With regard to Stash and Nocmonkey's views, I would point out that I have recently discovered my computer trying to access the internet on port 139 ONLY because Kerio (v.4) popped up an alert to let me know.
It is not benign, as the destination IP's are not microsoft.com, but among others, .jp, .mx, and most of them not fully traceable.
I have run, literally, half a dozen virus scanners : AVG, F-Secure AV, Kapersky AV, Avast AV, and AntiVir
Not to mention TDS-3, Adaware SE, Spybot SD, Zero Spyware, Pest Patrol, Spysweeper
HiJackThis shows nothing of signifigance, and I'm currently combing through loaded drivers (according to the W2K reskit)
Stash writes: "Once something malicious gets on your machine, the game is over, and you can no longer trust that machine."
I tend to concur - the only reason I haven't dropped all and reformatted is that I need to find out where this came from to prevent it from happening again.
If I was using window's integrated firewall, my data would be as safe as it is now (It's not going anywhere)
BUT you would never even know that there was a potential problem.
Not trying to get my problem solved here or threadjack, but unless you want to play the "what you can't see won't hurt you" game, IMO, alert/logging on outgoing attempts remains a legitimate benefit to overall system security.
Edit: Of course, "MO" is not that of a security professional, and it is coming from someone with a probably compromised system ...
It is not benign, as the destination IP's are not microsoft.com, but among others, .jp, .mx, and most of them not fully traceable.
I have run, literally, half a dozen virus scanners : AVG, F-Secure AV, Kapersky AV, Avast AV, and AntiVir
Not to mention TDS-3, Adaware SE, Spybot SD, Zero Spyware, Pest Patrol, Spysweeper
HiJackThis shows nothing of signifigance, and I'm currently combing through loaded drivers (according to the W2K reskit)
Stash writes: "Once something malicious gets on your machine, the game is over, and you can no longer trust that machine."
I tend to concur - the only reason I haven't dropped all and reformatted is that I need to find out where this came from to prevent it from happening again.
If I was using window's integrated firewall, my data would be as safe as it is now (It's not going anywhere)
BUT you would never even know that there was a potential problem.
Not trying to get my problem solved here or threadjack, but unless you want to play the "what you can't see won't hurt you" game, IMO, alert/logging on outgoing attempts remains a legitimate benefit to overall system security.
Edit: Of course, "MO" is not that of a security professional, and it is coming from someone with a probably compromised system ...
mechBgon
Super Moderator<br>Elite Member
- Oct 31, 1999
- 30,699
- 1
- 0
Looking at my Task Manager, my system's been up for about 2.5 hours. The two components of ZoneAlarm free edition have consumed seven seconds of CPU time. That's less than one-tenth of one percent, and that's on a mere 1GHz Duron. Don't you have an A64? What's with the constant fretting about system resources?
Personally, I'd say your quest for your one-process minimalist firewall has burned up far more of your system resources than you're ever going to recover by using a minimalist firewall. That Flash advertisement at the top of this Forum page makes ZoneAlarm look like a featherweight app by comparison
If you don't have Flash installed, then .If you want more security, then my suggestions would be to (1) adopt the practice of using a Limited/Restricted-User account for any potentially-risky stuff like web browsing, IM'ing, etc; (2) lock down your router and set it up to email you its logs so you can look for weird behaviors by your PC; (3) avoid risky behaviors; (4) patch your system and check it with MBSA and some port scans; (5) thoroughly configure your antivirus software to use all its detection capabilities; and (6) don't let anyone else use your PC
All of those except for #5 come at zero performance penalty on an ongoing basis.I have a pretty darn good system being a Pentium 4 3.23GHz with 1GB of RAM. However, I still want to use as little resources as possible because I want to get the most performance out of my system that I can. Regardless of how good of a system I have for desktop use, I want to keep my resource usage as minimal as possible. I mean how much resources would you sya the Windows firewall uses? Hardly any. Basically, I want a firewall that does just what the Windows firewall does, plus offers the ability to block outbound connections. I mean there would have to be some firewall that uses as little resources as the Windows firewall and blocks outbound connections.
What does this have to do with Falsh. Flash isn't a process that runs in the background all the time. It only consumes resources with a web browser open. But that is ok, as with any other program. But for programs that always run constantly in the background, I want to keep it at a minimal, and use as low of resources as possible.
Mmm .. I thought an outgoing check was a good idea until I visited
http://www.firewallleaktester.com/leaktest1.htm
They mostly blew straight through Kerio 2.15 as if it wasn't there, I now just rely on my router firewall plus XP standard firewall (well it doesn't do any harm at least).
http://www.firewallleaktester.com/leaktest1.htm
They mostly blew straight through Kerio 2.15 as if it wasn't there, I now just rely on my router firewall plus XP standard firewall (well it doesn't do any harm at least).
- Oct 25, 1999
- 29,548
- 423
- 126
Each one of the Security program intercept the TCP/IP.
I make much more sense to use one coherent program then three programs each one doing its own thing, and thus might de-stabilize the system.
However it is also a matter of the foot print in memory and number of processes running, and takin resources.
Most of the comprehensive suits have a very heavy ?foot print?.
In addition, None of the Single Security suit provides you with Good AntiSpyware.
As a result it I found a need to install AntiSpyware No matter what.
I run parallel systems for a while and it seems that that the combo that I mentioned in my above posts is lighter on the system than (as an example) AntiSpyware + ZA or NIS Suits.
However I do not see the whole issue as a personal War that should result whether Tom, Dick, or Harry are right and Jack and Jill are wrong.
It is a matter of making people aware of the parameters and give them latitude to make there own decision according to the way they run their Networks, and their means.
:sun:
I make much more sense to use one coherent program then three programs each one doing its own thing, and thus might de-stabilize the system.
However it is also a matter of the foot print in memory and number of processes running, and takin resources.
Most of the comprehensive suits have a very heavy ?foot print?.
In addition, None of the Single Security suit provides you with Good AntiSpyware.
As a result it I found a need to install AntiSpyware No matter what.
I run parallel systems for a while and it seems that that the combo that I mentioned in my above posts is lighter on the system than (as an example) AntiSpyware + ZA or NIS Suits.
However I do not see the whole issue as a personal War that should result whether Tom, Dick, or Harry are right and Jack and Jill are wrong.
It is a matter of making people aware of the parameters and give them latitude to make there own decision according to the way they run their Networks, and their means.
:sun:
- Oct 25, 1999
- 29,548
- 423
- 126
That was an Interesting comment; I spend the last hour working on it.
The recommendations that some of us made are for Kerio v215, firewallleaktester.com tested Kerio 411.
I ran the first two tests that Kerio 411 failed (Tooleaky, and pcaudit). It DID NOT fail on my system.
I am familiar with some of the tests used and do not have right now the time to analyze the real meaning of some of the 15 tests that I am not familiar with.
However a superficial glance indicates that some might not be very relevant to peer home network, and some are interesting Gimmicks rather then a real security risk.
:sun:
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter