BWX

Continued from feedback-
http://www.hardwareheaven.com/showthre...013#post289013







Yeah, after looking at that list I see it is pretty outdated.

I use NAV 2002, but I only use it for full system scans and email scanning. I don't even have auto protect or script blocking on, NAV just pops up when open my emails, it doesn't even go into the sys tray when I start my machine.

Actually I've never run into any so called "problems" with the current setup I have besides the one I described in the post above. I think maybe ZAP was just doing it's job and got hung up or something. It does block quite a few scans every day, but it has never used that many CPU cycles before, and I can't even say that it was then either, something was, but I couldn't tell what, even in the task manager.

The only other thing I have running is Google toolbar- it blocks pop-ups that I set it to block. I did 2 full system scans w/ NAV after an update list and it came out clean, of course that doesn't guarantee anything....

I've never had any virus infections though- but I've cleaned many off other people's machines. "The Cleaner", I'll have to look that up-

One more thing I forgot, once in a while I'll use peer guardian just experimenting w/ it- Usually when I turn it on it instantly blocks a few IP's and I see them in the log. The funny thing is that allot a times it blocks 127.0.0.1: xxxx


Like I just turned it on, looked at the logs and I see this, which is common.

01-31-2004, 12:05:27, 68.168.78.100:110
01-31-2004, 12:05:27, 127.0.0.1: 1287

That seems strange to me, and I'm not sure but I think that 127.0.0.1:1287 is blocking an internal port or something.....


Everything seems fine now as far as what happened the other day, unless someone is very sneaky and deliberately trying to hack my system, but I really doubt it.



EDIT-
just since I wrote this post, now this is what my PG logs look like just for the past few minutes- this is normal for me though, and I havent' even been surfing around.

01-31-2004, 12:13:40, 216.127.74.135:80
01-31-2004, 12:13:42, 63.208.33.9:80
01-31-2004, 12:13:43, 66.150.87.2:80
01-31-2004, 12:13:43, 12.130.12.31:80
01-31-2004, 12:13:43, 63.208.33.8:80
01-31-2004, 12:14:17, 168.143.100.10:80
01-31-2004, 12:15:33, 64.0.96.8:80

It's doing something-and these are things that ZA probably wouldn't block with the settings I run.

__________________

BWX

Actually I was just going through the logs of P/G and found something I really like seeing-

01-22-2004, 04:21:21, 66.35.229.209:80

Rejected: 66.35.229.209 - GainCME (Spyware) (01-22-2004 @ 04:21:21)

01-22-2004, 04:24:35, 209.225.5.229:80


That makes it worth running right there- it probably just blocked an ad or something, but still, my girlfriend used this PC too- so she might do something or get tricked by an add or email that I would know not to open/click on. Actually PG seems to get along well with ZAP and NAV, and doesn't seem to cause problems. It only blocks TCP though, and that's why I think I'm gonna check out that Protowall as seen in the news on the front page. http://www.hardwareheaven.com/index.ph...articleid=9630


The more I learn about Firewalls, and RIAA blockers, the more I want to use them and learn how to configure them. I can't believe I used to not run any firewall at all- But I did, and I never got one single virus that I know of. But I always used my head and kept windows up to date too which is just about as good as running a software firewall...

Soon I will be getting a NAT router, and using the hardware firewall and ditch software firewalls all together.

__________________

PangingJr

NAV 2002 is fine as long as you dont have any prob with its email scan,
NAV 2001 - 2004 uses the same dat files, just scan engine improving on newer versions.
but if you find it take very long time for scanning an outbound mail and you like to use Norton, Or for your next re-format.. go with the Symantec Crop v7.6 - v8.0 (if you can find it) or NAV 2003.
as for FW... i'd suggest you to keep ZAP as for now but do this.. go to E-mail Protecttion and turn off the MailSafe. use only NAV for all email scanning.
for your next re-format, check out the combination of NAV 2003 and Norton Personnel Firewall 2003.
personally, i do not use nortons atm, i've tested most of nortons retail versions, AV, FW, Systemworks and Ghost, i only keep Ghost 2003. i'm not try to convince you here, what i use on my internet PC atm and like it are.. Trend Micro internet Security v11., ZA Free, AdMuncher. its the set of my protection for antivirus, FW, Ads/popups.. i ran 2 FW softwares, both Trend Micro and ZA are on at all time. ZA gives me program notification, AdMuncher do Ads/popups a whole lot better than ZA Pro, Proxomitron is also good (and free) for Ads/popups.
IMO, Trend Micro (this version) includes very solid FW and AV.
you wont see anything in the windows task manager if it was a post scan and it could be,
and ZAP was trying to do its job..
check it out just incase.. you're looking for trojan horses/backdoor, NAV misses these viruses. if you cannot find the cleaner you can try the a² Scanner
(http://www.emsisoft.com/en/software/personal/) i never use it but i've seen they have a free version on their site.
that's port 80 its your web surfing and ZA wont block it.
the PG is designed for logging your movement on the web and protect whatever you've config it to do and it all shows on its logs.

