Plentyoffish dating forums are a place to meet singles and get dating advice or share dating experiences etc. Hopefully you will all have fun meeting singles and try out this online dating thing... Remember that we are the largest free online dating service, so you will never have to pay a dime to meet your soulmate.
     
Show ALL Forums  > Technology/Computers  > Norton unsafe?      Home login  
 AUTHOR
 buzbyesq
Joined: 2/8/2009
Msg: 1
Norton unsafe?Page 1 of 2    (1, 2)
I've had various problems with spyware and hi-jacking. I think I've solved all of these by using various products. However....I've recently installed PC Tools firewall (which is very good). I originally had a prblem with svchost running through generic host processes for win32 services. I blocked that access. Now it seems that all my internet traffic is going through Symantec Network Proxy Service (ccproxy.exe). When I block this, my connection dies. Very little, possibly nothing is going through the Internet explorer program. Is this right, or has some nasty hijacked ccproxy.exe ???
 jbking2
Joined: 1/22/2009
Msg: 2
Norton unsafe?
Posted: 5/6/2009 8:22:01 PM
Is it that something has hijacked or was it a security setting that everything should go through that process? It may be that when Symantec's products were installed on your machine this was one of the things it set. Thus it isn't hijacked but rather the way it was set up, just like how most people go in and out of rooms through doors. There are other ways to go from room to room but typically we use doors. If you suddenly locked all the doors, wouldn't you be stuck in one room?
 - don
Joined: 4/23/2009
Msg: 3
Norton unsafe?
Posted: 5/6/2009 9:37:08 PM
Personally, I don't use or recommend Norton

You may want to check Microsoft's TechNet Pages, they have something called Autoruns which will give you more info on hunting malware manually *recommended for experienced users, you can do some serious damage to your installation if you are not careful and kill off needed processes/services etc.



ccproxy.exe is a process belonging to Symantec Internet Security suite.\r This process allows you to setup basic Internet sharing, which allows you to share your Internet connection across your home or office. This program is important for the stable and secure running of your computer and should not be terminated.\r

-http://www.processlibrary.com/directory/files/ccproxy/




The Svchost.exe file is located in the %SystemRoot%\System32 folder. At startup, Svchost.exe checks the services part of the registry to construct a list of services that it must load. Multiple instances of Svchost.exe can run at the same time. Each Svchost.exe session can contain a grouping of services. Therefore, separate services can run, depending on how and where Svchost.exe is started. This grouping of services allows for better control and easier debugging.
-http://support.microsoft.com/kb/314056


ZoneAlarm Security Suite & Kaspersky Security Suite are better in my opinion
 - don
Joined: 4/23/2009
Msg: 4
Norton unsafe?
Posted: 5/6/2009 9:48:18 PM
Running 2 firewalls can cause problems too. Proxies do help keep you secure so if that one worked for you, let it run.
Take Care
 pondDucky
Joined: 4/20/2009
Msg: 5
Norton unsafe?
Posted: 5/7/2009 11:57:48 AM
Kaspersky or BitDefender should be your only choices when it comes to antivirus, malware etc. Norton is worse then not having anything at all.
 pondDucky
Joined: 4/20/2009
Msg: 6
Norton unsafe?
Posted: 5/7/2009 11:58:30 AM
Oh and if you want a free one I hear good things about Avira.
 Jim978
Joined: 7/15/2008
Msg: 7
Norton unsafe?
Posted: 5/7/2009 12:46:18 PM

I originally had a prblem with svchost running through generic host processes for win32 services. I blocked that access.


Why was this a problem? That is normal Windows operation. There isn't anything insecure about svchost running.


Now it seems that all my internet traffic is going through Symantec Network Proxy Service (ccproxy.exe). When I block this, my connection dies.


