Is it possible for someone to access my HD even though I am running a firewall?

NAT can be run in software and hardware. either way, my suggestion is that you reduce your permissions, by not using an admin account. If you need to install something, use the run as...command or logout and login as admin. use a strong password for the admin account and it wouldn't hurt to change the admin account name from administrator to admin$10 or something less than easy to guess. If you feel the need to test your system, look for a site that does port scanning and see if it finds anything. you can do a lot of things to protect yourself that cost a lot, but don't give out your information unless you have all your protected data off your machine. Assuming you have windows, clear your form data once and a while, this is done through tools, internet options, content. click the auto complete button and if you use auto complete, try not to have it save passwords. I'm a little paranoid, but paranoia pays off.

D
Reply to
dan555smith
Loading thread data ...

This is probably just an empty threat from some net.k00k with a grudge but I'd appreciate your advice.

Someone on a web forum I visit is claiming that they have accessed my hard drive, stolen my personal details and installed files to 'prove that they were there'. According to this person, all they needed was my IP address to do this.

I am running the latest version of Zonealarm, check for viruses/trojans/spyware on a regular basis, have not run any strange files or opened any attachments and have done nothing besides allowing this person to discover my IP address. As far as I know, my machine is clean and as secure as it can be.

Is there any possibility that my security has been compromised? If so, what steps can I take to prevent someone doing this again? Thanks.

Reply to
Jeff

A "personal" firewall is only as strong as the person that set it up. If you created exceptions (holes) then you really don't have a lot of protection. If you browse to a website and then click a link, you could be running a program without understanding that you are running it - and it could phone-home to the author of the program and allow them to do anything they want with your machine.

If you have CABLE/DSL, get a NAT router with logging, this will block unsolicited inbound connections and the LOG will show you in/out bound traffic so you can see just what is reaching your computer and what is going outbound from it.

So, in short, if you don't screw-up your firewall it will protect you, but many users self-compromise their security all the time by not understanding what they are doing.

Reply to
Leythos

Thanks for that. Is a NAT router a piece of software or a piece or hardware? Sorry, I don't know much about this sort of thing.

I've cleared all my program permissions in Zonealarm and I'm going to start again from scratch - I'm pretty sure that I only made exceptions for things like my browser, email and news clients anyway - but it doesn't hurt to start over and review everything.

So, if I do have some malware on my machine, what's the best way to clear it up? My antivirus doesn't pick anything up, nor do any of my spyware scanners. Any programs you can recommend?

Reply to
Jeff

Jeff wrote in news: snipped-for-privacy@4ax.com:

If he put files on your machine as proof, ask him what the files are. Basically, call his bluff. Come back here and and list them. Then others in the group will help you determine if they are indeed anything to worry about or, as I would guess, are just ordinary cryptically named files deep in the system directories that are part of the OS.

Brian

Reply to
Skywise

Jeff wrote in news: snipped-for-privacy@4ax.com:

formatting link

You're running to the *crutch* above in a ZA or any personal FW solution that's using the infamous Application Control and it's worthless and can be beaten and circumvented by malware if it can get to the machine and execute.

You go look for yourself with the proper tools every now and then and don't depended upon that *crutch* ZA to tell you what is happening on the machine.

Long version

formatting link
Short version

formatting link
If you're running a NT based O/S like Win 2K or XP, then you should try to secure the O/S. The buck doesn't start or stop with ZA or any PFW. It starts and stops at the O/S no where else.

formatting link
There is a link for Win 2K too. If you're running Win 9'x or ME, you're out of luck.

Duane :)

Reply to
Duane Arnold

And has he a proof? Or is he just claiming that?

Does not sound like that, if you're believing in a "Personal Firewall" and doing virus scanning. There are many threats left, unfortunately. Which browser are you using, for example? (Beside that, I'm not thinking, that this guy really did what he claims, because Zonealarm has its weaknesses, but it does work as a host based packet filter AFAICS).

