Viruses, Woms, Ports, and Security

Well, just scanned my hard drive. No msblast, so I was happy. Turns out I had FOUR other viruses! /ubbthreads/images/graemlins/thumbsdown.gif /ubbthreads/images/graemlins/mad.gif

There was a thread a while ago about a site that diagnoses your internet ports and how secure they are. All of my ports were stealth, except for a few, which were otherwise excellent.

The viruses haven't done much damage, but they have been screwing with some of my Word files. /ubbthreads/images/graemlins/frown.gif

What can you do about all of this? I have a hardware firewall. I just installed norton system works 2002, but it is updated, and my subscription doesn't end for another year.

My ports are mostly stealth, and otherwise excellent, but it seems that is not all that matters. If you want to download a file, you can download it, even if your computer is completely stealth. That file could have a virus.

Do you guys recommend Zone Alarm?

Besides an anti-virus program like Norton and a good firewall, what can you do? /ubbthreads/images/graemlins/confused.gif

Run Linux. Or *BSD.

Well, I think I have disposed of my viruses now.

All of my Word files are back and I can view them now! /ubbthreads/images/graemlins/grin.gif

Still, I would like to know what precautions I can take to prevent another virus from getting on to my hard drive or RAM.

You seem to have the virus checker and firewall covered, remember to keep you virus definitions up to date by running live update on a regular basis.

It's also worth running windows update once a week in case any security patches/fixes are available.

Finally just use a little common sense, don't open any email attachments unless your sure of the source etc. etc.

Both Norton's "live update" and "windows update" can be set to run automatically if you wish (personally I prefer to do it manually /ubbthreads/images/graemlins/smile.gif)

X-ray,

I like to do the updates manually too. /ubbthreads/images/graemlins/blush.gif I run the updates often, and like to be up to date.

I was kind of surprised by the viruses. I never open attachments from people I don't know very well. (I did open an attachment from Wayne Yamaguchi the other day. /ubbthreads/images/graemlins/grin.gif /ubbthreads/images/graemlins/wink.gif) Oh well, I guess I have to be optimistic. /ubbthreads/images/graemlins/smile.gif

Zone Alarm is great, ALL my ports are stealth. I keep Active X turned off except on trusted sites too.

My favorite program though, is MAILWASHER PRO With it, I can delete email viruses at the server before they even get downloaded to my computer, plus manage all my different accounts AND bounce and blacklist spam. Best computer related -$30.00 I ever spent. (you can download a 30 day "free trial" and I'll bet anyone that tries it will want to own it.)

Since I got Mailwasher, my Norton AV hasn't had to do anything but sit there looking important and using system resources /ubbthreads/images/graemlins/wink.gif

IlluminatingBikr, Highlandsun was right to some extent, the only way to be free of all the Microsoft viruses and worms is to not run anything from Microsoft.

Whenever one sees yet another virus or worm reported it is called an "e-mail virus" or just genericly a "worm" but in reality they really should be called things like "an MS Outlook Express virus" or "MS Windows worm" to clarify in people's minds that these viruses and worms are only attacking if one has specific Microsoft software in use on a machine.

Interestingly, he "MSBlast Worm" is being called simply "Blast Worm" on the MS sites ... /ubbthreads/images/graemlins/rolleyes.gif

I'm not saying that MS makes "bad software" just that in today's world if you are running MS software and connected to the web you will be constantly spending money and time keeping these things out of your machine.

The rest of us, no matter what non-MS stuff we are running instead, are affected by these worms and viruses, too, it's true, but just by having all of it clogging up the internet. I can sit here and watch my connections to the world crawl to a stop and ping times get exceedingly long, etcetera, and KNOW that yet another Microsoft virus or worm has hit the 'net.

Heck, I'm still getting e-mails almost daily from un-fixed MS based machines for two year old viruses/worms (Klez, Code Red, etc.). /ubbthreads/images/graemlins/icon23.gif

So while Highlandsun's answer and my short rant here might not seem like a direct answer to your question, they really are one sort of correct answer.

Most everything one wants to do with a computer can be done by machines not running Microsoft software. For most options one doesn't even have to change hardware.

One of the few areas where the same thing cannot be done as well or better with another platform is playing games, and if playing games is more important than the hassle of constantly fighting off viruses and worms I really don't want to hear about it.

