However, I run NewsProxy on my network, and have it configured to listen on a port other than 119. NewsProxy sits between the network, and my ISP news server, and acts as both a killfile and a filter. Only Outlook Express can access news servers and/or proxies on ports other than 119. Since I want to have a proxy for news on my network on a port other than 119, I am stuck using Outlook Express.
snipped-for-privacy@address.com (Joe Samangitak) wrote in news: snipped-for-privacy@posting.google.com:
Obviously, none of it makes a difference and it is all trash that has given you a false sense of security, especially that stealh crap. ;-)
Well, that's going to happen when a machine is compromised by a malware program designed to do it, since it's going to look for those things and take them down leaving the machine wide open to attack.
Well as long as you're running a host based FW that's running on the machine with the O/S, there is always going to be a chance that a personal FW/host based FW solution is going to be taken down. Secondly, malware detection programs are always going to be a dime short and a dollar late in the protection and can be easily be circumvented and defeated by malware as you can see, although I do run AD-Aware once in a blue Moon on the machines on as maintenance and a good AV.
Maybe, you should look into getting a standalone appliance such as a NAT router or a low-end FW appliance and implement it in the protection. Most NT routers are not FW(s) and cannot stop outbound traffic but are good enough in the home protection as long as one is not doing high risk things like port forwarding. Some do supplement a NAT router with PFW solution running on the machine for outbound protection. On the other hand, a low- end FW appliance that can stop inbound or outbound by port, protocol and IP and a few other things that a true FW does, one doesn't need all the bells and whistle trash running on the machine. One really doesn't need them with a good NAT router either.
Some say to *harden* the NT based O/S like XP to attack, which is not a bad thing. Also, some say to not run as Admin on the Internet and that again is not a bad thing, but let's face it how many actually do it. But the reality for me is that I do run with Admin rights and have done a couple of things in *hardening* area and that's about it.
The one thing I have done is not use IE as much as I use to and use Firefox. But to be honest, I still use IE at a good rate for convince. However, Firefox is my default browser that will start when clicking on links in emails or other such things that contain links. There is much less of a chance of being attacked that way using Firefox instead of IE.
I leave the machines up 24/7 365 both Windows and Linux machines because of the FW appliance I have sitting in front of the machines protecting the network. I would never do such a thing with a host based FW running on the machine and a direct connection with the machine on the Internet with a broadband connection.
The bottom line is that the buck stops with you in the protection and it really doesn't matter what is running on the machine or setting in front of the machine as malware can circumvent and defeat ALL OF IT if given the right conditions once you CLICK on something, which is not much on a Windows based O/S. If you do the right things in using your common sense like not clicking on unknown links and things of that nature, it will go a long way in the protection.
Duane :)
Tiny is pretty good. I have been using that on my network for years (though I dont think they make a freeware version anymore). It is pretty good at stopping outside attacks. It is also quite flexible, much more so than hardware appliance.
I will agree there. Ghost came with one computer years ago, and I regularly ghost my machines to get rid of anything that I might now know about. I ghost my machines once a month as part of a regular maintenance schedule. You will need a second hard disk, and a floppy to boot from, to do this. I open up the machine, attach the second hard disk, boot from the floppy, and then ghost the machine.
I'm curious to see an answer that helps me out with advice that I don't already know. Recommendations for virus programs etc are not going to help, since I already mentioned in my ad that I had what may be the best virus program on the market installed, still got a trojan. Same with firewalls, had one installed, spent a lot of time with the Kerio ruleset, blocking off dangerous ports like 135, until ALL open ports were stealthed, and still got a trojan. I'm not running as Administrator, just as a user with admin rights, still got a trojan. I don't need a network setup, so don't have a router. Even so, if you say I should steer clear of any sites where I might download a virus, then the hardware router is obviously not going to protect me either. I can't know which site might send me a trojan.
