Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Question about Firewall Settings


  • Please log in to reply
6 replies to this topic

#1 Anonix

Anonix

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 12 July 2011 - 12:15 AM

After MSE detected a few Trojans during scans these past few weeks, I put my computer on lock down. One of the things I learned during my research was that because I was signing in as an "administrator", I was giving the bad guys full privileges if they ever gained control of my computer through a browser exploit. I found a program (it's on CNET for download) called 'drop my rights' that lets me restrict the rights (while still signed in as an Administrator). It's my understanding that by default, you log on to Windows XP as an Administrator, so there are probably a whole lot of computer users besides me who surfed the 'net for years in that vulnerable state. Do your reading and make changes if you are one of them.

I also took a look at the firewall settings, to see which applications were listed as 'exceptions' to the block to incoming network connections. I 'unchecked' most of the exceptions (reasoning that I could always add them back if/when I needed to use them), but left two as 'exceptions': "Net Diagnostics for Windows XP" and "UPnP Framework". I left the 'net diagnostics' because it just sounds like something that would need to have incoming network connections, and I left UPnP because I have no idea what that is. My eyes started glazing over when I tried to find out more about what it does on a 'net search.

Does anyone know if there would be any harm in blocking these last two as well? Or do they need to have incoming network connections. Thanks in advance for any suggestions.

BC AdBot (Login to Remove)

 


#2 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 13 July 2011 - 05:36 AM

We need a bit more information about your setup to help you.

So you use Windows XP. But how does your machine connect to the Internet?
And do you have other machines or network devices on your local network?

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#3 Anonix

Anonix
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 14 July 2011 - 11:00 PM

I am not sure I know enough to answer your question, but here goes.

I have a router that came with the DSL service (I was told the router has a firewall built in), and the computer is connected to that router via a cord. I used to use a wireless connection but that became unreliable (ISP tech support said I might need a new wireless card) about six months ago so I just use the cord now. When I look in control panel, under network connections, it shows a 'local area connection' that is firewalled, and a 1394 connection, also firewalled. The wireless connection is x'd out, as is a 'local area connection 2' connection (those two are 'off').

As to other machines or devices on the 'local network', I am not sure what that means. I have one computer, so I don't have a network, right? I occasionally fire up an HP printer, but not often. The HP software is very intrusive so I finally got fed up and disabled it from startup. And sometimes I hook up an iPod. Or (rarely) a camera to transfer in some photos.

When I was resetting my network(?) password with my ISP, I could see who else was on the 'LAN' (is that the term)? There are maybe 6 or so other computers hooked up in the immediate vicinity (my neighbors). With help from ISP tech support, I changed both my password (to a stronger one) and also changed the encryption (key?) to a stronger one.

All software, windows, and computer updates are 'up-to-date', as are the various browsers (I use several). I keep Windows Firewall on (plus the firewall in the router), and use MSE and occasionally Malwarebytes for scans.

Hopefully this makes sense. Let me know if you need more info, and if so, what. Thanks.

#4 Didier Stevens

Didier Stevens

  • BC Advisor
  • 2,734 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:09:21 AM

Posted 15 July 2011 - 08:49 AM

Thanks for this info. So this means you just have a computer connected to a router that connects you to the Internet.

Then you can disabled the exceptions "Net Diagnostics for Windows XP" and "UPnP Framework".

Didier Stevens
http://blog.DidierStevens.com
http://DidierStevensLabs.com

SANS ISC Senior Handler
Microsoft MVP 2011-2016 Consumer Security, Windows Insider MVP 2016-2019
MVP_Horizontal_BlueOnly.png

 

If you send me messages, per Bleeping Computer's Forum policy, I will not engage in a conversation, but try to answer your question in the relevant forum post. If you don't want this, don't send me messages.

 

Stevens' law: "As an online security discussion grows longer, the probability of a reference to BadUSB approaches 1.0"


#5 tos226

tos226

    BleepIN--BleepOUT


  • Members
  • 1,578 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:LocalHost
  • Local time:03:21 AM

Posted 15 July 2011 - 09:50 PM

The only time you will need incoming connections is when you choose to run a server to which you will invite other people to connect. P2P (peer-to-peer) type of applications might need it, I don't know, I don't use'm. Skype might need permission for others to connect to you over a specific port. But these are exceptions.

Locally, on the LAN, file and printer sharing may need incoming connections if you want a local computer to connect to yours to look at a folder or even run an application. In this case Windows firewall allows you to limit the scope for incoming connections just to your local area network subnet.

Please don't confuse in/out connections with the direction the data travels. Data moves in both directions when, for instance, you connect to a website. You make an outgoing connection to the website. Said website is not connecting to you (unless you permit it) but it does send data to your browser. Ditto when you connect for Microsoft updates. Bill Gates is not connecting to you. He just sends you the patches to patches.

Just my 2cents :)

My question: How is that "drop my rights" thingie working for you? Convenient?

Edited by tos226, 15 July 2011 - 09:52 PM.


#6 Anonix

Anonix
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 15 July 2011 - 11:40 PM

Great. Tx for this...changing now...

Thanks for this info. So this means you just have a computer connected to a router that connects you to the Internet.

Then you can disabled the exceptions "Net Diagnostics for Windows XP" and "UPnP Framework".



#7 Anonix

Anonix
  • Topic Starter

  • Members
  • 188 posts
  • OFFLINE
  •  
  • Local time:12:21 AM

Posted 16 July 2011 - 12:05 AM

I appreciate the info...this will be brief as i have a new problem with my keyboard Will get back 2 you. Really like the 'drop my rights' dealie. Peace of mind. Sometimes i forget n try 2 download & it stops me. Luv that.


The only time you will need incoming connections is when you choose to run a server to which you will invite other people to connect. P2P (peer-to-peer) type of applications might need it, I don't know, I don't use'm. Skype might need permission for others to connect to you over a specific port. But these are exceptions.

Locally, on the LAN, file and printer sharing may need incoming connections if you want a local computer to connect to yours to look at a folder or even run an application. In this case Windows firewall allows you to limit the scope for incoming connections just to your local area network subnet.

Please don't confuse in/out connections with the direction the data travels. Data moves in both directions when, for instance, you connect to a website. You make an outgoing connection to the website. Said website is not connecting to you (unless you permit it) but it does send data to your browser. Ditto when you connect for Microsoft updates. Bill Gates is not connecting to you. He just sends you the patches to patches.

Just my 2cents :)

My question: How is that "drop my rights" thingie working for you? Convenient?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users