Is it possible for someone to access my HD even though I am running a firewall?

This is probably just an empty threat from some net.k00k with a grudge but I'd appreciate your advice.

Someone on a web forum I visit is claiming that they have accessed my hard drive, stolen my personal details and installed files to 'prove that they were there'. According to this person, all they needed was my IP address to do this.

I am running the latest version of Zonealarm, check for viruses/trojans/spyware on a regular basis, have not run any strange files or opened any attachments and have done nothing besides allowing this person to discover my IP address. As far as I know, my machine is clean and as secure as it can be.

Is there any possibility that my security has been compromised? If so, what steps can I take to prevent someone doing this again? Thanks.

A "personal" firewall is only as strong as the person that set it up. If you created exceptions (holes) then you really don't have a lot of protection. If you browse to a website and then click a link, you could be running a program without understanding that you are running it - and it could phone-home to the author of the program and allow them to do anything they want with your machine.

If you have CABLE/DSL, get a NAT router with logging, this will block unsolicited inbound connections and the LOG will show you in/out bound traffic so you can see just what is reaching your computer and what is going outbound from it.

So, in short, if you don't screw-up your firewall it will protect you, but many users self-compromise their security all the time by not understanding what they are doing.

Thanks for that. Is a NAT router a piece of software or a piece or hardware? Sorry, I don't know much about this sort of thing.

I've cleared all my program permissions in Zonealarm and I'm going to start again from scratch - I'm pretty sure that I only made exceptions for things like my browser, email and news clients anyway - but it doesn't hurt to start over and review everything.

So, if I do have some malware on my machine, what's the best way to clear it up? My antivirus doesn't pick anything up, nor do any of my spyware scanners. Any programs you can recommend?

Jeff wrote in news: snipped-for-privacy@4ax.com:

If he put files on your machine as proof, ask him what the files are. Basically, call his bluff. Come back here and and list them. Then others in the group will help you determine if they are indeed anything to worry about or, as I would guess, are just ordinary cryptically named files deep in the system directories that are part of the OS.

Brian

Jeff wrote in news: snipped-for-privacy@4ax.com:

You're running to the *crutch* above in a ZA or any personal FW solution that's using the infamous Application Control and it's worthless and can be beaten and circumvented by malware if it can get to the machine and execute.

You go look for yourself with the proper tools every now and then and don't depended upon that *crutch* ZA to tell you what is happening on the machine.

Long version

Short version

If you're running a NT based O/S like Win 2K or XP, then you should try to secure the O/S. The buck doesn't start or stop with ZA or any PFW. It starts and stops at the O/S no where else.

There is a link for Win 2K too. If you're running Win 9'x or ME, you're out of luck.

Duane :)

And has he a proof? Or is he just claiming that?

Does not sound like that, if you're believing in a "Personal Firewall" and doing virus scanning. There are many threats left, unfortunately. Which browser are you using, for example? (Beside that, I'm not thinking, that this guy really did what he claims, because Zonealarm has its weaknesses, but it does work as a host based packet filter AFAICS).

Yes. It's not possible to offer 100% protection against every possible threat.

Again, which browser are you using? Do you know, that a virus scanner is not able to find every virus, but only already well known malware?

Yours, VB.

It is possible, which doesn't mean it happened. The best protection I've found with my Linksys router is toset uop a list of computers it will accept, based on the MAC number. That is a unique number that each computer has. It may not be 100% effective in blocking outsiders, but it does help a lot. You can also set up a short list of accepted computers in Norton Personal Firewall.

in blocking

accepted computers

If you have time on your side and the requisite "interest" you may enjoy reading this. Go to url below.

-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

HTTP in the Event Log on XPSP2

Thoose who are really looking might have found the following event in your event log:

Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.

This is just UPNP reserving it's port and namespace in http.sys.

Http.sys and the XPSP2 Firewall

Larry Osterman of the WMC Team has a three part blog series about what he needed to allow http.sys to open ports and get through the Windows XP SP2 firewall. Part 1 | Part 2 | Part 3

regards

A NAT Router is a piece of Hardware. It's typically an extra box between your ISP's modem and your computer. Linksys, D-Link, Netgear all make them.

Here is my typical response for people that think they have MALWARE, try the following:

Only download software you can validate as uncompromised - in the case of non-vendor site you have no guarantee that the files are unmodified or uncompromised. Anyone providing a link to a non-vendors site with a direct download should not be trusted, the vendors sites are the safest place to download their application.

Always remember - ***only download files from Trusted Sites***.

After you install any of these applications and update them, run them in

***SAFE MODE*** to allow them to properly clean your system.

These sites are for downloading Anti-Spyware tools, in order that I would use them myself:

AdAwareSE can be found here:

SpyBot Search and Destroy can be found here: HiJack can be found here: Ewido Security Suite Trial can be found here: CrapCleaner can be found at the vendors site here: CleanUp can be found at the vendors site here: from another reputable source: The following are two links to Antivirus software in order that I would use them:

You can also download Symantec Trial version of their Antivirus software from here:

Download AVG Personal Free edition from here: These are the actual vendors sites, not some unknown or unauthorized no- name site. They also don't artificially increase the hits for sites that get paid for the amount of traffic they can generate like one poster has admitted to in this group.

Evidence Eliminator is a controversial product. One would be well advised to consider the reasons for that, in order to make an informed decision. One might also wonder why Google results are overwhelmingly positive - even evidence-eliminator-sucks.com is a sales pitch.

Triffid

If they can log in through Windows Remote Desktop they can. RD acts as a "dumb terminal" to your computer, and its just like sitting at your desktop in front of your computer. Unless you have a need to access your computer network remotely, you might want to block inbound connections to port

3389.

.. Assuming you have windows, clear your

The best way to do this is to use Evidence Eliminator to clear all form data, cookies, history, etc. Despite its name, EE does have some legtimate uses, such as clearing out things like Web forms, and stuff like that.

.. Assuming you have windows, clear your

The best way to do this is to use Evidence Eliminator to clear all form data, cookies, history, etc. Despite its name, EE does have some legtimate uses, such as clearing out things like Web forms, and stuff like that.

As usual Charles, you failed to investigate a freely offered clue.

Not that I expected otherwise, I posted purely as a service to those who might be misled.

Triffid

Well, there are several of them on the market now. Evidence Eliminator is the most popular and well known, but there are other competitors catching up.