Everything dies? No kidding, eh? Imagine that! It dies because you killed it. If you keep shutting down/blocking the lower level applications then how exactly do you expect your data to go anywhere? You shut down svchost so your system figured out that it could still connect through ccproxy and it channeled everything that way to keep you up and running. Then you shut that down. The entire idea of being on the Internet is to be able to connect with the world. How do expect to do that if you keep all the doors locked?
 - don
Joined: 4/23/2009
Msg: 8
Norton unsafe?
Posted: 5/7/2009 4:55:41 PM

No kidding, eh? Imagine that!


Personally I've found the best way to learn is to go ahead and try, I don't think it calls for criticism. It appears that he was trying to solve a problem himself and I'm guessing he learned from it so more power to him. Yeah, it's not a bad idea to google something if you're not sure what it is/does but I've broken Windows A LOT and I think it's one of the best ways to learn, now I know what not to do. And you have to admit, svchost does sound suspicious if you're seeing it on your computer for the first time.


buzbyesq-

So, Keep on killing those processes ;) You'll learn more from that than you will taking a windows class...j/k, but it is educational. You can kill services through your Administrator Tools as well ;) Seriously, you'd be surprised how many are running that you don't need and the resources you can save.

If you are still curious about what's going on in windows, check out:
*You can break your installation with these if you are not careful, google is your friend & remember to backup

-Sysinternals Suite http://technet.microsoft.com/en-us/sysinternals/default.aspx (Check out Autoruns) -there's also a BSOD screensaver there that's kinda fun to put on your colleague's/friend's computer

-nCleaner http://www.nkprods.com/ncleaner/ -registry modification app & services modification & system cleaner

-Info on services that windows needs to run properly- http://www.theeldergeek.com/services_guide.htm

Have Fun!
 buzbyesq
Joined: 2/8/2009
Msg: 9
Norton unsafe?
Posted: 5/8/2009 5:39:27 AM
Don, thank you for your reply. I think another poster missed the point. I was trying to ascertain the shortest route between two points. I think that my query is legitimate; it is rather puzzling to have my connection going via processes other than iexplore, and I naturally assumed something nasty was attaching itself to other programs particullary Norton, to access the Internet. If I was an expert then it stands to reason that I wouldn't post on here.What might be obvious to some people isn't obvious to everyone. And for the other posters information, googling svchost and ccproxy shows that these processes might not be as secure as you assume. I have been plagued by malware and want to make my computer as secure as possible.
 Jim978
Joined: 7/15/2008
Msg: 10
Norton unsafe?
Posted: 5/8/2009 6:11:38 AM

I think that my query is legitimate; it is rather puzzling to have my connection going via processes other than iexplore, and I naturally assumed something nasty was attaching itself to other programs particullary Norton, to access the Internet.


My prior post wasn't a criticism. I was laughing at the overall idea. To you, blocking these things might seem legit but once you understand what those processes are doing you'll understand why it isn't.

Your computer and the Internet operates through the 7-layer OSI model (I'd recommend you Google it and become familiar with the OSI model - you don't need to become an expert but you need to understand the basics if you are going to understand what you are attempting to accomplish and approach it logically.). For a networked application to function your keystrokes (or mouse clicks) need to be converted from the application level down through the various layers and out onto the wire (or wireless connection) at layer 1.

IExplorer is operating at layers 5, 6 and 7 so your system needs to translate/convert data all the way down to layer 1 (it gets converted/translated back as necessary by the hardware/software at the other end!).

Your system processes like svchost and Norton's ccproxy are operating at layer 3 and 4 controlling layer 5, 6 and 7 applications (like IExplorer) that try to access network hardware down at layer 1. So all of your IExplorer data is "filtered" and directed by these lower level processes. If you shut down all of those processes IExplorer has no way to access the hardware. It's much the same way you would be if you were sitting in a house that had no windows or doors - you'd have no way to get in or out. If you want to be able to access the Internet with IExplorer you have to leave a door open.

Norton has a pretty good reference list in their WWW site that you can search. You can type in a process name and it will explain what the service is and the dangers and/or necessity of running the service.
 buzbyesq
Joined: 2/8/2009
Msg: 11
Norton unsafe?
Posted: 5/8/2009 6:29:40 AM
Thankyou Jim. I understand more now. I had no idea about the layers and assumed that everything was on a par and there was no hierarchy. I have very little technical knowledge and, as I said, I was worried that something nasty was trying to run on other programs to access the internet. I have just tried disabling Norton and everything runs fine through iexplore so hopefully there is nothing nasty jumping from program to program on my internet connection.
 - don
Joined: 4/23/2009
Msg: 12
Norton unsafe?
Posted: 5/8/2009 4:16:30 PM


My prior post wasn't a criticism. I was laughing at the overall idea.


My apologies Jim, It's difficult to determine the tone in text and I was just trying to make people feel more comfortable with posting questions without feeling like they will be criticized for lack of knowledge. I'm a member on several different forums and occasionally I'll read a post from someone belittling another for asking a question. I'm here just for fun and to help people & I am still fairly new to forums (just joined them couple months ago) so my forum etiquette may be lacking, if so please let me know.

Thanks,
Take Care :)
 - don
Joined: 4/23/2009
Msg: 13
Norton unsafe?
Posted: 5/9/2009 12:07:23 AM


I have been plagued by malware and want to make my computer as secure as possible.


How I would secure windows w/out advanced technical skills:
1)Get a Router (Built-In Firewall, should be the 1st line of defense for home networks)

2)Uninstall Norton (Norton has an Uninstaller Application to Uninstall Norton on their website)-maybe it's built-in now-haven't used norton in a while, just used the uninstaller for clients.

3)ZoneAlarm Internet Security Suite-$29.95-( has award winning software (Software Firewall, AntiSpyware, Antivirus)
-http://download.zonealarm.com/bin/promotions/cj/2/zass_b.htm?cid=W200002

*You should be good with the above but if you want to take it a step further,

nCleaner (free-and-donations accepted too) is an application with a lot of different functions, a couple are security & privacy



http://www.nkprods.com/ncleaner/

* Clean over 80 Windows system and applications items (locations) + over 100 application plugins, making your system faster, more stable and protecting your privacy.
* Clean your registry and fix Windows errors.
* Monitor your system resources to maintain a certain amount of free disk space and optimize memory usage.
* Monitor you system using the System Advisor and correct critical Windows errors.
* Optimize system memory usage.
* Protect your privacy by shredding all deleted clean items (using professional algorithms), so they cannot be recovered using specialized recovery software.
* Add custom files and folders to be cleaned on each system clean.
* Choose which cookies you want to keep and which you want removed.
* Shred free space on all hard disks and partitions, so that previous deleted files cannot be recovered using specialized recovery software.
* Tweak your system to protect your privacy by enabling or disabling hidden Windows features that could have allowed intruders on your system.
* Tweak your system to make it faster and stable by disabling unnecessary features and services and recover resources.
* Use predefined Tweak profiles to enable the best Tweak configurations.
* Use the advanced Startup Manager to see ALL objects launched at startup including services and system objects.
* This powerful module allows you to spot hidden viruses or unwanted applications and disable them.
* Use the advanced Startup Manager to save a list file with all objects that are launched at startup.
* Find unnecessary files on your system (backup files, log files, invalid shortcuts and many other) and remove them.
* You can also add your own files you want to scan for and remove.
* Schedule cleans at startup, shutdown, on browser close at specific time based intervals.
* Maintain log file with all actions and the time when they occurred.
* Maintain advanced statistics on how you use nCleaner and its effect.
* Choose one of 4 shredding algorithms for best privacy protection or clean speed.
* Password protect key, sensitive features in the application while still allowing cleaning the system.
* Clean your Windows Vista based system.
* Manage system Services. Disable, start, stop Services.