(That wasn't aimed at you, IlluminatingBikr, but was generic - one has to weigh the relative importance of things all the time, and if games are more important than computer security then I don't really want to hear complaints about computer security from those who made that choice ...

I'll quit now, before I rile up each and every MS user on CPF. You'll notice that I didn't once say they made bad software or tout a specific different OS or machine. I was saving that for my tag line. /ubbthreads/images/graemlins/grin.gif



The box said "Requires Windows95 or better" so I bought a Mac ...

Silviron,
Mail Washer PRO is great! I just downloaded the 30 day trial version. I got some spam already, but I bounced it. /ubbthreads/images/graemlins/grin.gif

Tomas,
I understand what you are saying, and didn't take anything personally. I guess there is something to be said for not jumping on the wagon and following the majority.

[ QUOTE ]
IlluminatingBikr said:

The viruses haven't done much damage, but they have been screwing with some of my Word files. /ubbthreads/images/graemlins/frown.gif



[/ QUOTE ]
How were the files affected? I know someone that had their Word acting funny. The settings were all changed and it stalls. They did a virus scan but found nothing.

[ QUOTE ]
Y2Kirk1028 said:
[ QUOTE ]
IlluminatingBikr said:

The viruses haven't done much damage, but they have been screwing with some of my Word files. /ubbthreads/images/graemlins/frown.gif



[/ QUOTE ]
How were the files affected? I know someone that had their Word acting funny. The settings were all changed and it stalls. They did a virus scan but found nothing.

[/ QUOTE ]

I would open a word file, it would seem to load for a second or two, and then it displayed a message. It said something like the word file could not be located or it did not exist, or something like that.

Tomas;

The trouble with your solution is that if the majority of computer users were to switch over to Linux, FreeBSD, or Macs tomorrow, --- by the end of the week, 90% of the viruses and worms would be written to attack those systems.

I don't believe (you may argue) that those systems are inherently virus and hacker-proof. They just aren't exploited since they are in the minority, and because most Linux type users are a little bit more savvy. If I was going to be a hacker, script kiddie or virus anal cavity, I wouldn't waste my time writing stuff for whatever system is used by a small minority. In fact, I would think that an open source system would be easier to hack.

I have a Linux box, but I rarely use it; XP is much more convenient for my work, I can't find Linux drivers for most of my peripherals, and I have found (surprisingly even to me) XP to be more stable than any of the 6 Linux compilations I have tried.

Illuminating: I thought you would like MailWasher. /ubbthreads/images/graemlins/smile.gif

Silviron... you're absolutely correct! It's not that Macs CAN'T be hacked and worms etc written for them, it's that... who wants to? It's not like it's gonna shut down the web or make any headlines. These guys want the publicity.

[ QUOTE ]
Silviron said:
I don't believe (you may argue) that those systems are inherently virus and hacker-proof. They just aren't exploited since they are in the minority, and because most Linux type users are a little bit more savvy. If I was going to be a hacker, script kiddie or virus anal cavity, I wouldn't waste my time writing stuff for whatever system is used by a small minority.

[/ QUOTE ]

Who wants to hack 100 computers when you can hack 1,000,000+?! /ubbthreads/images/graemlins/naughty.gif /ubbthreads/images/graemlins/grin.gif

That's all very true, Silviron, the "majority system" will be the one most abused.

If the market were more spread out, however, there wouldn't actually be a "majority system" but a plurality of systems with much more of a spread in apps, too.

I also don't believe the other systems are error free (though I do believe some are a bit more so than some versions of MS Windows). Thing is, with the way things are at the moment, the VAST majority out there are running Windows, Outlook Express, MSIE, and Word/Office. There is not much variety.

If there were a half dozen OS's more or less evenly divided, each with several mail, browser, and WP apps ported to them, there would be a reduction in viable targets for most any worm/virus. A cross-platform, multi-application virus or worm would be a magnificant beast, but not easy at all.

For right now I will stay behind my firewalls and watch my virus apps and be happy that the number of things I'm watching for are two orders of magnitude fewer than what the majority has to hide from. /ubbthreads/images/graemlins/grin.gif

I have a router with NAT control, also Norton Internet Security and Norton Anti-virus. I schedule and let the Norton do a full system scan once a week (I schedule it in the middle of the night). I also of course let Norton check incoming mail. In being online with full time DSL hookup for the better part of three years now, I have never gotten a virus on my machine. In fact I went two plus years without Norton even finding a virus attempting to make it to my machine. Then the last few months or so, I've had a few attempts from unknown email with the bugbear virus but Norton has caught it before I even had a chance to open it. I feel pretty secure.

