import them. In
    versions prior to NIS2003, you could export the portion of the registry
    where the rules were stored provided you knew where they were. However,
    Symantec has now encrypted them so you cannot simply export the registry
    keys and import them in another instance. Getting application and web
    content rules from one instance of NIS to another instance of it has always
    been a sore point with that product. When I asked them about it when I was
    using NIS2002, they said the export feature would appear in NIS2003. They
    lied so I haven't bothered to upgrade to NIS2004. They don't consider
    migration of app and web rules to be a necessary function of a "personal"
    version of their firewall. Besides the instability of NIS (i.e., going
    brain dead eventually), this is another reason why I'll be looking at a
    different firewall. I'd like to export my settings and rules for both
    applications and web content so I can restore them if (and when) I have to
    uninstall NIS and reinstall it (reinstalling is often Symantec's response to
    problems with their NIS product).
     
    *Vanguard*, Feb 21, 2004
    #13
  14. joe

    *Vanguard* Guest

    <snip>
    > I'm not sure of this either but all I know is that Atguard would block
    > things that NIS let through so I'm wondering if I should run more
    > than one firewall?

    <snip>

    I'm wondering what are those additional attacks you are seeing with AtGuard.
    When I see a statement like, "... please note that atguard is obsolete since
    novembre 1998 ..." (http://www.firewall-net.com/en/atguard/faq.php) and
    "URL: Not existant anymore, the software is still wide spread" which also
    reports a
    bug(http://www.blacksheepnetworks.com/security/security/bugtraq/0422.html)
    then I have to wonder if the unsupported and nonupdated program isn't giving
    false reports. Also, according to the 2nd link, AtGuard doesn't record a
    hash code or checksum for the file of the program so you have no clue if
    some malware replaced the file. Until you mentioned it, I hadn't heard of
    AtGuard (aka @Guard) or maybe I've forgotten about it.

    Of the firewalls that I have heard about recently, I'll be checking into:

    Sygate Personal Firewall (free for Personal, $48 Pro)
    Tiny Firewall ($49)
    Kerio Firewall ($45)

    I have to wonder if the Sygate Personal version isn't like ZoneAlarm's
    freebie version, just sufficient to be usable but really a teaser version to
    get you to pay for their full version.
     
    *Vanguard*, Feb 21, 2004
    #14
  15. Gladys Pump <> wrote in
    news::

    > I have a Linksys BEFSR41 router which is great IMO. I noticed
    > earlier on that a poster was concerned about making sure no one
    > could log into a router remotely.
    >
    > To (hopefully) remedy this on my router, I've port-forwarded
    > port 80 to a non-existant internal address. AFAIK, this is
    > effectively 'stealthing' the port. Did I need to do this ?
    >


    No, it is configurable for a BEFSR41 router:
    Logon to your router
    Click Advanced - Filters
    Scroll down and click:
    Block Inbound Requests - Enable
    Remote Management - Disable
    Remote Upgrade - Disable
    Click Apply
     
    Frank le Spikkin, Feb 21, 2004
    #15
  16. joe

    Leythos Guest

    In article <>,
    says...
    > On Sat, 21 Feb 2004 15:16:53 GMT, Leythos <>, whilst in the
    > alt.computer.security newsfroup, articulated the following sentiments :
    >
    > >Now, for the content - you should really get a NAT router if you have
    > >DSL, you will be glad you did.

    >
    > Leythos, I have a Linksys BEFSR41 router which is great IMO. I noticed
    > earlier on that a poster was concerned about making sure no one could log
    > into a router remotely.
    >
    > To (hopefully) remedy this on my router, I've port-forwarded port 80 to a
    > non-existant internal address. AFAIK, this is effectively 'stealthing' the
    > port. Did I need to do this ?
    >
    > I'm asking as I tried logging into my router using my external IP address,
    > and up popped the user/pass box. If it does this with any remote request,
    > then I don't think I'd like that too much.


    The router does not allow remote management by default - meaning that if
    you are OUTSIDE your network and try and connect it will NOT bring up
    the logon prompt, so you don't have to forward anything.

