Author Topic: 10 biggest security threats you don't know about. (Read 9813 times)

mistybear · « **on:** June 26, 2006, 08:42 »

http://www.pcworld.com/reviews/article/0,aid,126083,00.asp

Maybe it's time I installed a Firewall. :?

sam · « **Reply #1 on:** June 26, 2006, 08:54 »

sounds like a plan :-)

mistybear · « **Reply #2 on:** June 26, 2006, 09:24 »

I installed a Firewall on the PB and it drove me nuts for ages. This wanted permission for whatever and something else wanted access to a certain port.
And I found that some when you deny permission they just keep on asking, then I just gave in. A little like having a toddler.

So what's the point of a Firewall when you end up giving permission to the very thing you are trying to keep out.
Somethings were obvious, but there were a few I wasn't sure about, well more than a few.

sam · « **Reply #3 on:** June 26, 2006, 11:00 »

umm....

GillE · « **Reply #4 on:** June 26, 2006, 11:03 »

Very interesting, especially the rootkit section. I downloaded and ran RootkitRevealer and it produced a couple of entries that I'm suspicious of

HKLM\S-1-5-21-1292428093-1060284298-839522115-1003\RemoteAccess\InternetProfile 21/06/2006 15:22 11 bytes Data mismatch between Windows API and raw hive data.

HKLM\SOFTWARE\Classes\webcal\URL Protocol 10/06/2006 16:05 13 bytes Data mismatch between Windows API and raw hive data.

Should I be worried, and how do you deal with such discrepancies?

It also highlighted a file on the hard drive that I can't access. I think this may be because I stupidly gave the file a name ending in "..." and now I get an error message that this location is unavailable whenever I click on it. Any ideas about how to deal with this rogue?

Gill

sam · « **Reply #5 on:** June 26, 2006, 11:10 »

you could deal with the rogue via using the msdos prompt...

mistybear · « **Reply #6 on:** June 26, 2006, 11:28 »

Don't know if this is of any help, but they have a forum.

http://www.sysinternals.com/Forum/forum_topics.asp?FID=15

GillE · « **Reply #7 on:** June 26, 2006, 11:36 »

That forum seems to be rather high on analysis, rather low on practical implementation.

Sam, I've tried the MS DOS route and it tells me that I've deleted the directory containing the rogue file. Then I ask it list the directory and everything's still there.

Gill

mistybear · « **Reply #8 on:** June 26, 2006, 11:38 »

Quote from: "sam"

umm....

That's exactly what I did when the Firewall asked for access. You've had the same experience.

GillE · « **Reply #9 on:** June 26, 2006, 11:45 »

Hang on; the folder that contained the rogue file has gone according to MS DOS but it's still there according to Windows Explorer. Curious.

Gill

sam · « **Reply #10 on:** June 26, 2006, 11:55 »

umm thats odd.. though i guess it is worth pointing out that msdos is only an emulator on xp, so it might not delete it directly. is this file in any particularly sensitive location?

sam · « **Reply #11 on:** June 26, 2006, 11:56 »

Quote

That's exactly what I did when the Firewall asked for access. You've had the same experience.

lol

GillE · « **Reply #12 on:** June 26, 2006, 12:55 »

Hi Sam

No, it's not in a sensitive location as such. It's just an irritation. I suppose noses aren't particularly sensitive locations either, but when you get a pimple on them they suddenly become sensitive.

This file is a pimple on the backside of my HDD.

Gill

sam · « **Reply #13 on:** June 26, 2006, 14:31 »

lol.. i was just wondering if for some reason windows was "restoring it" or not letting you delete it for the reason of the location

Lona · « **Reply #14 on:** June 26, 2006, 17:58 »

You should maybe try deleting it with system restore off, Gill.