BWX

Thasnks for tips, I'll try that cleaner and a2 scanner.

I also messed around with snort a little- But it's all command line- and not very user friendly- What I was trying to do with snort was to use it as an ITS, but ONLY log when it detected an intrusion possibility. I couldn't figure it out so I just quite using it. I still have it installed on my system though. Man, when I let it go into sniffer mode it spits out all kinds of network info- it looks like it's telling me everything going on on my default gateway- or who ever is on my node for my ISP. Basically just a bunch of IP addresses and that they are "tell"ing their default gateway or something. I wish Snort had a GUI, I could probably figure it out then.

I was just experimenting with it though, I really don't need that running at all. I will definitely be getting something like that "the cleaner" or "a2 scanner"- just to be on the safe side, you can't be to careful when you're using an "always on" cable internet connection w/o a router.

__________________

PangingJr

And when you're using windows and never know when you'll like or can use linux..
here's SECURITY TIPS for windows...

PangingJr

AntiTrojan Tools..
http://lists.gpick.com/pages/AntiTrojan_Tools.htm

the The Cleaner is easy to use but if you're going to pay for this kind of program, check out the TDS-3 its one of the best out there.

krazy1

If you want to use Snort in an easy but VERY good way go here Demarc . Demarc makes a IDS(Indrusion Detection System) that uses snort. The cool part is that it is FREE to home users. I have run their app, PureSecure now for 8 months and it is AWESOME!! All my servers here at home have PureSecure with Snort installed and it is very good and nice to have. I wish more companies would release corp lvl software to home users for free like this. Another app I use that is free to home users but is a corp lvl product is my Astaro firewall. Between Astaro firewall and PureSecure IDS, I have my network pretty well secured.

__________________

zerodamage

Dude, that isn't as good as running a software firewall. With a software firewall, anyone trying to probe you will not see you. You should be in "stealth" mode.

Without a firewall, you will be seen and your ports will merely be "Closed" instead of stealth. It's like wearing a t-shirt in the middle of winter claiming it is ok when you should be wearing your big winter coat.

krazy1

TDS-3 ROCKS!!! I bought that 2 years ago and I will NEVER use any other anti-trojan app. Daily updates and you just can't fool the program. It was more then worth the $50

__________________

BWX

I know it's not as good- but it's almost as good as far as the end results go I mean (*edit* -as far as MY end results I should say.).
The funny thing is, all that time I didn't use firewall, I never got attacked- It's really amazing to me that nothing weird ever happened.

I won't even turn my PC on without a firewall up now- I know not being in stealth mode is really crazy these days. I think Windows should come with an App. just like ZA Pro- The built in firewall is weak. I mean the whole problem is Windows in the first place, if XP came with a robust firewall and had a help file associated w/ it, imagine how much harder it would be for people to start these nasty viruses.

Even if I need to install a program or do a defrag or anything that I think I should turn off my firewall to accomplish, I always hit the standby button on my cable modem or disable my internet connection temporarily.

I have Zone Alarm set up on my Parent's PC, and I told both my brother's about it- You should have seen how much work ZAP was doing on my Mom's machine when I first turned it on! It stopped about 3000 scans in the first 2 days! She's in a different part of NYS- She has RoadRunner- I have Adelphia, I think RR where she is, is a much "dirtier" network. When I go home to check the logs I cannot believe how much work ZAP is doing. It's pretty amazing she never got hacked before too- she was running Win XP home with cable ISP and no Firewall for years also- I always had Norton on there with Auto-protect and Script-blocking, but that's not enough. When her subscription for that ran out she went out and got NAV 2003-

It is crazy to not run a firewall- I was talking to a lvl 2 tech at Adelphia the other day and he was telling me how they are starting to just shut people off when they are transmitting viruses out of their boxes- he also told me that they are starting to fine people who don't update their windows and if they are infected more than once. I think they should too- it's those people who are transmitting these viruses all over the place and costing the ISP's tons of money- and it's just because they have no idea what's going on.

__________________

BWX

I will definitely check that out! Sounds great.

__________________

BWX

http://lists.gpick.com/

Lists of Lists- Nice-- I know this will come in handy.

__________________

PangingJr

when talking about Internet Security in XP, by using native OS features, meaning there'll be no adding any new software or drivers to it. we can still do alot of thing in XP, Not just using the inbuilt firewall, let make it more capable/effective, adding IPSec Policies (Internet Protocol Security Policies - secpol.msc) and importing the windows Hosts file, both are XP IP security related features. i believe it should cames out well enough (also believed, it'll be a very long learning, lots of confusing and painful).