    I've used the BEFSR41 since it came out, and remote management was
    enabled by default on the first version, but once it was disabled there
    was no chance of someone getting into it.

    Also, if you run a scan, from the external sites, there should be NO
    open ports, if there are any open ports, then you need to look at the
    forwarding rules and such.


    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 21, 2004
    #16
  17. joe

    Gladys Pump Guest

    On Sat, 21 Feb 2004 18:47:05 GMT, Leythos <>, whilst in the
    alt.computer.security newsfroup, articulated the following sentiments :

    >In article <>,
    > says...
    >> On Sat, 21 Feb 2004 15:16:53 GMT, Leythos <>, whilst in the
    >> alt.computer.security newsfroup, articulated the following sentiments :
    >>
    >> >Now, for the content - you should really get a NAT router if you have
    >> >DSL, you will be glad you did.

    >>
    >> Leythos, I have a Linksys BEFSR41 router which is great IMO. I noticed
    >> earlier on that a poster was concerned about making sure no one could log
    >> into a router remotely.
    >>
    >> To (hopefully) remedy this on my router, I've port-forwarded port 80 to a
    >> non-existant internal address. AFAIK, this is effectively 'stealthing' the
    >> port. Did I need to do this ?
    >>
    >> I'm asking as I tried logging into my router using my external IP address,
    >> and up popped the user/pass box. If it does this with any remote request,
    >> then I don't think I'd like that too much.

    >
    >The router does not allow remote management by default - meaning that if
    >you are OUTSIDE your network and try and connect it will NOT bring up
    >the logon prompt, so you don't have to forward anything.
    >
    >I've used the BEFSR41 since it came out, and remote management was
    >enabled by default on the first version, but once it was disabled there
    >was no chance of someone getting into it.
    >
    >Also, if you run a scan, from the external sites, there should be NO
    >open ports, if there are any open ports, then you need to look at the
    >forwarding rules and such.


    Ok, thanks for the info there. I was just surprised to see that logon box
    pop up when I typed my IP address into IE. I've always had the remote
    management disabled. Glad to know it works ok.

    I have some open ports. I have to for my game server to function, but
    they're well out of the 'reserved' port range of 0-1023.

    I did upgrade to the latest firmware a few weeks ago, but I had problems
    after that getting a ping reading from my game server, so went back to the
    previous firmware version, 1.44.2.

    I've since learned that it could've been the 'loopback' feature (apparently
    present in all Linksys routers) that was not working properly, as remote
    clients got a ping reading ok.

    In the FILTERS page, I don't have any options enabled. BLOCK WAN REQUEST is
    disabled too so that other players can get a ping reading ok. No 'pass
    throughs' are enabled, and I've not run into any problems yet.

    Thanks again, and also thanks to the other guys who responded too. Much
    appreciated.

    Regs, Pete.
     
    Gladys Pump, Feb 21, 2004
    #17
  18. joe

    S.B. Guest

    On 21 Feb 2004, Leythos wrote:

    > Get a DSL router with NAT and then use ONE firewall application. The
    > router will block all unsolicited inbound attempts, so that's your first
    > layer (border). The personal firewall will block outbound.


    I'm a bit confused by this router stuff. I have a cable connection to
    a single home computer running Win98SE. Gibson's site says I'm
    stealthed using free ZoneAlarm. Should I have a router? Is it
    straightforward to configure with a cable modem for someone who
    knows little about these things?
     
    S.B., Feb 21, 2004
    #18
  19. joe

    Gladys Pump Guest

    On Sat, 21 Feb 2004 23:05:56 +0000, S.B. <>, whilst in the
    alt.computer.security newsfroup, articulated the following sentiments :

    >On 21 Feb 2004, Leythos wrote:
    >
    >> Get a DSL router with NAT and then use ONE firewall application. The
    >> router will block all unsolicited inbound attempts, so that's your first
    >> layer (border). The personal firewall will block outbound.

    >
    >I'm a bit confused by this router stuff. I have a cable connection to
    >a single home computer running Win98SE. Gibson's site says I'm
    >stealthed using free ZoneAlarm. Should I have a router? Is it
    >straightforward to configure with a cable modem for someone who
    >knows little about these things?


