Just got high-speed internet -- any security concerns I should be aware of?

[Toad]

After having dialup forever, I moved and finally have high speed cable internet, and it's glorious!

Are there any security concerns (or other concerns) that a total noob like me should be aware of?

I have Spyware software, Virus software, and some other things, just FYI.

Thanks!

[Toad]

P.S. Is it ok to just leave my computer on ALL the time? I realize I'm still connected to the network, but 1) is that bad and, 2) if so, how do I disconnect?

THANKS

[Alvis]

A firewall wouldn't hurt. I recommend Zone Alarm or Sygate Personal Firewall.

http://www.zonelabs.com/store/content/home.jsp

http://smb.sygate.com/products/spf_standard.htm

Both have a free version.

[68ShelbyGT500KR]

Congrats on your new found speed. Much better than DialUp. Do you have DSL or Cable etc...?

What Operating System are you running? Sorry, but I can't remember the OS from your past posts...

If you are running XP, you can have the connected icon set to run in your notification area (by the clock) by going to Start>Settings>Network Connections..located *your connection* and select Properties>place a check in the box that says "Show icon in notification area when connected">click OK

You can then click on the new icon in the notification area and "Disable" your connection.

[Toad]

Thanks for the advice: my connection notes that it's "firewalled" --- is that not good enough?

Also, what does a firewall protect against?

Is it bad to leave programs like MSN Messenger and Outlook running constantly while connected?

[Toad]

Quote:

Originally Posted by 68ShelbyGT500KR

You can then click on the new icon in the notification area and "Disable" your connection.

I have XP.

How often would you suggest I disconnect/disable the connection? When I'm not using it? Daily? Weekly? What's the harm in leaving it running?

[68ShelbyGT500KR]

Quote:

Originally Posted by Toad

Thanks for the advice: my connection notes that it's "firewalled" --- is that not good enough?

Also, what does a firewall protect against?

Is it bad to leave programs like MSN Messenger and Outlook running constantly while connected?

If you are using the built in Windows Firewall, it only protects inbound, not outbound. It is best to get a 3rd part firewall as Alvis suggested since the block BOTH ways!. If you decide on a 3rd part FW, then make sure you disable Windows "firewall".

On your Network Connection, it is up to the PC users on how to handle live connections. I tend to turn off my comp when not using it. Very rarely will I 'disconnect" the connection manually.
Just make sure you help secure your PC with a good Firewall and Anti-Virus (keep it updated weekly) program that runs at Windows Startup. There will be icons next to the clock when the are monitoring activity.

[ravan]

Are you using a NAT router? I'd just get a router of some kind, maybe a wifi one so you can roam around too They're pretty safe.. i personally dont like firewalls on my pc's and servers.

[jfoobar]

Quote:

Originally Posted by ravan

Are you using a NAT router? I'd just get a router of some kind, maybe a wifi one so you can roam around too They're pretty safe.. i personally dont like firewalls on my pc's and servers.

You may not like them, but they are an absolute necessity for a broadband-connected home PC. They are also a necessity for just about any laptop whatsoever.

[mikehunt]

I still prefer Kerio as far as software firewalls go
http://www.kerio.com/kpf_home.html

[Toad]

I have cable modem I guess, my connection says 100.0 Mbps --- is that fast, average, slow?

What's the next fastest connection, and how fast is that?

If I remember correctly, my old wireless connection at school was like 11.0 Mbps on a good day.

[jfoobar]

Quote:

Originally Posted by Toad

I have cable modem I guess, my connection says 100.0 Mbps --- is that fast, average, slow?

That's your local connection to the cable modem and/or your broadband router. That means that both your PC and whatever you are connected to have 10/100 Mbps NICs, which is standard. You are not getting anywhere near 100Mbps to the Internet.

