Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Only able to update protection every once in awhile...


  • Please log in to reply
5 replies to this topic

#1 Ragnar Devonin

Ragnar Devonin

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 17 January 2011 - 07:41 AM

Hi folks,

Unfortunately, due to my current situation, my access to the internet is... a bit spotty, for my laptop. I'll have periods where I go for sometimes up to three months without access to the internet on it (luckily I'm not entirely cut-off - Yay phone!). Still.

My question is: So long as I immediately update all my protection programs when I am able to get online (before even opening a web browser) - will I be keeping myself safe? Or should I be looking to get those updates onto my computer somehow before bringing it online again?

What I've been doing is, after these month-long hiatuses my laptop takes from the internet - when I am able to get on it, I will immediately download (and install) updates for Windows, my antivirus, SAS, and MABM. I won't do anything else on it during this time (not even open a browser or anything, just to get these updates as quickly as possible). This usually prompts a restart from Windows to complete its' updates, afterward I'll keep the laptop offline for a bit to run some scans and so long as everything comes up clean - I'll reconnect, and use it as normal (with my usual precaution when surfing online so as to avoid viruses).

So, as asked, is this good enough to keep my laptop safe and virus-free or should I start doing something differently (like getting the updates on before connecting, or probably unsuccessfully try to get a more regular internet connection. Grr at the nearest internet cafe being out of town, and costing more than it should...).

Thanks for reading, and possible answers. :)

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 17 January 2011 - 07:56 AM

Can you tell us exactly how you connect your laptop to the Internet? Does your laptop get a public IP address, or is it behind a NAT router?

If it has a public IP address and you're not using a firewall that blocks access to all your open ports, you are running a small risk. You are running the risk that, in the couple of months your laptop didn't receive Windows update, Microsoft patched a bug for a remote exploit vulnerability in a networked service. When this vulnerability is actively exploited by infected machines on the Internet (like botnet members), you run the risk that this service is exploited before you get the chance to patch your machine (even if you don't use Internet-facing applications like IE until your machine is up-to-date).

I also assume that updating your AV signatures takes a long time? Because several AV programs use incremental updates to limit the download bandwidth you need, but if you're out-of-sync by a couple of months, they download the complete signature database in stead of a delta. This can easily be 100+ MB.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Ragnar Devonin

Ragnar Devonin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 17 January 2011 - 08:18 AM

I'm fairly certain its' behind a NAT router (the place has a hardware-based firewall, so I assume this is it) and I also have a software firewall in place. One of the times I'd gone, I'd done a port test on this security website (I can't remember the name right now.. Steve Gibson or something? I think it was called Shields Up!) and it told me that all my ports were stealthed in all the tests.

The highest I've seen download from my AV is about 60 MB (not including updates to the base program, just definitions), but the updates have ever taken more than 20 or so minutes - give or take 10 - I'd say on average it takes a whole 15 minutes to get all the updates I've missed.

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 17 January 2011 - 08:29 AM

I'm fairly certain its' behind a NAT router (the place has a hardware-based firewall, so I assume this is it) and I also have a software firewall in place. One of the times I'd gone, I'd done a port test on this security website (I can't remember the name right now.. Steve Gibson or something? I think it was called Shields Up!) and it told me that all my ports were stealthed in all the tests.


Yes, it sounds like you're behind a NAT router. If you really want to be sure, start cmd.exe and type the following command: ipconfig
This will list all your network adapters and the IP address associated with them. Look for your network adapter you're connecting with (probably wireless), look for entry "IPv4 Address" and if it is in the following range, you've a private IP address:

10.0.0.0 10.255.255.255
172.16.0.0 172.31.255.255
192.168.0.0 192.168.255.255

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 Ragnar Devonin

Ragnar Devonin
  • Topic Starter

  • Members
  • 23 posts
  • OFFLINE
  •  
  • Local time:08:26 AM

Posted 17 January 2011 - 08:32 AM

The 192.168.x.x looks familiar, the next time I go there (posting from my phone now, this was just something that has been nagging me) I'll double check to be sure. But I'm fairly certain it is in that range. With the firewalls in place, so long as I continue my careful practice I take it I don't have too much to worry over then?

#6 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,685 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:26 PM

Posted 17 January 2011 - 08:51 AM

The 192.168.x.x looks familiar, the next time I go there (posting from my phone now, this was just something that has been nagging me) I'll double check to be sure. But I'm fairly certain it is in that range. With the firewalls in place, so long as I continue my careful practice I take it I don't have too much to worry over then?


Correct. Unless it's an Internet cafe full of hackers :wink:

FYI: the 192.168.X.X private IP range is what retail network equipment uses by default.

Edited by Didier Stevens, 17 January 2011 - 08:52 AM.

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users