Computer virus/worm question???

PlayboyJoeShmoe

Flashaholic
Joined
Sep 4, 2002
Messages
11,041
Location
Shepherd, TX (where dat?)
I just walked in here and found a message from the Norton AV and Firewall that came for 6 months free with my HP.

It was asking me to say no to what I think said "Net-Bus worm" or something like that.

All I had open was Agent. No IE or OE was going. And I'm on dialup at that.

Does this mean that without EVEN doing anything wrong on my end I can get screwed???

How in the HELL does anything ever get done???

I guess that no matter what it costs... I gotta keep Norton updated and happy. That sucks!
 

Negeltu

Enlightened
Joined
Aug 28, 2003
Messages
724
Location
Oregon, USA
I'd ditch Norton and get Avast Home Edition free which comes with network shield to protect against worms and the such.
 

KevinL

Flashlight Enthusiast
Joined
Jun 10, 2004
Messages
5,866
Location
At World's End
PBJS, nowadays the worms attack via the network, including dialup Internet connections. Being connected already turns you into a target. I'll leave out the techie details and cut straight to the solution - turn on the Windows XP firewall and automatic updates. The updates can be a pain, but they do fix the vulnerabilities that the network worms use to get onto your system.

Control Panel -> Settings -> Network/dialup connections

Right click the connection, choose Properties. On the box that pops up, the last tab should allow you to turn on the firewall.
 

eluminator

Flashlight Enthusiast
Joined
Mar 7, 2002
Messages
1,750
Location
New Jersey
That's a new one. Norton is asking if you want to be infected by the Net-Bus worm? /ubbthreads/images/graemlins/smile.gif

Yes a worm can infect your computer any time you are connected to the internet. It shouldn't happen if you have a firewall. I think the worms use bugs in the Messenger Service, not to be confused with Windows messenger or MSN messenger. I think Messenger Service is disabled automatically if you have service pack 2, so you ought to be doubly protected. If its enabled, you can disable it yourself.

I would also recommend using the XP built-in firewall. Companies like Norton, McAfee, and ZoneAlarm are adding many more features to their packages. Apparently they think this makes them more attractive to potential purchasers. I avoid all the extras. I'd use McAfee or Norton or AVG just for the anti-virus. I'd use ZoneAlarm just for the firewall, and adding a second firewall to XP's is not necessarily recommended for most people anyway.

I've heard horror stories about Norton's big package. I think it's called Norton 2005.
 

Negeltu

Enlightened
Joined
Aug 28, 2003
Messages
724
Location
Oregon, USA
If AVG's resident catches a virus it will ask you to scan the system to take care of it. Kind of silly and a bother that it doesn't give the option to deal with it at the time.
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
There are worms and there are viruses. There are also directed attacks and directed exploits.

It seems that someone managed to hit your system via a network exploitable vulnerability. Windows has had a few dozens of these in the past, but All networked OSes have had some. Heck, I once crashed a mainframe system doing a routine network scan.

Netbus creates a 'backdoor' that allows others to control your computer and allows other to add other viruses or trojans. You should disconnect your modem till you've cleaned your system.

Yes, you should choose an anti-virus package and keep it up to date. Most people don't know how to configure a firewall and many turn off the basic protection of XP's firewall the first time they have problems. You should also use the microsoft updates site to keep abreast of the fixes that MS does create and release.

Daniel
 

PlayboyJoeShmoe

Flashaholic
Joined
Sep 4, 2002
Messages
11,041
Location
Shepherd, TX (where dat?)
Well. Norton took nearly an hour earlier today to update.

And as soon as I read to turn on Windows firewall, I did.

Nothing else has happened since that one thing, but I just disconnected and reconneted to see if I could get a slightly faster hookup.

This is all just great. I use Mozilla at work, but if IE is still running all bets are off.

Honestly. How do all the places with computers manage to get stuff done, if you have to spend so much time fighting this crap?
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
PlayboyJoeShmoe asked; How do all the places with computers manage to get stuff done, if you have to spend so much time fighting this crap?

It's part of the cost of business. Professional network people know how to insulate the company computers from attacks. I've been to 40 hours training on firewall installation/configuation alone.

Then there's the proactive parts, like not allowing people to mess with the computer settings and not allowing people to install their own programs.

Then there's security in depth; where you have virus scanners for e-mail before it hets the server, network scanners for evil java or direct-x apps or web exploits, internal scanners by different companies and scanners on the desktops. Desktops are updated automatically.

The 'different company' thing is a major point for virus supression. McAffee may detect a virus at 10:00 am that Norton will not see until 11:30 (or the reverse). If you are hit during that hour and a half you may spend days fixing things. Using both doubles your chance that you will avoid the worst of it.