[mikehunt]

the 100Mbps is most likely the speed of the ethernet port the modem plugs into on the computer. the modem itself probably has a top speed around 10Mbps or lower, which is still a hell of a lot faster than dial up

[Dead]

Quote:

Originally Posted by JustinS

You may not like them, but they are an absolute necessity for a broadband-connected home PC. They are also a necessity for just about any laptop whatsoever.

While I would tend to agree about the laptop, which might be connected to an insecure network, I'm not sure I understand the logic related to use of a software firewall at home. If you're just saying, "it never hurts to have every possible protection", then I can agree with that... as long as the increase in security is great enough to justify performance issues and the consumption of resources. In general, I've found that Zone Alarm is a bit too unstable and causes too many slowdowns to install on it on otherwise well secured systems behind a hardware firewall. Maybe you can convince me to think differently, but from my experience it doesn't seem worth the tradeoff.

If you've got a good virus scan program, keep your systems patched, use a hardware firewall, don't participate in the use of "questionable" software, don't open E-Mail attachments, etc., what is the benefit of a software firewall? The thing I see most often mentioned is that some (like ZA) monitor outgoing connections as well as incoming ones. But, if you don't do anything that would install a program to make an outgoing connection, and are careful about keeping updated so no one else can add one, then how much real need is there for notification about outgoing connections? Not to say that it could never happen, but the question I have is how great is that exposure when compared to the decrease in usablity?

[jfoobar]

Quote:

Originally Posted by Dead

If you've got a good virus scan program, keep your systems patched, use a hardware firewall, don't participate in the use of "questionable" software, don't open E-Mail attachments, etc., what is the benefit of a software firewall?

Unless you never install anything but gold-disked commercial apps off of original factory media, you are at substantial risk. How many people do you know that meet that definition on their home PCs? Damn few.

AV, across the board, has a dismal record of detecting Trojan horse applications and, even if they did, the Trojan will likely try and disable the AV. This leads to a race condition that your AV isn't always going to win. Those AV applications that are most popular among Joe Sixpack actually have among the worst detection rates. Of course, a well-written Trojan can manipulate common desktop firewalls as well...

Hundreds of thousands of completely pwn3d home PCs were compromised via the browser, not through the deliberate installation of software thought to be safe. Most of those, in my experience, were compromised after visiting a malicious website that they found using a search engine for something completely innocuous. Keeping your XP box patched and using a browser other than MSIE helps, but it is hardly a 100% safe (not even close)alternative. Hardware firewalls will offer no, zero protection in instances such as this.

These are real things that do happen, even on fully patched systems. I see it all the time (it's what I get paid to do) and the way I discover them is through network traffic monitoring, both to the Internet and on local network segments.

Dead, you are an atypical Internet user, and even you are at some risk. My advice about desktop firewalls is for the hoi polloi, who are at much greater risk. I have a better knowledge, and firsthand at that, of the risks, vulnerabilities, and exploit vectors than 99%+ of Internet users out there (not that that is saying much) and there is no way I plug my XP system into my router without a desktop firewall. Specifically, I am running Look n' Stop on my XP Pro SP2 system and I have not noticed any appreciable performance issues. Sygate and Tiny also seem to be fairly invisible as well based on past experience.

[Dead]

Quote:

Originally Posted by JustinS

Unless you never install anything but gold-disked commercial apps off of original factory media, you are at substantial risk. How many people do you know that meet that definition on their home PCs? Damn few.

Isn't that a bit of an exaggeration? Sure, installing anything and everything greatly increases risk, but I suspect that even most software downloaded from reputable sources is safe. Not to say that it never happens, but how often do you think it happens when dealing with "trustworthy" sources? From your professional POV, I do understand that it's your responsibility to take the view "once is too much"... but that answer may not be as valuable to me though.

Quote:

AV, across the board, has a dismal record of detecting Trojan horse applications and, even if they did, the Trojan will likely try and disable the AV. This leads to a race condition that your AV isn't always going to win. Those AV applications that are most popular among Joe Sixpack actually have among the worst detection rates. Of course, a well-written Trojan can manipulate common desktop firewalls as well...

