(Msg. 17) Posted: Tue Feb 05, 2008 11:36 pm
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: alt>comp>anti-virus (more info?)
On Tue, 05 Feb 2008 23:22:11 -0500, Lord Turkey Cough <spamdump RemoveThis @invalid.com> wrote:
> However without some open ports you cannot use the internet.
This is not correct. Open ports are used by servers, to allow clients
to establish a connection. If you are not running any servers, that
you want to have accessible, from the internet, then you do not need
any open incoming ports. Incoming traffic will still be allowed, but
only when it is in response to outgoing traffic. For most home computers,
the only case where an open incoming port is usually needed, is for p2p
software.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
(Msg. 18) Posted: Tue Feb 05, 2008 11:41 pm
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Tue, 05 Feb 2008 23:30:07 -0500, Lord Turkey Cough <spamdump DeleteThis @invalid.com> wrote:
>
> I have had my securirty tested and passed with flying colours, I don't
> use windows firewall I use another. I would sooner but my balls into
> the mouth of a rotweiller than use a windows product for security.
> And no I am not into beatiality.
Lol. At least we agree on something . I use linux, and only run M$
in a virtual box, where it's protected by the linux firewall.
> AS far as I can see a router offers me nowt, infact I think relying on one
> for security is the height of folly.
It's another layer of security. Firewalls have been found to have security
holes, in the past. Using the router stops the packets from even hitting
your computer, unless they're coming from an infected computer connected
to the same router.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
(Msg. 19) Posted: Wed Feb 06, 2008 2:38 am
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
On Wed, 06 Feb 2008 01:04:30 -0500, Lord Turkey Cough <spamdump DeleteThis @invalid.com> wrote:
>>For most home computers,
>> the only case where an open incoming port is usually needed, is for p2p
>> software.
>
> Exactly. Any your firewall will take care of that.
Having a nat router is an extra layer of security. If your firewall has an
exploit, the router can protect it. If the router has an exploit, the firewall
will protect your computer.
>> Change nomail.afraid.org to ody.ca to reply by email.
>> (nomail.afraid.org has been set up specifically for
>> use in usenet. Feel free to use it yourself.)
>
> Doesn't yur NAT router take care of that :O)
Heh. heh. The swen email worm made me do that, as it was filling my inbox at
my isp in less than two hours, till I started running my computer 24/7 with a
filter to id and delete the worms, without having to download them. I couldn't
download them as fast at they were arriving at my isp, at the time. Prior to
that I did not filter email at all, and used the arriving spam and viruses to
analyze them and report back to the senders isp. While the swen email worm
is very rare now, I figure it's only a matter of time till another worm uses
a similar method.
Regards, Dave Hodgins
--
Change nomail.afraid.org to ody.ca to reply by email.
(nomail.afraid.org has been set up specifically for
use in usenet. Feel free to use it yourself.)
(Msg. 20) Posted: Wed Feb 06, 2008 3:01 am
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:m2rpj.31284$ds2.30990@trnddc05...
> From: "Daave" <dcwashNOSPAM RemoveThis @myrealboxXYZ.invalid>
>
> | I'm sure many here are very familiar with the notion that there is "a
> | 50% chance of being infected by an internet worm in just 12 minutes of
> | being online using an unprotected, unpatched Windows PC." As many of you
> | know, this is a direct quote from a Sophos press release from July 1,
> | 2005:
> |
> |
> http://www.sophos.com/pressoffice/news/articles/2005/07/pr_uk_midyearr...dup2005 > |
> | Sophos got a lot of mileage from this press release. An interesting side
> | effect I've seen is newsgroup posts warning users of the dangers of
> | going online to patch an older, pre-SP2 version of Windows XP because it
> | will take more than 12 minutes, leaving many vulnerable to malware
> | infestation. Obviously, there are ways around this: download the entire
> | service pack (using another PC) and burning a disk so that SP2 may be
> | applied while the PC is offline and safe. Or users may get the
> | equivalent disk from Microsoft for a nominal fee.
> |
> | But this begs the question: For the majority of people who choose to
> | obtain SP2 through automatic updates, *how* vulnerable are they exactly?
> | Of course, for those running SP1 or Gold, Messenger Service (which is on
> | by default) can be manually turned off. But again, for the majority of
> | people who have performed a clean installation without knowing to turn
> | off specific services, how vulnerable are their PCs?
> |
> | I'm sure the study referenced in the press release talks about averages
> | and includes people who don't patch their systems and don't practice
> | other modes of safe hex. Messenger spam arriving informing a gullible
> | person that they have spyware or registry problems has happened many,
> | many times. People clicking on links in e-mails when they shouldn't be
> | doing so... well, you get the picture.
> |
> | But what about a PC on the Internet that is not doing anything but
> | sitting there? Without the benefit of a firewall, hackers/bots can
> | attempt to do damage, for sure. But without any user input, is this
> | 12-minute figure reasonable? Or is it more a case of marketing hype?
> | Specifically, what specifically can happen to an unpatched system,
> | assuming there is no user input (clicking on links, OK buttons in pop-up
> | windows, etc.)? Are there worms that can do damage this way, and if so,
> | what are they and what is the mechanism by which they infect a PC? How
> | common is real-time hacking in this sort of situation?
> |
>
> Using a NAT Router will mitigate the BOT/Worm threat as well as hacking
> attempts.
Do you really believe this? I think you are deluding yourself here.
I don't really see what protection your router is giving you.
Would you care to explain how it protects you?
Explaintions such as "Well I am using a NAT router" don't really qualify as
the
arguement is kind of circular."
