Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Am I protected?


  • Please log in to reply
15 replies to this topic

#1 mister_d

mister_d

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 15 June 2009 - 12:18 PM

Hey there.
Recently I had several problems/viruses fixed/removed with the help from an HJT team member in the HijackThis Logs and Virus/Trojan/Spyware/Malware Removal forum. I followed the member's sound advice and installed some software to plug some holes and help keep this from happening again. I am now running or run periodically:

SpyBot Search and Destroy & Tea Timer
SUPERAntiSpyware
PC Tools Firewall Plus
Avira (free)
Malwarebytes (free)
Spywareblaster
A-SQUARED (free)
Drweb-cureit
Clamwin

I'd like opinions on whether or not I'm "covered" now. Is there a site you can go to and have them test your protection level - a controlled attack of sorts?

Thanks! :thumbsup:

BC AdBot (Login to Remove)

 


#2 bluesjunior

bluesjunior

  • Members
  • 761 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:11:13 AM

Posted 15 June 2009 - 02:23 PM

You can try the links at the Shields Up site below. They will test your PC.
https://www.grc.com/x/ne.dll?bh0bkyd2
Motherboard: Gigabyte GA-MA770T-UD3, CPU: AMD Athlon II X3 450 Processor, Memory: OCZ 4GB (2x2GB) DDR3 1333MHz,Graphics: PowerColor HD 5750 1GB GDDR5,
PSU: Corsair 430W CX PSU 4x SATA 1x PCI-E, Hard Drive:Samsung SpinPoint F3 500GB Hard Drive SATAII 7200rpm 16MB Cache.

#3 newpat

newpat

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 15 June 2009 - 04:15 PM

Hi
I am not answering the query, just wanted to say I looked at this site and it looks very interesting. Although I am not sure how up to date it is. I believe it's worth investigation (just don't forget I am a novice!!) :thumbsup:

#4 JJ2K

JJ2K

  • Members
  • 162 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 15 June 2009 - 05:35 PM

I'm not 100% but i don't think you need that many AV programs, hopefully somebody can advise you on a combination with less programs.

Definatley try that link bluesjunior has posted i've just done it myself. Then you can tell if you need a better firewall maybe or different settings for certain things, although it has succeeded in giving me confidence i'm not sure how thorough the tests are.

#5 Someones

Someones

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 16 June 2009 - 02:26 AM

You have far too many signature scanners. You can remove Spybot's TeaTimer component, A-squared, Dr Web CureIt and ClamWin.

Just remember to always have common sense and safe surfing practices, it is far more important than your security applications.

If you want to increase protection you should use something like OpenDNS, Firefox with WOT, and ThreatFire or Prevx.

Edited by Someones, 16 June 2009 - 02:27 AM.


#6 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:07:13 AM

Posted 16 June 2009 - 10:45 AM

Blues' link is awesome. I droped a ping and the 'wall tester was able to punch out, but everything else on mine is locked down on XP SP 3 with IE 7 (detected as Mozilla 4 O_O). They gotta get in before they can call out and ain't nothing getting in :D

That said, I'm now upgrading my wall to Zone Alarm. Accoridng to the testers, ZA is the only wall that consistently stops outbound traffic as well as inbound. I agree with Someones' post, but would recommend changing walls from PCT to ZA.

Leave ONE program running In Real Time (I'd use Avira + the 'wall) and leave the rest as "on demand"/manual so they don't a) fight with each other and b ) bog down your system. Pick up CCLeaner and Advanced System Care as well. Nifty utilities that help clean out junk files, plus ASC has an innoculator that gets a few things missed by Spybot (S+D also gets a few that ASC doesn't so use both). Use CCLeaner to kill startup entries for everything else and ASC has both disk and reg defrag for performance.

Edited by TSalarek, 16 June 2009 - 10:46 AM.


#7 mister_d

mister_d
  • Topic Starter

  • Members
  • 27 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 16 June 2009 - 01:43 PM

I tested through the site Blues posted above and came up perfect. I downloaded and ran ASC - it seemed to find a bunch of problems - I'm always lenient of software that messes with registry changes though. I've had CCleaner on for a long time and been happy with it.

Thanks for the input - I'd like to find another site to test it if anyone knows of one.

#8 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:13 AM

Posted 16 June 2009 - 05:10 PM

TSalarek, I have used ZoneAlarm for years and love it

#9 Someones

Someones

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 18 June 2009 - 02:15 AM

Accoridng to the testers, ZA is the only wall that consistently stops outbound traffic as well as inbound. I agree with Someones' post, but would recommend changing walls from PCT to ZA.

Which tests are you referring to?

#10 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:07:13 AM

Posted 19 June 2009 - 02:49 PM

GRC/Shields up...but I did some research on that and was surprised at how many research groups said the same thing.

All walls should stop both ways, and many reputable ones do, but many reputable walls also come pre-loaded with numerous exploitable permissions. ZA doesn't come with permissions so if you wanted you could even block from IE from accessing the net.

#11 Someones

Someones

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 19 June 2009 - 09:17 PM

GRC/Shields up...but I did some research on that and was surprised at how many research groups said the same thing.

All walls should stop both ways, and many reputable ones do, but many reputable walls also come pre-loaded with numerous exploitable permissions. ZA doesn't come with permissions so if you wanted you could even block from IE from accessing the net.

Doesn't Shields up only test inbound protection? And who are these other research groups? BTW why would you want to block IE anyway?

#12 Animal

Animal

    Bleepin' Animinion


  • Site Admin
  • 35,333 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Where You Least Expect Me To Be
  • Local time:04:13 AM

Posted 19 June 2009 - 09:41 PM

SpyBot Search and Destroy & Tea Timer

With regards to SpyBot and Tea Timer, I'd like to quote our very own Quietman7.

mvps.org is no longer recommending Spybot S&D or Ad-Aware due to poor testing results. See here - (scroll down and read under Freeware Antispyware Products).

Further, most people don't understand Spybot's TeaTimer or how to use it and that feature can cause more problems than it's worth. TeaTimer monitors changes to certain critical keys in Windows registry but does not indicate if the change is normal or a modification made by a malware infection. The user must have an understanding of the registry and how TeaTimer works in order to make informed decisions to allow or deny the detected changes. Additionally, TeaTimer may conflict with other security tools which do a much better job of protecting your computer and even prevent disinfection of malware by those tools.

More effective alternatives are Malwarebytes Anti-Malware and SUPERAntiSpyware Free.


The Internet is so big, so powerful and pointless that for some people it is a complete substitute for life.
Andrew Brown (1938-1994)


A learning experience is one of those things that say, "You know that thing you just did? Don't do that." Douglas Adams (1952-2001)


"Imagination is more important than knowledge. Knowledge is limited. Imagination circles the world." Albert Einstein (1879-1955)


Follow BleepingComputer on: Facebook | Twitter | Google+

#13 TSalarek

TSalarek

  • Members
  • 135 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Kentucky and Florida, USA
  • Local time:07:13 AM

Posted 23 June 2009 - 11:22 AM

someones: if you're using something else (like say AOL) and IE decides to self launch being able to block would be a plus.

I looked at about a dozen different sites for reports on ZA, forgives if I don't waste time posting every single link.

Shields up drops an exe (which you have to personally download. It's ok - it's used only for the "does it call home" test). When you run the exe, if it's able to call back to GRC then you fail on outbound protection. What this means is that malware can exploit your holes and call home to get instructions (like orders to open more inbound ports). If Malware is prevented from calling home (like with ZA) then you have no holes to be exploited. << oversimplified,but I think you get it

animal: what poor test results? the fact that it doesn't play nice with IE8? Avira, AVG, and FF3 are all having issues with IE8, too, and given MS position I'd say they're not the only ones...though it IS nice to see MS issue a KB for it, I doubt we've heard the last of the IE8 conflicts. Oh and MVPS is wrong on AVG. They list it as 30-day but my 8.5 Free is full with no expiration. Full Free is buried on the AVG site and you have to hunt for it, but it's worth it for stable reliable real-time protection.

#14 Someones

Someones

  • Members
  • 184 posts
  • OFFLINE
  •  
  • Local time:06:13 AM

Posted 24 June 2009 - 09:19 AM

someones: if you're using something else (like say AOL) and IE decides to self launch being able to block would be a plus.

I looked at about a dozen different sites for reports on ZA, forgives if I don't waste time posting every single link.

Shields up drops an exe (which you have to personally download. It's ok - it's used only for the "does it call home" test). When you run the exe, if it's able to call back to GRC then you fail on outbound protection. What this means is that malware can exploit your holes and call home to get instructions (like orders to open more inbound ports). If Malware is prevented from calling home (like with ZA) then you have no holes to be exploited. << oversimplified,but I think you get it

I still don't really get your point, could you please clarify?

You could easily set IE to be blocked by any third-party firewall.

The outbound tests I've seen all have ZoneAlarm scoring around average.

Are you referring to their leaktest? I downloaded it and then ran it without an internet connection and it says it penetrated my firewall. :thumbsup:

#15 Stang777

Stang777

    Just Hoping To Help


  • Members
  • 1,821 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:05:13 AM

Posted 25 June 2009 - 12:28 AM

If it penetrated it without being connected I would think that what it meant is that it was able to go out, not that it actually connected. I would think that if it found an open port and nothing stopped it from using that port, then it would consider that being penetrated, whether it made an actual connection or not. I have used that leak test on several computers over the years, all running ZoneAlarm, and never had it come back saying it had penetrated my firewall.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users