I'll grant you the first... though, as you added, some trojans can take out or avoid other protective measures.

Quote:

Hundreds of thousands of completely pwn3d home PCs were compromised via the browser, not through the deliberate installation of software thought to be safe. Keeping your XP box patched and using a browser other than MSIE helps, but it is hardly a 100% safe (not even close)alternative. Hardware firewalls will offer no, zero protection in instances such as this.

Yes, but this was still a fairly limited exposure vector. Obviously there will always be exploits ahead of patches, but the impact is still limited by the vector... in this case, visiting certain websites. And the software firewall wouldn't have provented the occurance either, would it have? Maybe your point is that in the case of information compromise there is some value. Part of the risk here relates to how the machine is used too though. For instance, I've got a box that I'll freely install most anything on and use to visit web sites related to hacking and the like... I don't store any data of value on it and would never dream of accessing a bank account or other sensitive data from it.

Quote:

These are real things that do happen, even on fully patched systems. I see it all the time (it's what I get paid to do) and the way I discover them is through network traffic monitoring, both to the Internet and on local network segments.

Right, and I do fully realize that. In part, I wonder if your experience might make you a bit overly cautious though. Related to your work, does your employer run software firewalls on all company boxes? Assuming you consult for other companies too, are software firewalls something you recommend for all your corporate customers?

Quote:

... there is no way I plug my XP system into my router without a desktop firewall. Specifically, I am running Look n' Stop on my XP Pro SP2 system and I have not noticed any appreciable performance issues.

I'm not familiar with Look n' Stop, but if it doesn't have the "issues" I've so often seen from Zone Alarm it, or one of the others, might increase my interest in going back to using a software firewall. Are you using the "Lite" or one of the other versions?

Just out of curiosity, how often does it actually notify you of an outgoing connection of "concern"? My guess is that *you* seldom if ever have had a real need for the product, but I could be wrong. Even if I'm right, I do understand why you wouldn't want others to use that as a measure of their safety (or even yours in the future for that matter).

Quote:

Sygate and Tiny also seem to be fairly invisible as well based on past experience.

Tiny went commercial didn't they? Are you at all familiar with Kerio? If so, what do you think of their product? Someone said that it was related to Tiny, but I don't know if that's accurate or not.

[al_bundy]

Quote:

Originally Posted by Dead

While I would tend to agree about the laptop, which might be connected to an insecure network, I'm not sure I understand the logic related to use of a software firewall at home. If you're just saying, "it never hurts to have every possible protection", then I can agree with that... as long as the increase in security is great enough to justify performance issues and the consumption of resources. In general, I've found that Zone Alarm is a bit too unstable and causes too many slowdowns to install on it on otherwise well secured systems behind a hardware firewall. Maybe you can convince me to think differently, but from my experience it doesn't seem worth the tradeoff.

If you've got a good virus scan program, keep your systems patched, use a hardware firewall, don't participate in the use of "questionable" software, don't open E-Mail attachments, etc., what is the benefit of a software firewall? The thing I see most often mentioned is that some (like ZA) monitor outgoing connections as well as incoming ones. But, if you don't do anything that would install a program to make an outgoing connection, and are careful about keeping updated so no one else can add one, then how much real need is there for notification about outgoing connections? Not to say that it could never happen, but the question I have is how great is that exposure when compared to the decrease in usablity?

there are zombies doing constant port scans on the internet and will remotely install software on your PC if they can get in. there are exploits for windows out there that are known in hacker circles that MS hasn't patched yet

[glassdragon]

Quote:

Tiny went commercial didn't they? Are you at all familiar with Kerio? If so, what do you think of their product? Someone said that it was related to Tiny, but I don't know if that's accurate or not.