(Msg. 21) Posted: Wed Feb 06, 2008 3:03 am
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"Ant" <not.TakeThisOut@home.today> wrote in message
news:3cadnVXjf6aZ9jvanZ2dnUVZ8smgnZ2d@brightview.co.uk...
> "Daave" wrote:
>
>> but I'm just curious if someone who has an ordinary modem and is not
>> running a software firewall, etc. will be in danger of being infected
>> within 12 minutes as is commonly believed,
>
> I am that person! When the Swen worm first appeared some years ago I
> was infected within seconds of going online. I didn't know about it or
> the patch that had been released because I'd been abroad for a while
> and hadn't been keeping the system up to date.
>
>> and if so, what is the mechanism by which this can happen?
>
> It happens because in Windows NT, by default, there are certain
> network services running with ports open listening for incoming
> traffic. This is a very bad idea but as we know, Microsoft have
> tended to put ease of use ahead of security. Any vulnerabilities
> (bugs) in those services may be exploitable so that code is injected
> and run. There are machines (bots) constantly scanning IP address
> ranges looking for such opportunities.
>
> I have since closed all ports so that even without a firewall I am no
> longer open to these kind of attacks.
LOL yes as long as your are not connected to the internet which kind of
defeats the object.
Why not get well protected and unplug your modem etc???
>
>> In my scenario, the PC is just sitting idle. Or sitting at Windows
>> Update. >
> I also don't allow automatic updates; in fact I haven't updated past
> Win2k SP2 (no longer supported). However, I wouldn't advise this for
> most people.
You have gazillions of other software acessing the interenet when you
you do use the internet that can be infected.
You are just bocking one hole in a culander. Rather pointless.
>
>
(Msg. 22) Posted: Wed Feb 06, 2008 3:03 am
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
|
| Do you really believe this? I think you are deluding yourself here.
| I don't really see what protection your router is giving you.
| Would you care to explain how it protects you?
| Explaintions such as "Well I am using a NAT router" don't really qualify as
| the arguement is kind of circular."
|
(Msg. 23) Posted: Wed Feb 06, 2008 3:03 am
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
"David H. Lipman" <DLipman~nospam~@Verizon.Net> wrote in message
news:ez9qj.18390$hF2.16691@trnddc02...
> From: "Lord Turkey Cough" <spamdump.TakeThisOut@invalid.com>
>
>
> |
> | Do you really believe this? I think you are deluding yourself here.
> | I don't really see what protection your router is giving you.
> | Would you care to explain how it protects you?
> | Explaintions such as "Well I am using a NAT router" don't really qualify
> as
> | the arguement is kind of circular."
> |
>
> My IP address is in my reply.
> Prove otherwise.
Thats like saying your house is burgal proof and inviting me to burgal
it to prove you wrong.
My IP address has been in my reply for the last ten years, and I have
not suffered any infections really, one or two possible incidents but
these were no doubt caused by my careless use of the internet or were
merely over zealous antivirus software reports.
I am sure there are many people using NAT routers who had serious problems
with viruses. I certaintly have not and certaintly nothting that a NAT
router would have
prevented. I can guarantee you that.
But anyway you have avoided the question as to how you are
protected, asking me to prove you are not an adaquate answer, it
suggests you don't know.
All you router is doing is routing the traffic to your computer, it has no
more
idea whether that traffic is a 'virus' or not.
Anyway there are a lot of 12 minutes in the time I have been connected to
to the interenet, and I don't appear to have acquired my yearly alloction
of 43,000 viruses, in fact I should be up to the 1/2 million mark my now!!
Or maybe I have!! Maybe that is why my hard drive is nearly full :O)
(Msg. 24) Posted: Wed Feb 06, 2008 3:03 am
Post subject: Re: Just 12 minutes [Login to view extended thread Info.] Archived from groups: per prev. post (more info?)
>> My IP address is in my reply.
>> Prove otherwise.
|
| Thats like saying your house is burgal proof and inviting me to burgal
| it to prove you wrong.
|
| My IP address has been in my reply for the last ten years, and I have
| not suffered any infections really, one or two possible incidents but
| these were no doubt caused by my careless use of the internet or were
| merely over zealous antivirus software reports.
| I am sure there are many people using NAT routers who had serious problems
| with viruses. I certaintly have not and certaintly nothting that a NAT
| router would have
| prevented. I can guarantee you that.
|
| But anyway you have avoided the question as to how you are
| protected, asking me to prove you are not an adaquate answer, it
| suggests you don't know.
|
| All you router is doing is routing the traffic to your computer, it has no
| more
| idea whether that traffic is a 'virus' or not.
|
| Anyway there are a lot of 12 minutes in the time I have been connected to
| to the interenet, and I don't appear to have acquired my yearly alloction
| of 43,000 viruses, in fact I should be up to the 1/2 million mark my now!!
| Or maybe I have!! Maybe that is why my hard drive is nearly full :O)
|
I have posted numerous times about the use of FireWall appliance and NAT Routers. Find and
read them.
If you probe my IP you won't find out anything.
Why ?
Because the Router has ports specifically blocked and only on invites from the LAN side will
WAN access get through the WAN/LAN barrier. The Routers enforcement through simplistic
FireWall constructs and Network Address Translation is far superior then attempting to close
ports on nodes on the LAN side.
I look forward to seeing activity from NTL Internet Ltd.
All times are: Eastern Time (US & Canada) (change) Goto page Previous1, 2, 3, 4, 5, 6
Page 3 of 6
You can post new topics in this forum You can reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum
Home
Forums
Home
FAQ
Profile
Private Messages
Log in
. I use linux, and only run M$
Security