1. I am curious how many of you run in 100% stealth mode. (Locked down with no ports open.)
2. If you do would you share what hardware or software firewalls you run?
3. Then what passive programs do you use to double check the above?
4. What is your success rate would you say at keeping your computer clean of malware? (trojans, virii, bots, and the like)
Why I am asking is that personal PCs are being targeted more and more by criminals after personal information.
This means all computer users PCs should be protected but the majority of users know nothing of protecting their equipment. Many of them don't even know that they should not click on a webpage link if they do not know what it is.
Maybe just maybe the members here could come up with an idea or two of how to help these folks not so knowledgable.
1. See attached for a 100% stealth test at ShieldsUp! at grc.com (The main test only checks the 1st 1056 ports, but other ports can be probed beyond that limit.) I run on dial-up at home so my PC's firewall is it. Nothing between it and the web.
2. ZoneAlarm free 6.1.744.001 (IMO, the last non-bloatware version)
3. There are several web tests for firewalls. ShieldsUp is the one I trust most.
4. Very successful. To my knowledge, my PCs have never been compromised.
I have several layers of items in place. I run active anti-virus, anti-trojan, anti-spyware and firewall programs (all from different manufacturers.) I also run a process monitor, a managed HOSTS file and do most of my surfing under a Limited User account. I also use Firefox (with the NoScript extension) as an alternative to Internet Explorer.
At this point in time, I do not know of any PC protection suite that I would trade for my current, multi-branded choices...
1. Stealth
2. Airlink101 504 router, Sygate Personal Firewall Pro.
3. ShieldsUP
4. No issues as of yet.
Additionally, modified "Hosts" file from MVPS,
Running eSeT NOD32 antivirus with strong settings,
Current Firefox browser with Adblock and Adblock Filterset.G Updater
I'm sure a 100% stealth mode is not possible.
With no ports open at all your internet would not work, meanig no info could get in.
It is possible, although I don't know if it's actually doable - at least with the higher-numbered ports. It doesn't mean all ports are closed; it means all ports appear closed to external probes, if I understand things properly.
FWIW, I use Windows XP firewall, AntiVir antivirus, and SpywareBlaster antispyware. I do periodic scans with AdAware and CWS as well.
It doesn't mean all ports are closed; it means all ports appear closed to external probes, if I understand things properly.
This is similar to my interpretation. The only thing I'd add is that (based on my understanding) a closed port still responds that it is there but closed, where a stealth port does not respond at all.
Many opinions I've read say that closed or stealth are, from a safety standpoint, pretty much the same. I don't know I totally agree but I do understand their point of view...
My ports are all stealthed according to GRC but I wouldn't be overly concerned if they were all simply closed since my PC(s) are all fully protected with equivalent programs listed by everyone else. Also, I don't actually keep sensitive info unguarded on any of my computers.. I use encryption for any info that may be useful to anyone that would get access to my computer so that would mean not only would someone need to access it but they'd then need to decrypt it... I can't see that being reasonably done.
(and I'd challenge anyone to try... not that I think it's totally impossible but it would be very difficult and time consuming and I'd be interested in seeing how they'd try it)
On the hardware side my wireless network is very secure with 128 bit encryption, impossible to guess passwords and only machines I own have their MAC addresses allowed in.
My bigger concern than someone hacking in would be a keylogger (in other words not someone hacking me but doing something myself that compromised my security)
I was infected with a keylogger trojan a few years ago (got it from a download of Nero plugins from a seemingly legit website). Fortunately it didn't work properly so no data left my computer. I always was and of course still am extremely security conscious but that little episode made me even more so. I never open any software file I download from any source until I've multiscanned it and made sure I have a recent image of my hard drive (not an issue since I make one every week)
As far as surfing goes, on those relatively few occasions I find a questionable site that I need to access for any reason (usually researching security issues) I turn off all scripting, activex and java first, easy to do with my Avant browser... worst case scenario, and it's very nearly foolproof, is I always have at least two recent disc images (on separate partitions/hard drives) I can use to fall back on. I've never had to use them for that reason except for that one keylogger occasion.
Interesting how close we are in what we use and how we use it. I have SBC DSL and I stealthed the router by going to the website www.2wire.com. Here is a link for the stealth function.
For passive - A2 Squared, Cws, Trend Housecall, HJT (keep a clean log to compare to), SpyBot, and the old AdAware, and Sygate.
I use a virtual PC also for quarantine and testing. Each item goes in to a file by itself for checking.
If surfing I make a RegBU (Registry Back Up) and place it on my Desktop for quick access for quick recovery.
The only thing I have to do when working my local network is to disable ZA. (Back ups from one computer to another) I have WIN98SE going strong to cover my older dependable hardware that XP will not recognize on one computer)
Sygate is used to manually block cookies from a website. And here is something. Some of the most trusted sites have the most cookies.
Still the rule for us as users is If we don't know what it is don't click on it.
greengoose1/fink: You both touched on something I feel bears repeating. The importance of a backup. So many users don't make backups.
No matter how stealthy our PCs are, no matter how careful we may be on the web, good old fashioned human mistakes can still happen that will cause damage to our data or the OS (not to mention non-user caused hard drive problems and so forth.)
IMO, the answer that can best provide a solution to severe problems is the ability to restore from a good backup. Be it from a user's registry, their data, or even the entire PC.
In my case (at home), I make backup images of my entire PC. I recently have began using a different imaging program and I can now image my entire PC to an external hard drive in 7 or 8 minutes (with restoration just as fast.) And I can even pull individual files or folders from an image if that's all I want/need.
I just wish more users understood how important backups are and how easy a good backup can make things (when things go really, really bad...)
Han, you are right on the money I believe. To go a step further identifying the components of a malware defense system might be in order and what happens in a malware event.
1. The PC.
2. Hardware and software that is used to protect the PC be it automatic or manual.
3. Identifying a malware event.
4. Course of action. (Further apps or backups)
5. Malware elimination.
If the concepts are understood the actual event becomes less intimidating.
Reply With Quote
Originally Posted by offsider