***It's always a good idea to have a current & tested backup, especially before making changes to your system***
 fame9999
Joined: 5/4/2009
Msg: 14
Norton unsafe?
Posted: 5/9/2009 12:58:46 AM
Actually zonealarm sucks I know hackers than can shut it down very easily. Better off with a router for sure. Toss up between nod32 and kaspersky. Nod32 takes less resources. Kaspskery has more false positive and can take up more resources.

Grab a program called sandboxie (www.sandboxie.com)

Run your browser, IM or whatever you connect your internet to in sandoxie and you system will be pretty much safe. You get far less spyware and viruses unless you actually allow it on your system.

To actually lockdown your system. Delete telenet and ftp. Hackers can use it to break into your system. Use limited user account not admin account. You are far more secure that way.


http://www.microsoft.com/protect/computer/advanced/useraccount.mspx

CCleaner is the most popular cleaner out there. Never had a problem with it. it's free also.
 Steve-30
Joined: 12/23/2008
Msg: 15
Norton unsafe?
Posted: 5/9/2009 6:49:16 AM
I hate and will never use norton, even though Steve Dotto from Dottotech recommended the newer version in one of his shows, i use a combination of ad-aware, spybot S&D, the microsoft malware scanner (which has never found anything so i wonder if it even works) and for scanning viruses I use AVG... free.grisoft.com :) great free piece of anti-virus software.
 phule
Joined: 4/8/2004
Msg: 16
view profile
History
Norton unsafe?
Posted: 5/9/2009 10:24:50 AM
If I use the word ignorance, would you get insulted, or do you actually know the definition?

Lack of knowledge.

First of all. Do you know what a firewall does? Do you know what it is for? Every type of program that wants to access a network connection on your machine, will use a unique port to segregate it's activity, from other programs that are using the internet. For example, web browsers use port 80. Yahoo Messenger uses ports 5050 and 5151. Email clients like Eudora and Outlook and all the rest mostly use Port 25 and Port 110, (but also Port 143, Port 465, Port 993, Port 995, depending on the software). You have a total of 65536 ports available. That's 256 squared, btw. From 0 to 65535. A firewall makes sure that all the ports not officially in use, are closed.

Every firewall program out there blocks ports the same way. The difference in the different firewall suites out there, is in how it NOTIFIES you of what it is doing. Whereas the one built into windows since Win2000 does the job quietly, an aftermarket firewall needs to be very verbose, in order for you to THINK it is doing it's job. I mean, if you bought and paid for the software, and after installing it, you never saw a message, a popup about it, or even a tray icon, you would think you got ripped off. Even if it did it's job perfectly.... if you never SAW evidence, you would not think it was working. This is why people choose to purchase a software firewall, to "replace" the one that comes with Windows. It is a common enough mistake.

You say that PC Tools Firewall is very good. How do you know? I mean, you are blocking authentic windows elements from doing their job because the names look weird to you, and you are screwing with your net connection, and you don't even know what things like Proxy Services are... but you know good software from bad software?


What is ccproxy.exe?
ccproxy.exe is a process belonging to Symantec Internet Security suite. This process allows you to setup basic Internet sharing, which allows you to share your Internet connection across your home or office. This program is important for the stable and secure running of your computer and should not be terminated.

So if you want to continue to use a symantec product, and you want to share your internet connection with other computers in your house, it should be left alone.


What is svchost.exe?
The file svchost.exe is the Generic Host Process for Win32 Services used for administering 16-bit-based dynamically linked library files (DLL files) including other supplementary support applications.

As operating systems became more complex Microsoft decided to run more software functionality from a dynamic link library (DLL) interface. However DLLs are unable to launch themselves and require at least one executable program, i.e. svchost.exe, is needed to bridge between the library process and the operating system.

Through the solitary file svchost.exe, the DLLs efficiently contain and dispense Win32 services as well as neatly facilitate the execution of svchost.exe’s own operations. Acting as a host, the file svchost.exe creates multiple instances of itself. The multiple executions of the file svchost.exe contribute to the stability and security of the operating system by reducing the possibility of a crashing process that causes a domino effect on its neighbor processes, thereby creating a system-wide crash in the machine.

