I've noticed over the past few days that proxomitron is stopping access to port 1239 by such malware as "Red Sherrif" "Bargain Buddy" and other little gems. Can I instruct Kerio firewall to block this port on a permanent basis, and am I likely to experience any problems with the operation of my PC? Is it the opion of the followers of this NG that ZA is a better firewall than Kerio? And how are these malware programms accessing my PC in the first place. I run a firewall, anti-virus and run spam blocking programs and check for malware regularly. I've yet to find anything on the PC. I run Spybot, Ad-Aware, MS antispyware, Spywareblaster. All up to date and all configured to run full system scans.
Peter James wrote in news: snipped-for-privacy@4ax.com:
What are you talking about here? The operative word here that you have mentioned is *STOPPING*. The personal FW solution is stopping the unsolicited scans, probes and attacks.
If a malware program was running on your machine, then it would have made a solicitation for traffic to the remote site (phoned home) and the FW would have let the communication between the malware program running on your machine and the one sitting at the remote site, otherwise if the no program running on your machine is making the solicitation to a remote site by sending outbound traffic to it, then the PFW solution is going drop the inbound traffic at the FW.
That's not happening no malware program is running on your machine and is (listening) for return traffic on the above port. It's just everyday scans, probes for vulnerable machines that have been compromised and other Internet background noise and the PFW is stopping it.
And if malware somehow made it to your machine, then you or someone using the keyboard and mouse contributed to it with the happy fingers that clicks on unknown links and email attachments. It doesn't happen by itself.
Yes, and I would think that one could set a rule with a PFW solution to block traffic on a specified port if one chooses to create that rule.
I don't think I made myself very clear here. What I meant was, how is it, that inspite of all the secuity I have running on my PC these sites were attempting to access my PC. Are you saying that these attempts are from outside of the PC. to put it crudely, rather than as a process from within the PC?
You have made youself perfectly clear. You have unsolicited inbound traffic scans, probes and attacks along with other background noise that are reaching the PFW and they are being dropped by the PFW. It's everyday life out there on the Internet.
There are two types of inbound traffic the PFW solution will consider. Solicited traffic is any program running on the machine that has sent outbound traffic to a remote site, the PFW is going to allow that traffic back to the machine and to the listening program. Unsolicited traffic is any inbound traffic that has not been solicited that hits the PFW is dropped by PFW. If a Trojan has sent outbound traffic from behind the FW that's solicited traffic and the FW is going to allow that traffic.
You should learn the basics about FW(s) hardware or software wise.
formatting link
And how is it possible that malware can circumvent and defeat anything running with the O/S such as a PFW or spyware detection and AV programs that are a dime short and a dollar late in the detection is because the end-user contributed to the compromise 99% of the time with the happy fingers that click on something that leads to the compromise.
You seem to need to know the basics.
the long version
formatting link
the short version
formatting link
The buck stops with the O/S. The buck doesn't stop with the PFW, spyware, or AV. If you shut down vulnerable services that shuts down ports and do other things to secure the O/S, it will help in the protection of a machine that has a direct connection (no router sitting infront of the machine between the internet and the computer) to the Internet. It's best to secure the O/S as much as possible in that situation.
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here.
All logos and trade names are the property of their respective owners.