Back a long time ago i used Tiny personal firewall. At the time they were free. They went pay. Kerio is what Tiny personal firewall used to be. It's got pretty much the same gui and is pretty much the exact same program that tiny was when it was free. Now Tiny is pretty much not tiny and all graphically pretty and such so you think you are getting your moneys worth. Never did like TPF after they went pay. I did use kerio up until 3 months ago when it decided to just stop working for some reason lol. It worked for a couple years before that so i just chalked it up to a system problem and went to zone alarm. I will recommend Kerio also.

[Dead]

Quote:

Originally Posted by al_bundy

there are zombies doing constant port scans on the internet and will remotely install software on your PC if they can get in. there are exploits for windows out there that are known in hacker circles that MS hasn't patched yet

Sure, but shouldn't your hardware firewall should take care of these threats?

My overall point is that I am under the impression that things have to get *in* before a software firewall adds any value. Justin mentioned untrustworthy software, browser flaws, and the like as being potential attack vectors. These I agree present risk, but I'm not sure I understand how an external entity like a zombie presents much risk if you have a hardward firewall but not a software firewall.

[Dead]

Quote:

Originally Posted by glassdragon

Back a long time ago i used Tiny personal firewall. At the time they were free. They went pay. Kerio is what Tiny personal firewall used to be. ...

Ah, thanks for the update on Tiny. I may have to give Kerio a spin.

[jfoobar]

Quote:

Originally Posted by Dead

Isn't that a bit of an exaggeration? Sure, installing anything and everything greatly increases risk, but I suspect that even most software downloaded from reputable sources is safe. Not to say that it never happens, but how often do you think it happens when dealing with "trustworthy" sources? From your professional POV, I do understand that it's your responsibility to take the view "once is too much"... but that answer may not be as valuable to me though.

OK, I might have exaggerated somewhat. I'll change the word "substantial" to "notable." The truth is that most users don't spend nearly enough time considering the risks inherent to downloading and installing software, especially free software.

Furthermore, the line between Trojan horse and spyware has been and continues to blur, almost to the point of becoming indistinct altogether. The days of all unwanted applications pretty much falling into the "Gator" category (annoying but mostly harmless) and the "Sub7" category are long since over.

Quote:

I'll grant you the first... though, as you added, some trojans can take out or avoid other protective measures.

But most of them still will not. Many, many "malsploitwormbotnet" apps will go after common AV, but only a few target desktop firewalls.

Quote:

Yes, but this was still a fairly limited exposure vector. Obviously there will always be exploits ahead of patches, but the impact is still limited by the vector... in this case, visiting certain websites. And the software firewall wouldn't have provented the occurance either, would it have?

Here is an example I discovered just last night. User googled for "greek recipes" and followed a link to a hacked and/or malicious website which redirected to a Hungarian site that tried to exploit the MS Windows Kernel .ani file Parsing vuln and the MSIE HTML Help Control Local Zone Security Restriction Bypass Vuln. If successful, a Trojan executable would be downloaded and executed on the host. I never did a malware analysis on the executable itself and only 6 of the 14 AV cllients I tested it against detected it for what it was (McAfee, AVG, Fortinet and Panda being among the noteworthy failures). Fortunately, the AV on that client did partially detect it and patches would have kept it from succeeding anyway, but that is definitely only the case sometimes.

The point is, one innocent Google search and an unpatched system running McAfee is potentially pwn3d. The same site could have exploited a 0-day or an as-of-yet unpatched vuln but those are a little more uncommon.

Oh, and if you are in charge of looking at your company's internet logs, you might want to look for connections to tribeca(dot)hu, particularly http gets for test.ani and sp2rc.htm.

Quote:

Maybe your point is that in the case of information compromise there is some value. Part of the risk here relates to how the machine is used too though. For instance, I've got a box that I'll freely install most anything on and use to visit web sites related to hacking and the like... I don't store any data of value on it and would never dream of accessing a bank account or other sensitive data from it.

Smart but very, very atypical for a home user. However, that system could get stomped and start attacking other systems on your home network if you aren't careful.

Quote:

In part, I wonder if your experience might make you a bit overly cautious though.

Oh, I'm sure it does.