Ok. To put this in simpler terms... SVCHOST is like your socket wrench, and the DLL files are like the sockets.
Ok, not so simple terms...Rather than leaving the operating system open like a Wild West town, where anyone who wanted to write software could just make their own rules... the more integrated into the OS you want your program to be, the more you have to use common elements that other programs use. These common elements are DLL files. Windows uses the generic SVCHOST to load these DLL files. Like, how you can use the same flatbed trailer to haul a wide variety of things.

A firewall isn't going to do a thing to protect you against getting or removing Spyware, Malware, or a Viral infection. It isn't designed to. If you are having problems with spyware and hijacking, try using tools like Malwarebytes, and Spybot Search & Destroy, and HijackThis, and ComboFix to remove those infections and repair the damage. Otherwise, by looking to using a firewall to solve these problems, you are building a fence to take care of your termite problem. I don't mean a fence of chemicals in the ground... I mean a fence around your yard.
 - don
Joined: 4/23/2009
Msg: 17
Firewalls & Jive Turkeys
Posted: 5/10/2009 2:04:36 AM

If I use the word ignorance, would you get insulted, or do you actually know the definition?

Lack of knowledge.


It appears that you lacking the knowledge of what a firewall does..........

If I called you a Jive Turkey, would you get insulted, well...you may or may not

"Jive turkey" used to refer to someone who is full of bluster; in other words, a moron. -Wikipedia : Jive Turkey (summarized)

I believe he was looking for "nasties" (the non-kinky type) & Firewalls are usually the first line if defense, some DO work better than others by blocking INGOING & OUTGOING malicious behavior by SOFTWATE/MALWARE along with many other functions.

Do you know what a Trojan Horse is? (not the kind from Troy)...see google

Google is your friend and Wikipedia is your friend, And if you use them you won't have problems with giving others incorrect information.

please excuse the rough analogy:
Firewalls are like one of those snorkels with the ball inside allowing you to breath & attempts to keep the water out-(the water being bad stuff) except it tries to make you invisible to sharks (Hackers/Info collectors->ICMP,Ping,TCP/IP, UDP,->the bad kind,etc.). The sharks can also smell your breath and the snorkel Should take care of that too(outgoing program comm.) and there's more, it's the bionic snorkel... ;)

Windows Built-in Firewall is like the snorkel with a small ball not big enough to keep the water out & is more translucent than invisible, mainly just allowing you to breath and doesn't block too much.



-Wikipedia:Firewall
A firewall is a part of a computer system or network that is designed to block unauthorized access while permitting outward communication. It is also a device or set of devices configured to permit, deny, encrypt, decrypt, or proxy all computer traffic between different security domains based upon a set of rules and other criteria.

Firewalls can be implemented in both hardware and software, or a combination of both. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets. All messages entering or leaving the intranet pass through the firewall, which examines each message and blocks those that do not meet the specified security criteria.

There are several types of firewall techniques:

1. Packet filter: Looks at each packet entering or leaving the network and accepts or rejects it based on user-defined rules. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. In addition, it is susceptible to IP spoofing.
2. Application gateway: Applies security mechanisms to specific applications, such as FTP and Telnet servers. This is very effective, but can impose a performance degradation.
3. Circuit-level gateway: Applies security mechanisms when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.
4. Proxy server: Intercepts all messages entering and leaving the network. The proxy server effectively hides the true network addresses.

A firewall is a dedicated appliance, or software running on computer, which inspects network traffic passing through it, and denies or permits passage based on a set of rules.

A firewall's basic task is to regulate some of the flow of traffic between computer networks of different trust levels. Typical examples are the Internet which is a zone with no trust and an internal network which is a zone of higher trust. A zone with an intermediate trust level, situated between the Internet and a trusted internal network, is often referred to as a "perimeter network" or Demilitarized zone (DMZ).

A firewall's function within a network is similar to physical firewalls with fire doors in building construction. In the former case, it is used to prevent network intrusion to the private network. In the latter case, it is intended to contain and delay structural fire from spreading to adjacent structures.

Without proper configuration, a firewall can often become worthless. Standard security practices dictate a "default-deny" firewall ruleset, in which the only network connections which are allowed are the ones that have been explicitly allowed. Unfortunately, such a configuration requires detailed understanding of the network applications and endpoints required for the organization's day-to-day operation. Many businesses lack such understanding, and therefore implement a "default-allow" ruleset, in which all traffic is allowed unless it has been specifically blocked. This configuration makes inadvertent network connections and system compromise much more likely.



Port Trojans Notes
1080 MyDoom.B, MyDoom.F, MyDoom.G, MyDoom.H registered port for SOCKS
2283 Dumaru.Y registered port for Lotus Notes LNVSTATUS
2535 Beagle.W, Beagle.X, other Beagle/Bagle variants registered for MADCAP
2745 Beagle.C through Beagle.K registered port for URBISNET
3127 MyDoom.A registered port for EMC CTX-Bridge
3128 MyDoom.B This port is commonly used by the squid proxy.
3410 Backdoor.OptixPro.13 and variants This port is registered for NetworkLens SSL Event.
5554 Sasser through Sasser.C, Sasser.F This port is commonly used by SGI ESP HTTP.
8866 Beagle.B not a registered port. within a range 8800-8900 used by Ultima Online Messenger.
9898 Dabber.A and Dabber.B This port is registered for MonkeyCom.
10000 Dumaru.Y This is the registered port for the NDMP network storage backup protocol.
10080 MyDoom.B This is the registered port for the Amanda backup software.
12345 NetBus This is the registered port for the Italk Chat System. TrendMicro OfficeScan antivirus also uses this port.
17300 Kuang2 not a registered port.
27374 SubSeven not a registered port.
65506 various names: PhatBot, Agobot, Gaobot in the dynamic/private ports range. More info at TCP port 65506 proxy scan and New Worms scanning on 1025 and others



-http://ask-leo.com/where_is_it_alright_for_svchostexe_to_be.html

Summary: Svchost.exe is frequently spoofed by viruses attempting to hide. The official copy should be in your Windows\system32 folder, but there may be others.

I was told that the file svchost.exe should only exist in the windows\system32 directory. I was also told that if I find it in another directory, it is part of a virus. I have WinXP and found the svchost.exe file in the windows\system32 directory. However, I also found it in the windows\ServicePackFile\i386 directory and in the windows\$NtServicePackUnistall$ directory. Is this a problem? Should I delete the svchost.exe files in the non system32 directories?

Indeed, you were told correctly ... kind of.

I just took a look at my machine, and found all those copies and one more. Fortunately they are not the result of a virus, and you and I are quite safe.

Let's look a little more closely as to why.



One of the ways that viruses try to hide is to give themselves the same name as important or critical system files, like svchost.exe, but then place themselves in a different location on your machine. That way you might be afraid to delete them, for fear of deleting the wrong one, or you might not even notice that it's running because of its familiar name.

As you and I have seen, the file svchost.exe can, in fact, live in several places and be ok. Let's enumerate what those locations are, and why they're ok.
"One of the ways that viruses try to hide is to give themselves the same name as important or critical system files..."

For purposes of this discussion, I'm going to assume that Windows is installed into C:\Windows.

C:\Windows\System32 - the first and most obvious, this is the running copy of Windows itself. This is where you were told correctly - this is the only copy of svchost.exe that should actually be running. How do you find out? You'll need to grab a copy of Process Explorer from SysInternals.com. In current versions of that tool, simply hovering the mouse over any of the "svchost.exe" listed there will display the full path. If your Windows is installed in c:\windows, then svchost.exe should be "c:\windows\system32\svchost.exe".

C:\Windows\ServicePackFiles\i386 - this directory contains the most recent service pack installed on your machine. svchost.exe was one of the files updated, so it's located here. This is just a copy of the files - I believe the files here are used when new software is installed or when you run the system file checker. This Microsoft Knowledgebase article points out that it's possible to burn these files to a CD and remove them from your system.

C:\Windows\$NtServicePackUninstall$ - if present, this directory contains the previous copies of files that were saved when the service pack was installed. Thus it contains the old version of svchost.exe. You can delete this folder, but only if you are absolutely certain you'll never uninstall the service pack. (I'd probably burn it to CD first, just in case.)

C:\I386 - if present, this directory contains a copy of your Windows Installation CD, and hence would also have a copy of svchost.exe. I've discussed this extensively in other articles, most recently: So just what *is* the I386 directory anyway?.

Those four locations are all valid places to find a file called "svchost.exe". Note that only one of them, C:\Windows\System32\svchost.exe, should actually be running. The rest are various forms of backup associated with installing and upgrading Windows.

So what if you find a svchost.exe somewhere else? It could be the result of a virus. Your very first step should always be to run an up-to-date anti-virus scan. Most will take care of the problem safely.

If they do not, things are less clear. You can try renaming or removing the file (make a backup copy on floppy or somewhere else first, just in case). But ultimately, I would probably consider scanning again with an additional, different anti-virus product. Once again I'd emphasize that the virus database should be up to date, as new viruses appear every day.
 buzbyesq
Joined: 2/8/2009
Msg: 18
Norton unsafe?
Posted: 5/10/2009 9:25:03 AM
Phule, thanks for sharing your superiority(or is that superior knowledge) with everyone on this forum. Yes, I know what a firewall does. I am also aware that malware can attach itself to seemingly harmless programs. I have run various antispyware software, and excuse my ignorance, but I didn't find spybot any good, if I'm allowed to give an opinion on programs that is! I also understand the definition of ccproxy.exe but I admit to ignorance in so far as I AM NOT RUNNING ANY OTHER COMPUTERS ON A NETWORK.

PC Tools Firewall is free, and I like it because it tells me what is going on and it isn't patronizing but maybe that's a concept you're not familiar with.

Congratulations on winning todays perception award. Lack of knowledge, however did you come to that conclusion? Did me asking a question give it away???
 Jim978
Joined: 7/15/2008
Msg: 19
Norton unsafe?
Posted: 5/10/2009 10:24:31 AM

You have a total of 65536 ports available.


Errr.. no actually, it's double that. There are 65,536 TCP ports and another 65,536 UDP ports.
 buzbyesq
Joined: 2/8/2009
Msg: 20
Norton unsafe?
Posted: 5/10/2009 4:27:26 PM
And by the way Phule, as you so kindly offered me advice, let me offer you some: I find that sunglasses are more effective when worn over the eyes. Perhaps you'd like to refer to the operating manual that came with them.
 buzbyesq
Joined: 2/8/2009
Msg: 21
Norton unsafe?
Posted: 5/12/2009 6:09:11 AM
Ok, so we've established I don't know too much. I've tried googling but that isn't always satisfactory, and I don't have any friends that know much about computers - however there seems to be something strange happening with my PC, and I would be grateful for any help -

I have run various anti-spyware programs but I'm still not confident that my computer is secure.

1. My firewall tells me certain programs want to act as servers (including win32), is this normal? Or does it make my computer unsafe?

2. What does listening mean??? My firewall tell me that certain applications are allowing listening by 'any ip'. For example LSA Shell Export Verion shows listening of any ip on ports 500 and 4500, and two lots of win 32 have listening at various ports. Also my system has ports listening by any ip on ports 445. Is this safe?

3. Does all of this indicate that some nasty piece of malware is jumping from program to program to connect itself to the internet.
 Jim978
Joined: 7/15/2008
Msg: 22
Norton unsafe?
Posted: 5/12/2009 11:32:30 AM

1. My firewall tells me certain programs want to act as servers (including win32), is this normal? Or does it make my computer unsafe?


