Is there a risk with firewalls? - Page 4

Have a question or want to start a discussion? Post it! No Registration Necessary.  Now with pictures!

Threaded View
Re: Is there a risk with firewalls?
Dear Ansgar, dear Mr. Arnold,

First: Win2k, my OS has the Task Manager. This program lists all running
processes.
It would be hard to discover malware among the various filenames it lists.
Since
Task Manager list running processes, Process Explorer would be superfluous,
true?

Second: Does malware run all the time? Your post seems to indicate so.
Task Manager indicates CPU usage. This would help to verify that malware
is running!

Third: I do not know what exactly AntiVir Guard scans under Laufende Pro-
zesse. All I know is that it says it scans "Laufende Prozesse".

I have done a scan with Kaspersky of the most sensitive area. The result
showed
21 infected files and 2 Viruses. The final report lists the 21 files as
not-a-virus
AD files BUT it lists no virus.The Ad-files are like those I have located
previously.
They consists of a randomly selected sequence of 8 letters, the extension is
.dll
and they are in C:\\WINNT\\System32.

An example would be njmfgxfp.dll. They are all 124 436 bytes long and were
created between June 15 and 18. Kaspersky calls them not-virus:AdWare.Win32.
Virtumonde.ki with no other info available and their definitions were added
to
Kaspersky's list on 14 June.
AntiVir Guard did not identify these 21 files nor any virus.

Why did Kaspersky not list the two Viruses they claim to have found?

Any comments?


Thank you
GR.


Quoted text here. Click to load it



Re: Is there a risk with firewalls?
Quoted text here. Click to load it

Wrong, since Process Explorer shows *way* more (crucial) information
about processes than the Windows Task Manager. These informations help
identifying rogue processes.

Quoted text here. Click to load it

Malware doesn't necessarily run all the time. However, it does not start
all by itself, but needs some mechanism to be run. That can be the user,
one of the many autorun-mechanisms Windows provides, the task scheduler
or several other ways.

Quoted text here. Click to load it

Usually virus scanners scan only files. As I said before "Laufende
Prozesse" means "running processes", which would imply that AntiVir
Guard scans not only files on your harddisk but also the processes in
your RAM.

Quoted text here. Click to load it

Because you configured it not to? Because it was manipulated by some
malware? Because the stars are not right? There's no way to tell without
a closer examination of your system.

However, apparently your system was compromised, and whatever did this
had administrative privileges (because it was able to create files in
%SystemRoot%\\system32). You can't trust anything any software running on
a compromised system tells you. The only reasonable way to clean your
system is to backup your data (expressly excluding any kind of
executable), and then flatten and rebuild your system.

http://www.microsoft.com/technet/community/columns/secmgmt/sm0504.mspx

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Is there a risk with firewalls?


Dear Mr. Arnold,

No, I am not intimidated by trolls. They are easy to recognize by their in-
ability to address a problem, their lack of good grammar and the absence
of social grace.

You said in your mail:

Quoted text here. Click to load it

The program Antivir Guard has the ability to scan "Laufende Prozesse", that
is "Ongoing Processes". Is that in some way equivalent to Process Explorer?
If
no ongoing processes are found and maleware can turn itself on and off
according to some algorithm, such a program might not be too valuable.

Greetings
GR.



Re: Is there a risk with firewalls?



Quoted text here. Click to load it

No,  it's not even in the ballpark with PE.

Quoted text here. Click to load it

Malware likes to piggy back off of other processes that are running to hide
or disguise itself, so that it's not easily spotted.

And Task Manager is no match for Process Explorer, because Task Manager only
allows you to see the top process that's running.

PE allows you to not only to  see a top process that's running, but it also
allows you to look inside that top process and see the hidden processes that
are being hosted by the top process, such as a possible malware process.


Re: Is there a risk with firewalls?


Mr. Arnold wrote:


Quoted text here. Click to load it

But you're at least aware that you're either totally oversimplifying or
talking utter bullshit?

Re: Is there a risk with firewalls?


It's not read go away. You are a lunatic.

<Plank> that's a soft logical <plonk>.

