I read that spyware and trojans exist which can't be detected by the virus scanning software, which are not blocked or detected by firewalls and which go into hiding when you activate the task manager, so that you can't identify the related process(es).
Is there any secure way to identify such malware? Which firewall (or virus scanner) for XP would you recommend?
I am by no means as competent in this field as the gurus but I am coming to understand the difficulty of making sure your computer is not compromised. When I read PHRAK online I realized that true internet security and privacy was an illusion in flux.
There are many layers of processes between your display/keyboard and the engine that makes it happen. I think the kernal [machine launguage]is the lowest level and when malware and 'security'-ware interact at the same level some clever-er person will always be able to obfuscate their actions. EG; code melts away after assembling bits of seemingly begnine code from multiple locations on your HD, code interacts with the security software rendering it ineffectual..... I think M$-Vista tries to get around that by making the kernal level code 'offlimits' to ALL developers. This means the 'goodguys' are subject to rules the badguys aren't...Hmmm, much like police work.
FWIW, I am at the point where utility vs the game of hacking/counterhacking is beyond most online persons and suggest perhaps:
1/ never connect a computer with valuable or sensitive information to the wall. Think of it like leaving a locked safe on your front lawn ...eventually someone will get in if for no other reason that 'becasue'. I could never understand why the Pentagon had to have critical Nuclear weapon information on internet connected computers??? Nor why our sensitive Credit Card info is similarly exposed by collection points and financial institutes. Recent news attests to the inherent vulnerability of purchase documents to nepharious users.
2/ For internet access, use a simply configured, software firewalled, hardware firewalled [eg, Linksys router] and keep the install disks close at hand.
3/ Even having 'no valuable information' on your computer doesn't prevent you from being targeted... people need open boxes to hide their identity and you can easily and unwittingly assist that task if connected 'insecurely'
4/ RE 3...you are always connected insecurely relative to somebodies skill or persistence.
5/ the mind can't devise a means of revealing everything 'knowable'...the very process of examination changes the state of being. The corollary to that is "if you can imagine a lock, you can imagine a key or hack"
Warf...take me now, I confess- my dirty pics of Paris Hilton should have been better concealed![g]
Thanks for the reply. Another question: does the 'connection status' window always show if there is some data flow (in both directions) or is there malware capable of sending/receiving data so that it does not show in the counts of the connection status window? A few years ago I detected a trojan by observing that data was flowing even if it should not (that was before I installed the firewall).
If that's what you're looking at, then you have serious problems in determining if malware is running on your machine.
And if you're depended upon some kind of snake-oil in personal FW's, AV's or other forms of snake-oil malware detection solutions running on the machine to tell you what's happening, then you have problems as every last bit of it can be circumvented and defeated.
Again, the tools in the link I provided will help you in the determination and detection of malware that has circumvented the snake-oil solutions you want to depend upon.
Perhaps you misunderstood my question. And by the way I checked the link you posted. Browsed among others through the list of processes and the entries in the windows registry, but could not spot anything suspicious, probably because I'm not an expert and have no idea of what most processes and registry entries are anyway.
By the way, what tools specifically are you referring to? Perhaps I missed something.
Anyway, getting back to my original question, I simply asked if the connection status window always shows the count of bytes which leave the computer or if even that count could be faked.
You can look at the registry, but most home users have no business in the registry trying to do anything, as messing with the registry manually and not knowing what you're doing can sure hose the O/S and make the O/S non functional.
I suggest you go to SystemInternals and download the software and use it to dill down into a running process and see what hidden processes legit or not legit, such as malware, are hosted or could be hosted by a running process. There are plenty of articles out on Google that will show you how to effectively use PE to look for yourself at what's running on the computer.
The three tools which are (free) were being discussed in the original link I provided. I suggest you go back and read those sections in the original link.
Malware can fool the O/S as explained in the link provided.
You should cut down the attack vector on your computer as much as possible, like if the machine has a direct connection to the modem, no router between the computer and the modem, then remove Client for MS Networks and MS File and Print Sharing off of the NIC or dial-up connection. The computer has no business in any networking situation with a machine that has a direct connection to the modem, which is a direct connection to the Internet.
There are other links out on Google that tell *you* the home user which NT Services on a NT based O/S such as XP can be safely shutdown that will help in closing the attack vector on the O/S.
You say you want out of the box protection - do not even think about Jetico. It requires knowledge of network security and is not at all easy to configure.
Buy Outpost Pro and let it run out of the box. It will ask a few very basic questions. They all do. As you become more familiar with the product you can begin to tweek the in/out security tighter and tighter.
Buy Superantispyware pro. Let it run all the time. Very frequent updates. Download free Adaware (Lavasoft) Download free Spybot Use the free ones as a double check
Download free AVG.
Use the free System Safty Monitor (google for this product)
There is no way to have perfect protection short of non-connection. If you do the things I suggested you will be reasonably safe. Do not go to p*rn or warez sites.
Every security measure dealing with network security requires intimate knowledge about networking. Either that, or somewhere tries to scam you with claims of semi-intelligent software and strange wizards.
And then uninstall it after finding out how insecure and broken it is.
The same which has been ripped of on rootkit.com?
Hm... I could imagine more constructive ways to waste time.
And then? A fool with a tool is still a foll.
Yeah, laden your systems with zillions of useless software products.
How should anyone enforce this? Hint: You can't. About every legitimate site includes third-party content, usually for advertisement. Evil guys can and do pay them to include malicious content.
Depends on what you're talking about. If you're talking about I.T. skills, Seb probably knows a lot. But if you're taking about social skills, then I guess he scores about -1 on a scale of 1-10. We're pretty much used to his style here. He's become a bit of a character - basically a 'Grumpy Old Man'!
Depends on what you're talking about. If you're talking about I.T. skills, Seb probably knows a lot. But if you're taking about social skills, then I guess he scores about -1 on a scale of 1-10. We're pretty much used to his style here. He's become a bit of a character - our resident 'Grumpy Old Man'!