Bottom line, I don't have a problem knowing when I'm infected. I don't need programs like HijackThis, because I already know what should and shouldn't be present in the task manager. My problem is avoiding getting infected in the first place, since SP2, a good virus program and firewall, as well as a resident program that alerts me to other programs trying to install themselves in my startup have proven to be insufficient in protecting me. Especially if the trojan can disable these programs (I'm assuming hackers have already figured out how to disable SP2's systray warning from the security center). And I've been using FireFox and Opera for a long time, avoiding IE like the plague. But my browser choice had nothing to do with the trojan's ability to load programs on my system and use TFTP to send data out.
The nice thing about the Corp Edition is that it doesn't expire every year like Norton AV does. I still have clients running 7.6 that get updates that I can't convenience to upgrade.
That's a very different situation from what I described.
Indeed, and that's a very different situation from what I described.
I think we've had this discussion before. Say you run a web server on the
*inside*. The remote client sends off a bunch of requests to your web server, as follows (keep in mind that the client is remote and the server local):Client port 1430 -> server port 80 OK Server port 80 -> client port 1430 OK Client port 1431 -> server port 80 OK Server port 80 -> client port 1431 OK Client port 1432 -> server port 80 OK Server port 80 -> client port 1432 OK Client port 1433 -> server port 80 OK Server port 80 -> client port 1433 BZZT - DROPPED Client port 1434 -> server port 80 OK Server port 80 -> client port 1434 BZZT - DROPPED
You're thinking of the port as a *listening* port, but it can just as well be used as a high port for outgoing traffic, in which case it's used for
*return* traffic. And cheap NAT devices can't block the port while still allowing it used for outgoing return traffic.It blocks outbound *return* traffic. Since Windows uses incremental high range ports to connect to remote services, ports 1433 and 1434 usually
*will* get used pretty quickly as the source ports. That it's two ports in a row makes it especially bad, since Windows increments by 1.Regards,
No yer not. Any news client that is worth anything will let you change ports. newsbin pro does, newsleecher does and so do most of the others.
Yes, the Corporate Edition also doesn't install more than a dozen different services, registry Run section triggers and scheduled tasks, like the consumer version does. One or two services is all.
You can also check the version of the corporate edition from the outside, which is quite useful for firewalls that support this -- if a client doesn't have the latest virus definitions installed, you can block it from accessing the outside. But how (I hear you cry) can you download the latest virus definitions if your firewall blocks you? Simple -- with the corporate edition, you normally don't download the updates directly from Symantec to the client, but from a local liveupdate server on the only computer that needs to fetch them from the outside. Less bandwidth wasted, and greater security -- clients can still get the latest downloaded update from the local server even if the internet connection is down, and there's an audit trail of which computers have updated and which haven't.
Regards,
Simple answer. Buy a router, nuff said.
That's not the problem. The problem is that the text is *always* going through a rendering engine that parses the text. You *can't* display the text verbatim and unparsed in Thunderbird -- it's not possible.
Regards,
It is insanely stupid not to have a router. they are much better then software firewalls. basically they won't let anything in. not unless you specifically ask for it really. i have not once had a virus that my routers have let through. not once. i do not use firewall software cus a router that has spi and is descent enough and you don't need a software firewall. i never have one on one pc in my home and not once has it ever been attacked or virus or anything. a normal linksys 1 port router i used to use and never had attacks, then i upgraded to a belkin and zywall and now sonicwall. never had issues. the only thing a pc should have is a virus app. i can't imagine how you got infected. other then your software firewall let it through or something on your end messed up like the user, or the software wasn't configged right, then it goes back to the user etc. just get a router and plug it in, don't need a firewall software unless the user downloads stupid apps with spyware and all that junk.
your message really kinda pisses me off cus you seem ignorant and not willing to listen to anyone. we have all given you good info and you are like none of it is good enough or i already know. well if you already knew you wouldn't be in this position now would you?
just buy a router and then yer safe in my opinion. i say safe cus i never had problems, no one i knows has had any issues at all with attakcs, viruses nothing. and they all run routers. even the most simple ones are good enough cus i know no one who has a problem with the net who is behind one.