Re: Is there a risk with firewalls?
Mr. Arnold wrote:


Quoted text here. Click to load it


No. The NAT router's job is to provide connectivity by NAT. In fact, a 1:1
masquerading with full forwarding is a perfectly normal option, and even
guessing the target on 1:many is semi-valid. Not to mention that previous
NAT sessions might not have expired yet, and thus the router is forwarding
as well.

Quoted text here. Click to load it

You'd wish...

Re: Is there a risk with firewalls?
Quoted text here. Click to load it

Will you please saddle up your cockroach and ride out of this thread because
99.9% of the time, you are a worthless POS.


Re: Is there a risk with firewalls?
Mr. Arnold wrote:


Quoted text here. Click to load it

I'd title this post: "self-exposure of a troll"

Re: Is there a risk with firewalls?
You read my other post. It applies to you here as well.

<Plank>

Re: Is there a risk with firewalls?
One other thing here, you don't need to answer any of it, please.

Do you even notice what a nuisance you are in this NG,  and how you have
dragged this NG down?

Do you even notice how most of the regulars pretty much mind their own
business and post to the OP while you in the meantime attack everyone with
running up and down the threads?

This NG use to be a lot livelier with a mixture of professionals and
non-professionals that frequent the NG seeking help, until you showed one
day out from under a rock and started choking the NG out. :(


Re: Is there a risk with firewalls?
Mr. Arnold wrote:


Quoted text here. Click to load it


So far, I can only see this applying to you.

Oh, and would you please stop giving ill-advised suggestions that even you
should know how wrong they are? This guy is about to actually buy a NAT
router, which will just make everything fail again.

Re: Is there a risk with firewalls?
You replied anyway, my God. When you're in this state of mind with pure lip
dribbling,  you know I am not reading it. :)

What a problem you have that you cannot control yourself  with your postings
in this NG.


Re: Is there a risk with firewalls?
Sebastian G. wrote:
Quoted text here. Click to load it

If you'd pull your head from whatever holes it's currently in, you'd realize
that your methods of "teaching" are anything but constructive.

--
Notan

Re: Is there a risk with firewalls?
Notan wrote:

Quoted text here. Click to load it

Now what about one step after another? First deconstructing the nonsense,
then thinking about the problem again, and then you'll start building a real
solution.

Sorry for not suggesting a solution without even thinking about the problem
again for figuring out what the actual problem is.

Re: Is there a risk with firewalls?
Sebastian G. wrote:
Quoted text here. Click to load it

You just don't get it.

 From what I've read, you've got a bunch of knowledge, but your attitude and
method of presentation is so condescending, among other negative attributes,
that it's all but wasted.

--
Notan

Re: Is there a risk with firewalls?
Notan wrote:


Quoted text here. Click to load it


The word you were searching for might have been "honest" or "direct". As you
might understand, this is a place for discussing, not for cuddling and soft
caressing. If some people have a problem with that, it's definitely not my
fault.

BTW, isn't this getting a little bit offtopic?

Now, would someone please get a point that typical NAT router don't
magically drop every packet with unknown target, but rather takes measure
of guessing the target and forwarding it by chance? That's why Stephen's
suggestion is so misguided, since it won't help at all with protecting a
vulnerable system.

Re: Is there a risk with firewalls?
Sebastian G. wrote:
Quoted text here. Click to load it

The word is "condescending"

Honest and direct.

--
Notan

Re: Is there a risk with firewalls?
Sebastian G. wrote:

<snip>
Quoted text here. Click to load it


what do you mean 'guess the target' ?

If the NAT router receives an incoming it blocks it, unless port
forwarding has been set up.

I don't see any guessing.


Re: Is there a risk with firewalls?
jameshanley39@yahoo.co.uk wrote:

Quoted text here. Click to load it


Exactly that: Applying some programmed algorithm that selects the most
likely target. For example, if the router assigns IP adresses via DHCP and
has only seen one client so far, he could forward everything there. Or if
there are multiple clients and one has eMule running, the router has already
seen TCP segments on port 4662, then incoming packets with ports 4661, 4665
and 4672 are forwarded there. Or if he saw an FTP connection and read a PORT
command, it might also setup the appropriate forwarding.

Quoted text here. Click to load it


That's how it should be.
However, the implementors are interested on providing maximum connectivity
and reducing support costs. If the router does some good guessing, the better.

Quoted text here. Click to load it

Well, did you actually test your router's implementation?

Site Timeline