I read that spyware and trojans exist which can't be detected by the virus scanning software, which are not blocked or detected by firewalls and which go into hiding when you activate the task manager, so that you can't identify the related process(es).
Is there any secure way to identify such malware? Which firewall (or virus scanner) for XP would you recommend?
Long
I am by no means as competent in this field as the gurus but I am coming to understand the difficulty of making sure your computer is not compromised. When I read PHRAK online I realized that true internet security and privacy was an illusion in flux.
There are many layers of processes between your display/keyboard and the engine that makes it happen. I think the kernal [machine launguage]is the lowest level and when malware and 'security'-ware interact at the same level some clever-er person will always be able to obfuscate their actions. EG; code melts away after assembling bits of seemingly begnine code from multiple locations on your HD, code interacts with the security software rendering it ineffectual..... I think M$-Vista tries to get around that by making the kernal level code 'offlimits' to ALL developers. This means the 'goodguys' are subject to rules the badguys aren't...Hmmm, much like police work.
FWIW, I am at the point where utility vs the game of hacking/counterhacking is beyond most online persons and suggest perhaps:
1/ never connect a computer with valuable or sensitive information to the wall. Think of it like leaving a locked safe on your front lawn ...eventually someone will get in if for no other reason that 'becasue'. I could never understand why the Pentagon had to have critical Nuclear weapon information on internet connected computers??? Nor why our sensitive Credit Card info is similarly exposed by collection points and financial institutes. Recent news attests to the inherent vulnerability of purchase documents to nepharious users. 2/ For internet access, use a simply configured, software firewalled, hardware firewalled [eg, Linksys router] and keep the install disks close at hand. 3/ Even having 'no valuable information' on your computer doesn't prevent you from being targeted... people need open boxes to hide their identity and you can easily and unwittingly assist that task if connected 'insecurely' 4/ RE 3...you are always connected insecurely relative to somebodies skill or persistence. 5/ the mind can't devise a means of revealing everything 'knowable'...the very process of examination changes the state of being. The corollary to that is "if you can imagine a lock, you can imagine a key or hack"Warf...take me now, I confess- my dirty pics of Paris Hilton should have been better concealed![g]
Thanks for the reply. Another question: does the 'connection status' window always show if there is some data flow (in both directions) or is there malware capable of sending/receiving data so that it does not show in the counts of the connection status window? A few years ago I detected a trojan by observing that data was flowing even if it should not (that was before I installed the firewall).
If that's what you're looking at, then you have serious problems in determining if malware is running on your machine.
And if you're depended upon some kind of snake-oil in personal FW's, AV's or other forms of snake-oil malware detection solutions running on the machine to tell you what's happening, then you have problems as every last bit of it can be circumvented and defeated.
Again, the tools in the link I provided will help you in the determination and detection of malware that has circumvented the snake-oil solutions you want to depend upon.
Perhaps you misunderstood my question. And by the way I checked the link you posted. Browsed among others through the list of processes and the entries in the windows registry, but could not spot anything suspicious, probably because I'm not an expert and have no idea of what most processes and registry entries are anyway.
By the way, what tools specifically are you referring to? Perhaps I missed something.
Anyway, getting back to my original question, I simply asked if the connection status window always shows the count of bytes which leave the computer or if even that count could be faked.
You can look at the registry, but most home users have no business in the registry trying to do anything, as messing with the registry manually and not knowing what you're doing can sure hose the O/S and make the O/S non functional.
Malware can fool the O/S as explained in the link provided.
You should practice safe hex as much as possible.
One other thing, if you want to know what traffic is leaving the computer, then use a packet sniffer like (free) Ethereal or others.
Thanks, I'll go through the links you posted.
You say you want out of the box protection - do not even think about Jetico. It requires knowledge of network security and is not at all easy to configure.
Buy Outpost Pro and let it run out of the box. It will ask a few very basic questions. They all do. As you become more familiar with the product you can begin to tweek the in/out security tighter and tighter.
Buy Superantispyware pro. Let it run all the time. Very frequent updates. Download free Adaware (Lavasoft) Download free Spybot Use the free ones as a double check
Download free AVG.
Use the free System Safty Monitor (google for this product)
There is no way to have perfect protection short of non-connection. If you do the things I suggested you will be reasonably safe. Do not go to p*rn or warez sites.
Old Garibaldi
Every security measure dealing with network security requires intimate knowledge about networking. Either that, or somewhere tries to scam you with claims of semi-intelligent software and strange wizards.
And then uninstall it after finding out how insecure and broken it is.
Bullshit.
The same which has been ripped of on rootkit.com?
Hm... I could imagine more constructive ways to waste time.
And then? A fool with a tool is still a foll.
Yeah, laden your systems with zillions of useless software products.
You'd wish.
How should anyone enforce this? Hint: You can't. About every legitimate site includes third-party content, usually for advertisement. Evil guys can and do pay them to include malicious content.
Did they fix their bad security design flaws now?
Yours, VB.
Uups... where did I write that I want out of the box protection? I have no problem configuring a firewall or learning to do so (in case my knowledge is not sufficient).
Mr. Gottschalk
Perhaps you are a troll, perhaps not. If you are not, I do not think you know as much as you pretend to know.
To Mr. Molen - I misunderstood you and I'm sorry. I did not mean to dis your expertise with network security.
...said the one who suggested replacing thinking of the user with non-thinking software, usually of the crapware category.
At any rate, it seems like you're not even aware of the privilege escalation vulnerabilities that your oh-so-praised Outpost Pro adds to the system whereas the vendor denies any fix.
I guess you also missed how Ad-Aware was ripped off in an article on . Explains very well why it's so slow and ineffective. Generally, any such "anti spyware software" is, for obvious reasons.
Your suggestion won't help any bit with securing the system.
Depends on what you're talking about. If you're talking about I.T. skills, Seb probably knows a lot. But if you're taking about social skills, then I guess he scores about -1 on a scale of 1-10. We're pretty much used to his style here. He's become a bit of a character - basically a 'Grumpy Old Man'!
Jim Ford
Depends on what you're talking about. If you're talking about I.T. skills, Seb probably knows a lot. But if you're taking about social skills, then I guess he scores about -1 on a scale of 1-10. We're pretty much used to his style here. He's become a bit of a character - our resident 'Grumpy Old Man'!
Jim Ford
Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.