It takes trust in this site that you would not steer us into the hands of criminals, vandals and scumbags. With that trust in hand, given a recent post, which of course I can't find now, I went to the SHIELDS UP! site one of you suggested and permitted my computer to be poked at and otherwise abused.

Well, their diagnosis based on pinging 1000+ ports, found all in stealth mode other than one port 113 which was closed but wasn’t responding. I ran all their tests including BIOS vulnerability, spam etc. So it sure looks to me like good news . Quietly chugging along, Linksys router and ZoneAlarm seem to be doing their job just as you say in these forums they would. And for the FIRST TIME, I've seen some concrete feedback.

I can trust all of this, right? Please confirm.
Just have to watch out for spyware and emails with junk, correct?

Thanks guys, just keep patrolling ...

I had to try to post this twice & login twice. Why? All the blocks and locks I do?

I do.
I think Steve Gibson has done us a good service to have invested
in his hardware & for his work at a related forum.

That's about it. Watch out what you download in the way of activeX "applets".
Spyware-killing programs that claim to, but don't, can be a hazard.

We try to point that out by not recommending any except those well rated.

Possible exception might be in my signature.
One just released that I've test run.
Found good, effective and no problems with it.
Its new though.

Some question it's legitimacy.
I should know more in a couple days.
Till then it's grayed out.

Opinions vary.
Every system running does too.
What works for one might not for another.

Advice given to one is usually meant for that one.
Advice given to more than one usually has some cautionary language attached.
Not everything works on everything.

In case you have not come across this thread. It is a good read by Grinler. All the in's and out's of securing your computer. Very informative. Link below.



Simple Steps to Keep Your Computer Secure




That I can not answer. Someone else can though I'm sure.

As far as e-mails go. Do not open any that are not from a trusted contact. Period. Delete them and empty the trash.

I think I was the one who suggested you check your firewall at Shields Up! While I do not have the expertise to personally warrant the mechanics of the tests, they are generally seen as valid by those more expert than I. The moderatorsat BC would not casually recommend something without either using it themselves, or doing some research about it.
As with any firewall, it is only as good as it has been trained what to block and what to allow; you should have some confidence, now, that it is configured correctly. Coupled with a good resident antivirus with updated defintions, and careful updating of your OS with any security patches, a firewall will go a long way in preventing problems. And, as you correctly remark, having care about what you open in EMail attachments (and reading them in plain text), and doing careful research before downloading ANY application or tool bar, will add to the protection; almost all spyware, and most viruses, are on a computer because of its owner's actions and decisions.

Cheers,
John

Scarlett mentions the Simple Steps to Keep Your Computer Secure tutorial and while it contains excellent advice I feel the following (or a variation of it) should be added in the section titled Make your Internet Explorer more secure:

In Internet Explorer go to Tools>Internet Options>Advanced and take the check mark from Enable Install On Demand (Internet Explorer) and Enable Install On Demand (Other). The consequence of this will be that you will begin to see Security Warnings when something tries to install on your computer. Unless it is something you want to install (which happens rarely) always say no.

BTW, Shields Up is a great resource.

I'll add that Spybot's Tea Timer feature warns of any changes to the registry (basically)
and it's nice to know that in conjunction with the firewall warnings about access by programs when they "want to connect online".

Gives one a good feel for what the consequences of their actions online are.

That's what I wanted to know, whether you run thru these and trust them for real.

Scarlett, thanks, I did read Grinler's tutorial - but just need occassional confirmation and clarification.

Leurgy - I presume you suggest I take OFF those flags, yes?

Phawgg - I wasn't sure if with the firewall and PestPatrol patrolling all the time TeaTimer was a good idea, I don't want to get those products confused. BTW, it's cute that Spybot S&D sees pest patrol. Good cooperation.

All others, many, many thanks. And I do know not to open things, and so on. I'm still fuzzy on how to handle activeX controls, but will get there. I understand what they do but so many places to change things is just confusing a bit.

Phawgg - please, just continue your patient patrolling !

Yes, remove the check marks in front of both Install on demand entries. This will prevent most "drive by downloads".

Clarity regarding activeX downloads can be yours.
Download SpywareBlaster 3.2
Give it a whirl.
Free, and easy.

BTW, I do not use spywareGuard.
SpywareBlaster works without running as a tray icon.
SpywareGuard does not.
I use Tea Timer to alert me to all registry changes,
including those an activeX download would enact.

I allow only those I'm aware of causing no problems.
The database within Javacool's SpywareBlaster lists (presently) 3,310 bad activeX files.
You can choose to let any of them through.
It's your PC.
I like the choice.
It's my PC.