Yes. It's not possible to offer 100% protection against every possible threat.

Again, which browser are you using? Do you know, that a virus scanner is not able to find every virus, but only already well known malware?

Yours, VB.

Reply to
Volker Birk

It is possible, which doesn't mean it happened. The best protection I've found with my Linksys router is toset uop a list of computers it will accept, based on the MAC number. That is a unique number that each computer has. It may not be 100% effective in blocking outsiders, but it does help a lot. You can also set up a short list of accepted computers in Norton Personal Firewall.

Reply to
Marvin

in blocking

accepted computers

If you have time on your side and the requisite "interest" you may enjoy reading this. Go to url below.

-==-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

HTTP in the Event Log on XPSP2

Thoose who are really looking might have found the following event in your event log:

Reservation for namespace identified by URL prefix http://*:2869/ was successfully added.

This is just UPNP reserving it's port and namespace in http.sys.

Http.sys and the XPSP2 Firewall

Larry Osterman of the WMC Team has a three part blog series about what he needed to allow http.sys to open ports and get through the Windows XP SP2 firewall. Part 1 | Part 2 | Part 3

formatting link

regards

Reply to
Stop 0x000001E

A NAT Router is a piece of Hardware. It's typically an extra box between your ISP's modem and your computer. Linksys, D-Link, Netgear all make them.

Here is my typical response for people that think they have MALWARE, try the following:

Only download software you can validate as uncompromised - in the case of non-vendor site you have no guarantee that the files are unmodified or uncompromised. Anyone providing a link to a non-vendors site with a direct download should not be trusted, the vendors sites are the safest place to download their application.

Always remember - ***only download files from Trusted Sites***.

After you install any of these applications and update them, run them in

***SAFE MODE*** to allow them to properly clean your system.

These sites are for downloading Anti-Spyware tools, in order that I would use them myself:

AdAwareSE can be found here:

formatting link
SpyBot Search and Destroy can be found here:
formatting link
HiJack can be found here:
formatting link
Ewido Security Suite Trial can be found here:
formatting link
CrapCleaner can be found at the vendors site here:
formatting link
CleanUp can be found at the vendors site here:
formatting link
from another reputable source:
formatting link
The following are two links to Antivirus software in order that I would use them:

You can also download Symantec Trial version of their Antivirus software from here:

formatting link
Download AVG Personal Free edition from here:
formatting link
These are the actual vendors sites, not some unknown or unauthorized no- name site. They also don't artificially increase the hits for sites that get paid for the amount of traffic they can generate like one poster has admitted to in this group.

Reply to
Leythos

Evidence Eliminator is a controversial product. One would be well advised to consider the reasons for that, in order to make an informed decision. One might also wonder why Google results are overwhelmingly positive - even evidence-eliminator-sucks.com is a sales pitch.

formatting link

Triffid

Reply to
Triffid

If they can log in through Windows Remote Desktop they can. RD acts as a "dumb terminal" to your computer, and its just like sitting at your desktop in front of your computer. Unless you have a need to access your computer network remotely, you might want to block inbound connections to port

3389.
Reply to
Charles Newman

.. Assuming you have windows, clear your

The best way to do this is to use Evidence Eliminator to clear all form data, cookies, history, etc. Despite its name, EE does have some legtimate uses, such as clearing out things like Web forms, and stuff like that.

Reply to
Charles Newman

.. Assuming you have windows, clear your

The best way to do this is to use Evidence Eliminator to clear all form data, cookies, history, etc. Despite its name, EE does have some legtimate uses, such as clearing out things like Web forms, and stuff like that.

Reply to
Charles Newman

As usual Charles, you failed to investigate a freely offered clue.

Not that I expected otherwise, I posted purely as a service to those who might be misled.

Triffid

Reply to
Triffid

Well, there are several of them on the market now. Evidence Eliminator is the most popular and well known, but there are other competitors catching up.

Reply to
Charles Newman

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.