Quote:

Related to your work, does your employer run software firewalls on all company boxes? Assuming you consult for other companies too, are software firewalls something you recommend for all your corporate customers?

It is not cost effective for most enterprises to run a desktop firewall on every desktop. We run on laptops only and a few desktops with special risks. Desktops never leave the environment and are protected in other ways not applicable to 99% of home environments (strong egress filtering and daily monitoring via NIDS and Internet log analysis).

Quote:

I'm not familiar with Look n' Stop, but if it doesn't have the "issues" I've so often seen from Zone Alarm it, or one of the others, might increase my interest in going back to using a software firewall. Are you using the "Lite" or one of the other versions?

Just out of curiosity, how often does it actually notify you of an outgoing connection of "concern"? My guess is that *you* seldom if ever have had a real need for the product, but I could be wrong. Even if I'm right, I do understand why you wouldn't want others to use that as a measure of their safety (or even yours in the future for that matter).

Tiny went commercial didn't they? Are you at all familiar with Kerio? If so, what do you think of their product? Someone said that it was related to Tiny, but I don't know if that's accurate or not.

I run 2.05. I don't think they have a "Lite" version. I almost never get alerts from it and presumably for the reasons you suggest. Let's hope that's the case anyway.

I hadn't paid much attention to where Tiny has gone recently so that was news to me. I think my wife has Kerio on her main desktop and likes it.

[Toad]

Ok so every now and then since I've been on cable, I get a little window that pops up, looks like a 404-Error page, and it says: "They know what you're doing!" basically, and provides a link to software that will "stop this."

My question is: am I really more susceptible to these risks with cable as opposed to dialup?

And second, if I have pop-up blockers enabled, how is this stupid thing popping up? It has happened a few times while looking at certain...shall we say...questionable content. It says stuff like: "They know you're connected through Earthlink..." etc.

Is it real or a hoax?

[freudguy]

Quote:

Originally Posted by 68ShelbyGT500KR

If you are using the built in Windows Firewall, it only protects inbound, not outbound. It is best to get a 3rd part firewall as Alvis suggested since the block BOTH ways!. If you decide on a 3rd part FW, then make sure you disable Windows "firewall".

I thought the XP firewall DID block outbound, at least after SP2.

[Dead]

Quote:

Originally Posted by Toad

Ok so every now and then since I've been on cable, I get a little window that pops up, looks like a 404-Error page, and it says: "They know what you're doing!" basically, and provides a link to software that will "stop this."

My question is: am I really more susceptible to these risks with cable as opposed to dialup?

And second, if I have pop-up blockers enabled, how is this stupid thing popping up? It has happened a few times while looking at certain...shall we say...questionable content. It says stuff like: "They know you're connected through Earthlink..." etc.

Is it real or a hoax?

I'm not sure I understand the questions, but I'll give it a shot.

Is it real that a web site can generally tell what ISP you are using, what broswer version, what OS, etc.? Yes.

Are you at a higher risk? In a manner of speaking. Most highspeed internet connections are always on, so by virtue of the amount of connect time you are at a bit higher risk. Also, when someone is looking for machines to attack, they may be more likely to scan the address space of providers that offer highspeed connections than of providers that only offer dial-up access.

[tronmaster]

Quote:

Originally Posted by Toad

Ok so every now and then since I've been on cable, I get a little window that pops up, looks like a 404-Error page, and it says: "They know what you're doing!" basically, and provides a link to software that will "stop this."

My question is: am I really more susceptible to these risks with cable as opposed to dialup?

And second, if I have pop-up blockers enabled, how is this stupid thing popping up? It has happened a few times while looking at certain...shall we say...questionable content. It says stuff like: "They know you're connected through Earthlink..." etc.

Is it real or a hoax?

I believe you are getting the "infamous" windows messenger pop-up, but I thought they turned it off with XP SP2?

Let me see if I can find a link to turn it off...

Messenger Popup Disable

Try that one.