I am sick of windows firewall

I'm trusting M$ so much, that I'm typing this on an Apple Powerbook into an aterm running on Debian GNU/Linux, which connects to a bash running on a Solaris box where my tin runs ;-)

If you don't like Microsoft's products, maybe you could consider to move to something else ;-)

Why are you using Windows then?

Yours, VB.

He's right. All the scanning and attacking traffic, which immediately arrives after connecting, usually is done automated.

:-P

Good idea.

Yours, VB.

Ah - you're referencing his Noodles.

SCNR, VB.

I do not run a Windows PC loaded with gigs of software by choice, it's merely a tool I require to do my job. I most certainly cannot afford the time to research and evaluate every update issued by vendors of software installed on my system - so I have to trust them to get it right.

I do have to ensure my system is available for use, because I earn nothing while it's down. To that end, I have incremental disk image backups scheduled hourly and spare hardware on the shelf. When something goes wrong, I don't care what caused it - automatic update, malicious software, power outage, hardware failure, whatever - my priority is to restore the system with minimal loss of work, and get back to the task at hand.

I let the tool vendors maintain the tools as they see fit, while I earn a living using them. Period.

Triffid

OK. Then, usenet is a place for discussion with newbies also. And, one should take into consideration the mental level of the person with whom one is discussing.

You are surely not saying that you are discussing with veteran, hence newbies better stay clear? :-x

I have got that appearing in All Program, though that is appearing in Control Panel also.

But, the entries in it are:

- Component Services

- Computer Management

- Data Sources (ODBC)

- Event Viewer

- Local Security Policy

- .Net Configuration

- .net wizard

- Performance

- Services

The above local security policy does not have that windows that appears from gpedit.exe.

got that. thanks.

ZA's Alerts and Logs are set to show only last 50 alerts, and they are full to the brim. However, I have set it to work silently and stop unwanted inbound traffic without informing me.

Now I checked the logs, and noticed that last 50 alerts in that list are all referring to some software that I had run, thus, I guess that the inbound traffic was caused only by some outbound traffic caused by my those software.

Dynamic IP address is alloted on the run by my ISP.

And, thank God for that, because rapidshare/ badongo/ etc free account for downloading files would not have worked if I had remained on fixed IP address. When they refuse to allow me to download anymore, I switch my modem off/ on to get a new IP address, and thus, able to download more from these sites.

technically, it is possible that I have infuriated some cracker in some ng, and he is out to take revenge. Thus, he knows the range of my IP address and can try all combinations.

Went to shields up site and checked common ports for a try.

It reported all as stealth except the following three ports:

----------------start

21 FTP OPEN! FTP servers have many known security vulnerabilities and the payoff from exploiting an insecure FTP server can be significant. This system's open FTP port is inviting intruders to examine your system more closely.

23 Telnet OPEN! Telnet provides a remote command prompt window which allows remote systems to be configured and controlled. Any system that appears to be offering a Telnet connection ? like yours is right now ? is offering the potential for total command-level access. Since a surprising number of Telnet servers are known to have no password, this open Telnet port will be attracting a LOT of the wrong kind of attention. If your network contains a residential NAT or DSL router, it may be that its "WAN-side" management interface is open and accepting connections. No matter what the cause, you should immediately attend to this open Telnet port.

80 HTTP OPEN! The web is so insecure these days that new security "exploits" are being discovered almost daily. There are many known problems with Microsoft's Personal Web Server (PWS) and its Frontpage Extensions that many people run on their personal machines. So having port 80 "open" as it is here causes intruders to wonder how much information you might be willing to give away.

----------------end

I am horrified. What to do about them? ?8-(

I had downloaded that and I occassionally run that. It will take some time to become conversant with that. However I just check that my recognized programs are appearing in the list: avg antivirus, Free Download Manager, Firefox, Thunderbird, Hamster

The programs that do not make sense to me, as yet, are: alg.ece:164 Listening, lsass.exe:632, svchost.exe on 820, 868,

912, and, something called System:4 Listening

Which of the above seems hostile?

Some more insight sought into the working of hackers/crackers.

Suppose I am offline (sleeping) overnight. I wake up in the morning, do my daily chores, and then boot the system and go on line.

How does a hacker/cracker come to know that I have come online, and I have been assigned a dynamic IP address by my ISP? That is, before my system sends some traffic to their site/pc that makes them aware of my pc's existence.

Is it that they are just randomly trying all 255.255.255.255 IP address and will manage to catch me sooner or later. Well, not very optimized method to suit the reputation of a hacker/ cracker.

Why do they make it so complicated.

I have netstat downloaded. I ran its netstatp.exe.

A command window opened. ZA asked whether to allow it to connect to net. I said yes. The command window closed.

There is no netstat icon/bar in systray, taskbar, quicklaunch, Start menu, anywhere.

How is it run?

--------

Start-Run-portqry.exe.

windows can't find this progam.

Is it already in xp? how to run it?

thanks.

See from the viewpoint of a common user.

You install xp. It comes with automatic update on.

You go on-line. Automatic update starts downloading updates.

When you shutdown the system, "Shutdown" has automatically got changed to "install updates and shutdown". As per your habit, you click on the very option that is otherwise "shutdown", and it installs the updates.

The harm is done.

If you try to select any other option in automatic update, it will keep on nagging you to select that first option. You need to silence its nagging.