    Many routers are very straightforward to set up, and I speak from experience
    with Linksys routers. You get a setup CD with most of them, but to be
    honest, once you've seen what's involved, you'll realise that you probably
    didn't need it. The CD that is .. :)

    Many people who have software firewalls, also have a router to add an extra
    layer of security, not to mention functionality, even when they've just got
    the one PC. I can expand my set up to four PCs if I want, so that takes care
    of the next few years of upgrading, if finances allow. :)

    As was mentioned before, you'll have the extra piece of mind from a hardware
    unit that's blocking all unsolicited incoming connections. If some are
    required, you can easily redirect them to a specific PC via a feature called
    'port-forwarding'. There are a few good utilities around for analysing the
    logs of what connection attempts are occuring on your router, if you're
    unhappy with the (in some cases) basic log viewer supplied in the router's
    config pages. Google for 'wallwatcher' for Linksys routers.

    All administration is usually done via a web page interface that's obviously
    password protected. As long as you disable 'remote management', and that's
    normally done for you by default, then no one else but you on your locally
    connected PC can access the admin pages.

    Does Mr.Gibson's site mention any other brand of software firewall ? I can't
    recall myself now, but I'm sure it was just ZA he recommended. Like I said
    before today somewhere else here, Mr.Gibson is a clever guy alright, and
    he's also very persuasive. I certainly wouldn't want him at the other end of
    an 'attacking' connection to my computer, but on the flip side of the coin,
    I'm not going to swallow wholesale everything he says either. I'm not
    implying you are though.

    I *could*, if I was thorough enough, just disable unwanted services, and
    just go with the router as my protection, along with a decent AV solution. I
    wouldn't have the outbound protection and MD5 integrity-checking against
    trojans etc that a good software firewall would provide, so I'd have to be
    really vigilant with regard to email attackments etc. Being a lazy git, I'd
    rather have a piece of software help me watch what's going out of my system,
    and Kerio does a fine job.

    http://download.kerio.com/dwn/kpf/kerio-pf-2.1.5-en-win.exe

    By the way, I'm on cable too. If I can set up a router, so can you. It just
    depends on whether you think you'll need the extra protection and
    'future-proofing' of your home system.

    HTH.

    Regs, Pete.
     
    Gladys Pump, Feb 21, 2004
    #19
  20. joe

    Leythos Guest

    In article <c18o8l$ou0$>, says...
    > On 21 Feb 2004, Leythos wrote:
    >
    > > Get a DSL router with NAT and then use ONE firewall application. The
    > > router will block all unsolicited inbound attempts, so that's your first
    > > layer (border). The personal firewall will block outbound.

    >
    > I'm a bit confused by this router stuff. I have a cable connection to
    > a single home computer running Win98SE. Gibson's site says I'm
    > stealthed using free ZoneAlarm. Should I have a router? Is it
    > straightforward to configure with a cable modem for someone who
    > knows little about these things?
    >


    With w98 and ZA you are about as safe as you can get without having
    anything else.

    I would never put any computer on the net without the router, but a W98
    box with file and printer sharing disabled/removed and fully patched
    with ZA running also would be reasonably safe.

    --
    --

    (Remove 999 to reply to me)
     
    Leythos, Feb 22, 2004
    #20
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Ron
    Replies:
    29
    Views:
    1,052
    Ed Mullen
    Nov 15, 2005
  2. Pavlov
    Replies:
    0
    Views:
    453
    Pavlov
    Apr 21, 2004
  3. you know who maybe

    Check for vulnerabilities in Cisco IOS?

    you know who maybe, Feb 9, 2006, in forum: Cisco
    Replies:
    3
    Views:
    861
    mickrussom
    Jul 31, 2006
  4. John Owens

    Does MSN Messenger create more vulnerabilities ?

    John Owens, Jul 11, 2003, in forum: Computer Support
    Replies:
    0
    Views:
    502
    John Owens
    Jul 11, 2003
  5. Boomer
    Replies:
    1
    Views:
    813
    Hugh Lilly
    Aug 27, 2003
Loading...

Share This Page