| Author |
Topic: Firewall question |
Brint Hannay
From:
Maryland, USA
|
Posted 3 Nov 2008 3:14 pm |
|
I have been running for a while with the Norton Internet Security suite, including the "Advanced Firewall", which claims to protect for outgoing. I just ran the Gibson Research Corp. "Leak Test", and it said "Firewall Penetrated".
I downloaded and installed the free ZoneAlarm firewall (which I used to have), and turned off the Norton one (at least I think I did; I checked "Off", but the Norton Security Center still says under Advanced Firewall "Secure"--don't know if that means their firewall is still on, or perhaps it recognizes the presence of ZA?) Tried Leak Test again, and it still says "Firewall Penetrated".
What to do? Is there a better firewall? Does my situation possibly mean my computer is infected with something that has created a security breach that a subsequently-installed firewall can't fix? |
|
|
 |
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 3 Nov 2008 4:00 pm
|
|
Brint;
There are a few things that can affect the penetration prevention of a software firewall. They include, but are not limited to the following:
Open ports for filesharing programs to get access to shared folders
Open ports for VPN, GoToMyPC, LogMeIn, PcAnywhere, etc
Open FTP port
Open remote desktop port due to Bot infection or Remote Desktop application running
Open SMTP email port, used by Bots to send spam
Misconfigured firewall rules or security level setting too low
File and Printer Sharing enabled for home or office network
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
Brint Hannay
From:
Maryland, USA
|
Posted 3 Nov 2008 4:19 pm
|
|
| Thanks, Wiz. How might I go about checking for those things? |
|
|
|
Wiz Feinberg
From:
Mid-Michigan, USA
|
Posted 3 Nov 2008 11:05 pm
|
|
| Brint Hannay wrote: |
| Thanks, Wiz. How might I go about checking for those things? |
Brint;
Look for running applications (even in thebackground) that involve public filesharing (Kaaza, Limewire, etc), or remote desktop applications (icons usually displayed in SysTray), or scan for Bot infections, with an up to date anti spyware/virus/bot program.
You can see most of the running processes by opening your Task Manager. In Windows 2000 and XP, use CTRL+ALT+DEL. In Windows Vista use CTRL+SHIFT+ESC. Select the Processes tab and look for anything that appears totally out of place in the list. This is difficult if you aren't already familiar with the normal running processes.
You can also download HijackThis, or RUBotted, from Trend Micro. HijackThis is used by professional malware removal forums to analyze what is running or installed on an infected computer and terminate undesirable processes. RUBotted is a standalone application theat runs in your SysTray and notifies you if Bot-like activity is detected. If it is, you are directed to use the free online HouseCall malware scanner/remover.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog |
|
|
|