By the way shouldn't all your ports either be stealth or closed?

[ QUOTE ]
Silviron said:
Tomas;

The trouble with your solution is that if the majority of computer users were to switch over to Linux, FreeBSD, or Macs tomorrow, --- by the end of the week, 90% of the viruses and worms would be written to attack those systems.


[/ QUOTE ]

I have been in the computer programming business for almost 30 years now, and I would totally agree with this statement.

Chuck

[ QUOTE ]
highlandsun said:
Run Linux. Or *BSD.

[/ QUOTE ]

at least say that with a smiley /ubbthreads/images/graemlins/smile.gif

linux probably gets 0wn3d more often than any other current OS
other than the various windows products.

bsd and osx are next in line for the cracker element to go after.

i'd expect bsd to be a tad more difficult, as it has a slightly
more robust base of people working on it. osx's main potential
weakness is that apple tweaks it, and might inadvertently open a
hole.

that said, any system that isn't closed can get hacked. window
systems are just easier for the 14 yo's running script-kiddy warez
written by someone else (older with talent, that doesn't want to be
noticed or take the heat).

like some of the others above, i'd had multiple windows and other
systems, hatches battened, behind firewalls, and scanned regularly
and nothing has every even managed to get in. we don't even allow
ping. they are stealthed.

we also lynch the salesperson that tries to come and hookup a laptop
INSIDE the network after it's gone an gotten infected. that's why
there is a special sub-network running cloistered mudroom (lobby) style.

I have never been successfully attacked. Of course, I have a router, firewall, and virus protection software. However, the main reason I am not a victim is that I do not open attachments from anyone unless I am expecting the attachment. I have preached this sermon many times: it doesn't matter who sent the attachment. Realize that if your mother's computer has a "worm", it will send the worm to you. If you open her attachment - you got it!

The worm sends the attachment to everyone on your mother's computer - even you.

The safest practice is to never open an attachment unless the sender has told you in advance that they are sending it to you - preferably by phone rather than email. I don't know how many times I have heard a victim tell me, "I only open attachments from people I really trust."

Chuck

Indeed, the last time I saw viruses for Unix systems, they also were targeted at specific machines that represented 80% of the Internet population of the time. (DEC Vax, Sun 68020/SPARC). However, since most of the human population invovled tended to be pretty savvy, word of the problem and the solutions tended to spread faster than the worms themselves. The same cannot be said for the Microsoft population...

Also, the very fact that Linux is wide open actually improves its security - probably every line of source code in a typical distro has been scrutinized by dozens of people all around the world. Every line that was changed generally has a person's name and email address associated in a ChangeLog - if a fix is made, if a bug is introduced, the responsible author can be notified, and fixes come pretty rapidly.

How many competent programmers perform detailed QA of any Microsoft release? Who are they? The world has no idea. There's no personal code ownership, pride or responsibility attached to any of the code. And so it rots, more and more with each subsequent release.

If a bug is found in an open source author's code, his personal reputation is at stake, and most open source authors have a great deal of personal pride in their work. Nobody has a personal stake in Microsoft's crap; Bill Gates couldn't care less as long as the money comes in.

I of course can only speak for myself, but having written Unix-based freeware since 1986, written for projects like FSF/GNU, Minix, Linux, and dozens of others, I've had a pretty good view of how this arena works...

[ QUOTE ]
IlluminatingBikr said:
Silviron,
Mail Washer PRO is great! I just downloaded the 30 day trial version. I got some spam already, but I bounced it. /ubbthreads/images/graemlins/grin.gif

Tomas,
I understand what you are saying, and didn't take anything personally. I guess there is something to be said for not jumping on the wagon and following the majority.

[/ QUOTE ]

Bouncing spam is NOT a good option nowadays. Spammers use open relays to bounce their mail so the origin of the spam is masked by the relay host. They also use fake return/reply-to addresses to further throw you off the trail. Your bouncing is more than likely sending email to the wrong people!

I suggest using Spamcop.net or some other service which analyzes the mail. Spamcop even has a free service you can use. You input the full piece of mail (headers and body). Spamcop analyzes it, picks out where the mail came from, picks our URLs in the body and sends email for you to all the correct places.

Just my $.02