No, outside client tries to connect from port XYZ to your port 1433 and if you forward it inbound then it works just fine.
Inside client tries to connect to outside service listening on their (remote) port 1433 and is blocked - this means that your local computers can not connect to the MS SQL port listener service at the REMOTE COMPUTERS site.
If the remote computer is using 1433/1434 for something listening other than SQL Server (which should not be directly exposed to the internet anyway) then you need to get a better service.
The only thing that should be listening on 1433 is SQL Server, unless your running some non-standard application. Check the Port lists, 1433 is for MS SQL server.
Nope, it does not block outbound normal traffic, except to REPORT DESTINATION PORTS that are already defined as used by services that should not be exposed to the internet.
Corporate Edition 9 includes scanning of POP/SMTP, MS Exchange and Notes connections, has a smaller footprint, seems to be more efficient, and I can setup a server to manage all the clients from one location - in other words I can set the properties and the users can't override them.
Thunderbird can use other ports besides 119.
John
Smarter firewalls can identify p2p traffic and block it dynamically.
Well a reasonable fee to keep development going and virus definitions current is a good thing.
John
That would be very silly for those of us who reboot every few months. Better to have it check late on Tuesdays, since Microsoft now always release their security fixes on Tuesdays.
Huh? Thunderbird does Usenet too, and so do a whole lot of other clients.
Ever heard of "Run As", or even better, setting specific privileges through the Security MMC snap-in?
Why should I do that instead of a weekly complete backup with daily increments? That way, I don't have to reboot, which Ghost requires.
It doesn't ensure that at all. You can easily ghost malware before you know you've been infected.
Charles Newman
Bullshit. Most news clients let you specify the port. I can't remember ever encountering a news client that *won't* let you specify the port.
No, you're stuck because you *think* you're stuck.
Most likely the mofo who circumvented your security was... you. ;) Chances are you got the bug in something you downloaded, or someone else has access to your system and they downloaded it.
You have to be careful what you download and run on your system. Without that, there really is no protection that will help. It's pretty much the same as your home. You can have a cast iron front door and it won't do you a bit of good if you open it and invite the axe murderer in for tea.
A good NAT device with SPI, at minimum, is a must. Nothing is perfect, but it will provide a good level of protection from *outside* attacks.
A software firewall is good to have as well since it can alert you to a program trying to connect out of your machine. But as you've seen, it's just software and a trojan can possibly deactivate it.
A virus scanner is a must since they can often detect a trojan before you run it. But again, it's just software. An AVS can be defeated, or may not recognize a new variant of a trojan.
Avoid honey-pots unless you are prepared to deal with the possible consequences. Viruses/worms/trojans survive by propagating in one way or another. The best way to do that is to put them in things that people are likely to run but may feel guilty for admitting. In other words, pirated software, warez sites, crack sites, etc. If you ever trudge into cesspools, wear boots.
My best recommendation: Ghost, or another system imaging program. Image your system partition on a regular basis and you can always restore it and have a clean slate. Imaging the system partition to another partition, or another hard drive, is a very quick way of ensuring peace of mind. So if you run into something goofy and think "It was behaving this way yesterday...", you can just restore yesterdays image and be done with it.
"Charles Newman" wrote in news:s5GdnQ_aYva snipped-for-privacy@comcast.com:
I am sorry Newman. I don't believe in App Control anymore. A personal FW solution such as Tiny will never be able to match the protection of a FW appliance -- ever -- not even a low end one. Tiny may be able to supplement a NAT router, which many consider to be hardware FW (I don't) and that's about it. I appreciate your support of Tiny. You'll have to convince someone else that Tiny is better than a standalone FW appliance, which I know it's not. I'll assume you know the difference between a NAT router that's being called a FW/hardware appliance with some FW like features as opposed to a FW appliance that is running a FW that meets the specs in the link.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.