I've seen this recommended before but Install on Demand is still enabled for me and I've never had a problem. Looked at this MS article and it seems to contradict what you say--I've italicized for emphasis.
http://support.microsoft.com/default.aspx?kbid=222639

I want the prompts. I like having the ability to decide what gets downloaded. Just like ActiveX, which the BC article Scarlett mentions tells you how to set to prompt, not everything is bad. But if I'm asked (prompted) about downloading something I don't at all expect, then I can just say no.

Or am I misinterpreting? If I understand correctly Install on Demand has to do with Active Setup, which is updating or installing Internet Explorer updates and plug-ins from MS--not third parties. Doesn't sound like ActiveX but I'm not sure. Could you elucidate on this Leurgy?
Sounds like you have all your cookies blocked. This board will set a cookie to remember your log on. Perfectly harmless. I don't block any cookies. Not even tracking cookies. And no ill effects. See here for why I don't worry about them:
http://www.dtp-aus.com/cookies.htm

With a combination of:

ActiveX set to prompt--as set out in Grinler's article--this is what prevents drive by downloads.

Windows kept patched and updated.

And a good, up to date Antivirus and Firewall---

I've not had any problems. I don't run TeaTimer, SpywareGuard or anything like that. Only installed SpywareBlaster when I started doing HijackThis logs so I would have access to the database.

But then my surfing and other habits aren't like most other people's. So SpywareBlaster and some other tools are good to have. I just think the BC tutorial is pretty complete.

I agree about the cookies. (and a lot more, too. BTW)
They help achieve the speed I get manuevering in/out of this site & others.
On dialup.

All alerts can border on irritation, which I patrol for

For instance, those tea timer alerts...
firewall traffic reports...
download messages...
IE is set a little tighter than FF for me.
Mostly I review the Event Viewer and logs of activities once a week.
Set things to log alerts.
Know where the log files go.

basically I set things up so there is a minimum of tray icons,
spybot & firewall.
I recently gave up the AVG auto-update when I learned
that the protection in AVG7 runs without it,
no ill effects.

Tryin' out google desktop, and that's it.
Everything else I go to start menu when I want it.

But, I'm kinda
whoops.

Papakid

Yes, Internet Explorer will prompt to see if you want to install Japanese Language Support. This is a Microsoft Component. But it will NOT prompt to see if you want to install Gator, Gain, NewDotNet, CoolWebSearch, etc. This is how these items come to be installed in many cases. If you come to a website that tries to download these components and have Install on demand disabled (unchecked) you WILL be prompted.

A case in point. Go to Panda Active Scan with install on demand unchecked. If you have never been there before, as you go through the procedure to do the scan, you will see a security warning about a download and will be asked to accept it or not. Don't accept it. Close all IE windows. Enable both Install on demands by going to Control Panel>Internet Options. Open IE and go back to Panda, and it will do the download without you even noticing anything other than the wait.

A qoute from the Microsoft link you supplied:



Microsoft has dropped this feature in these OS's most likely because they realized that this was being exploited by adware/spyware programs but I doubt you would get MS to admit it.

I think your exploration into this has merit, Leurgy.

I read this:
Disabling These Features
The Install On Demand (Other) or Install on Demand (Internet Explorer) and Automatically check for Internet Explorer updates options are turned on by default in all versions of Windows except Windows 2000 and Windows XP. These features are not available in Windows 2000 or Windows XP, but these options are present on the Advanced tab in the Internet Options dialog box in Windows 2000 and Windows XP. For additional information, click the article number below to view the article in the Microsoft Knowledge Base:
257021 Advanced Internet Explorer Options Do Not Work on Windows 2000-Based Computer

It seems like typical contradictory english fostering misunderstanding to me.
Nothing new.

So.
I've unchecked both
Install on Demand (IE) &
Install on Demand (other).
As is my general tendency towards trial & error.
I'll go with it that way a while.
Casually.

and furthermore, steering you to microsoft is out of necessity.
Trust them.
They are your friends.
They will explain things to you.
Things you need to know now that you bought the system.

Papakid,

I thought so too. But this site and one other are the only ones permitted to leave persistent cookies. So it must be something else .

Phawgg,
I have no problem you steering me to Microsoft also. I steer myself there too. But as you point out reading can be frustrating at times.

As far as the irritation from alerts - I find them educational at this point. It tells me what's happening. Between the logs, alert list, alert popups, I'm getting a picture what is normal, when and so on.

This is a very good thread. I really want to thank all who commented, and will read all this very carefully now. And nobody is off the subject, Phawgg, it's all connected