Microsoft has so beautifully hidden Security/ Automatic Update/ Firewall/ AntiVirus in so many disconnected options and window that it took me quite some time to figure out how it is working and where these options are present. And I think I am slightly better-versed than a common home user.

And there are several windows thingies that behave exactly like that or worse.

Hence, it is a good pre-emptive measure to use a ZA style of outbound trafiic controller so that you immediately install it after your xp is up, and you can be sure that Mr Gates are no more able to Automatically Update your system.

I do want to update the updates, but I am scared shitless. reinstalling xp is a pain in the *** and everywhere else.

How do I identify which update is causing problem, and it is causing problem only for me because millions of users are getting them installed without any fuss?

OK.

I am treading into the realm controlled by Mr Gates, but I think that some better management of updates should be there. If something caused problem, there should be easier option of uninstalling it. Maybe, everything should be installed in some "trial" mode and should be kept under observation for some 24 hours or so. Maybe, you should be given Add-remove program window right at the time of starting windows so that you can install/ uninstall programs right there till it causes some violation/ conflict.

I really don't understand why I am needed to be in windows-loaded-and-running mode to install-uninstall a program. Isn't it the best to allow that right at the command prompt?

Tcpview/ Activeports etc are for techies. Thanks to the help received in this group, I am getting exposed to them. How many common users have heard of tcpview, and how many have basic intellect level to manage it?

ZA does it in a simple, user-friendly manner.

Downloaded and ran it.

wipfw.exe shows a window and disappears.

sh.exe brings a command window which I am not able to make head or tail of.

Share your knowledge with us. Make us safer. Please.

V wrote on 21 Mar 2006 19:27:16 GMT:

Not true. I had to reinstall XP just a few weeks. Granted, it was due to my primary hard drive failing as opposed to infection - but I don't install software downloaded from the net unless I trust it's source. So far 11 years of PC use on the net and not a single infection.

I've never had an XP install fail, and I've done at least 50. There is no need to count your breaths. You don't have to sit and coax it to install, and pray to the dark gods that it'll work. And it's only lengthy if you don't prepare, and run old hardware. A slipstreamed XP CD with SP2 and current patches takes very little to prepare (and a Google search will provide instructions on how to do this), and saves a lot of time.

30 to 50??? What on earth are you installing? I'm a techie and a games player, and I'm pretty sure even with all the utilities I install I haven't reached that number yet. Blindly installing everything you find is the biggest mistake you can make. Install only what you need.

I do, daily. I work in support as well as admin. I find it a real eye-opener, and I'm tempted with one guy who brings his personal laptop in regularly for repair to just tell him to give up on computers - even with a software firewall and virus scanner he still manages to get it infected with all sorts of crap in a very short time. Relying on any software to prevent something happening is a mistake. Education is much more beneficial, and in the long term will prevent you having to keep reinstalling your system.

Then I suggest you invest the small amount it costs for even a simple DSL router if you care about your PC. The day you run that little joke app from a friend that kills your Zonealarm panacea will the day you wished you had. And I hope when you reinstall your PC you have an XP SP2 install CD, or you patch it to at least SP2 before connecting that modem - otherwise you might as well just turn your PC off and find something else to do.

Dan

That's not exactly a surprise.

The Windows firewall will do exactly the same thing.

You can guess all you like, it would be better to actually know what is going on.

Yes I noted from another post that you have a dsl modem. Most likely the usb one mentioned here:

's bad, very bad. You must not connect that modem directly to your PC. If you cannot persuade your ISP to give you the DSL router then change ISP or get your own DSL router/firewall and use that.

So in one post you write: "it is a responsibility thrusted by divinity upon your strong shoulders to find out and tell us which are the effective, free software which will be able to do what different users want to do in their knowledge level which is less than yours." And in another you imply that you are happy to obtain software illegally.

This copy of XP you have a heart attack reinstalling four times per month. Where did you get it? What version is it? (SP1, SP2?) Home or pro?

It would be easier to just try 61.246.130.207 or whatever it is after you post.

...

I'd be horrified too unless I understood the result. Some things you can do:

1. Verify that shields up did actually scan your correct IP address and not some other box owned by your ISP. Start run cmd ipconfig /all
2. Check that you get the same result with a different test site.
   formatting link
   Check whether or not those servers are actually listening on your own computer and are not some side effect of something being intercepted by your ISP. You can do this with TCPview.
3. Try to connect to the servers yourself. Start run cmd telnet localhost http://localhost ftp://localhost
4. Start listening to advice given by other people, otherwise they may conclude that there's no point trying to continue to help you.

Maybe none of them but difficult to tell. Which programs are listening for inbound connection requests, and on what port? Is AVG up to date?

Jason

If Windows does not run on that box, why using Windows? Or: if Windows has to be run, why using an incompatible box?

Yours, VB.

The problems for home user's PC are not crackers, the problem are the automated attacks running and constantly scanning every IP address in every address space of dial-in boxes any time.

Yours, VB.

"Port stealthing" is nonsense, BTW.

Close those ports. Use netstat -anb on the command line to find out, which processes are listening here.

Yours, VB.

You don't need to download anything. netstat is a command, which is included with Windows.

Yours, VB.

The question about allowing something is obviously useless.

And a single window reporting about one single instance doesn't help much. TcpView offers a global list off all activities, marking new and ceasing connections.

No. It's available from MS Download Center