Yes, it's a hassle and it's expensive. It is lucrative for those of us in the virus supression trade, but that is not a real good thing.

Daniel
 

turbodog

Flashaholic
Joined
Jun 23, 2003
Messages
6,425
Location
central time
[ QUOTE ]
PlayboyJoeShmoe said:

This is all just great. I use Mozilla at work, but if IE is still running all bets are off.

Honestly. How do all the places with computers manage to get stuff done, if you have to spend so much time fighting this crap?

[/ QUOTE ]

FYI: This is not an IE issue, nor a netscape one. This is simply a by-product of being connected to the internet. Connection speed has some bearing on how quickly you can be popped, but it's not a major factor.

Image your pc as your house. It's got all your stuff in it. Now imagine that there are murderers, thieves, rapists, and other various criminals outside (like in real life).

Now image you left the front door open (this is like when your firewall is off). They are free to come in REGARDLESS of what you are doing so long as you are connected to the net. You don't even have to have a browser, email, chat, etc open... just simply connected via your little old modem.

A firewall will (hopefully) stop them at the front door. If they get inside, that's where your windows patches and security updates come into play (with exceptions).

The way I relate a worm attack is like this: imagine (I like that word, can you tell?) that a certain home builder in your town built a lot of houses and left the lock off of the bathroom window. A thief would simply have to go from house to house trying that particular window and eventually he would get in. That's the way a worm attacks, and that's why it doesn't matter about your browser/email/chat/IM/etc preference.
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
Ok, now I gotto throw this in too...

The firewalls on PC's are remarkably ineffective. They catch most unauthorized attempts to connect to the PC, but don't do much good if the PC's OS or drivers are faulty. Many of them even include a cute pop-up to allow viruses or trojans just in case you wanted that particular trojan.

A hardware based firewall stops the attacks before they get to the PC and seldom provides any notice to the user, so the user is less likely to bypass or disable it. Hardware firewalls can be as simple as a 'cable modem router' for $29.

If you use IRC, IM, IE or any of a hundred different programs, you have to accept that they might be used to compromise your computer. Firewall software doesn't do much good when the OS or application is being subverted. It is the use of these badly written programs that leave the doors open. If you simply disable IE (It's use was actually discouraged by the US Government) and shut down un-necessary network protocols, you have closed and locked most of the doors.

If you patch your system frequently (daily is not unreasonable) you will likely close many of the windows that MS leaves open, and may even lock them this time.

MicroSoft has claimed that the only way to make a PC secure is to make sure that only programs authorized by Microsoft can run it. It just ain't so.

Daniel
 

PlayboyJoeShmoe

Flashaholic
Joined
Sep 4, 2002
Messages
11,041
Location
Shepherd, TX (where dat?)
To loosely quote someone else on this board.

"I already didn't feel real good about these bozos, and you guys ain't doing much to make me feel better about it!"

Norton Firewall IS active. Every now and then when I open a page here, it tells me it recommends I accept a "Low Level" intrusion. I tell it no.

Also (runs to check) Windows firewall is active.

Ain't life swell?
 

pedalinbob

Flashlight Enthusiast
Joined
Dec 7, 2002
Messages
2,281
Location
Michigan
per recommendations of the gurus here, i now run mozilla firefox, zone alarm pro, adaware and spybot. i usually scan twice a week, and do not download or open anything i cannot identify.
IE is hidden, and windows update is set to automatic.
i am working on disabling the windows networking stuff (much has already been disabled).

i have really been considering a "cable modem router" for ~$30, but have no idea how to use one/set one up.

Bob
 

Negeltu

Enlightened
Joined
Aug 28, 2003
Messages
724
Location
Oregon, USA
There isn't really a reason to run two firewalls together and in some instances it can cause conflicts and slowdowns. I recommend Sygate PF. Of course the best approach is with a router/hardware firewall for incoming and a software firewall to catch outgoing traffic.
 

gadget_lover

Flashaholic
Joined
Oct 7, 2003
Messages
7,148
Location
Near Silicon Valley (too near)
[ QUOTE ]
keithhr said:
free firewall from Zone Alarm, it's pretty good and has stopped close to 7,000 intrusionss since being installed a couple of months ago.


[/ QUOTE ]

One of the good things about products like Zone Alarm is that it raises awareness of attacks. They don't mention what percentage of those attacks are actually probes to see if there is an easy exploit, and how many you were not vulnerable to in the first place. If, for instance, you don't run a web server an attack against port 80 would not have done anything without zone alarm.

It's sort of like having a count of 'objects blocked by bullet proof glass" counter on your windshield. Most bugs would not have gotten through standard glass. I said MOST.

Daniel
 
Top