It is normal to have several applications that want to act as servers on a Windoze PC. Windoze is designed to allow it's use in peer-to-peer networking so every Windoze PC can be a server if you allow it to be.



2. What does listening mean??? My firewall tell me that certain applications are allowing listening by 'any ip'. For example LSA Shell Export Verion shows listening of any ip on ports 500 and 4500, and two lots of win 32 have listening at various ports. Also my system has ports listening by any ip on ports 445. Is this safe?


"Listening" is exactly what it says it is. The application is sitting there running and has a port available for another application being run on a remote machine to contact it. It isn't much different than you having a phone number. You have one, it's out there. If someone wants to contact you they have to know the number and they dial it. If they don't dial it your phone doesn't ring. Usually, when someone writes an application they include a specific port for the application to listen on. That just allows the application to ignore the chatter on all of the other ports. If a "Hello!" bit DOES happen to come in on the designated port the application responds and the local and remote application attempt to negotiate a connection. If applications didn't listen, they'd never know if another computer was trying to connect to it.

Again, this is entirely normal. I'll reserve on saying "safe" only because I don't know what all of your applications are and which ones are listening. LSA Shell, which yo mention specifically, is a Windoze component. That the logon Security Authentication Shell. It is listening because that is how the PC would know if someone wants to try to logon to your PC remotely. Without it, no one would ever be able to. If you don't want anyone to be able to logon remotely you can go into your Admin Panel and turn of that capability. LSA Shell will still run, but if/when someone tries to connect their connection will fail.


3. Does all of this indicate that some nasty piece of malware is jumping from program to program to connect itself to the internet.


Not in any way, shape or form. It is all 100% NORMAL function.
 michaeld70
Joined: 5/6/2009
Msg: 23
view profile
History
Norton unsafe?
Posted: 5/12/2009 8:44:15 PM
Google is your friend. Typing in anything you see with ctrl/alt/del like svchost.exe, ccproxy.exe, etc will give you pages to look at but be careful to read 2-4 different quick explanations, as some of the listings on the 1st page will will say that everything is a threat of some sort, which isnt necessarily the case. There are also different firewalls, software and hardware, and even if your router has a hardware firewall you will still want a software one, zonealarm free is fine. You dont want more than one though because they can conflict, giving you problems. A firewall wont protect you if you download something from a questionable site though when you save or accept it.

There are many free programs out there, most are of little or no use to anyone. Spybot - Search & Destroy, Ad-Aware, AVG and SpywareBlaster are about the only things I've used for years without any problems at all. Just update them 1-2 times a week and run a weekly scan, about 10 minutes of work every week. CCleaner is also a good one for cleaning up temp or junk files as well as your registry.

If you think you have a problem there is a good site which I havent used in a while that does an online scan http://housecall.trendmicro.com/

EDIT: I dont use norton because it is a resource hog, especially on older computers with smaller cpu's and ram, it will really slow down your pc when doing other things which are cpu intensive like games, editing, etc.

 - don
Joined: 4/23/2009
Msg: 24
Malware: References/Solutions
Posted: 5/13/2009 12:14:55 AM
Here it is:

Download & Install Secunia PSI (free)-EXCELLENT VULNERABILITY SCANNER w/AUTO FIX OPTIONS
-Very easy to use
Info: http://secunia.com/vulnerability_scanning/personal/
Direct to download: http://secunia.com/PSISetup.exe

Optional:
Get nCleaner- Seriously VERY NICE APP, Has options to help you secure your machine.
One of the biggest issues w/windows is running un-necessary services, and excessive un-necessary/dangerous comm. over the Internet among many others
>nCleaner will help disable those services -CHOOSE THE RECOMMENDED SETTINGS & Google before you use the other settings

ONE OF THE BEST:
http://secunia.com/
http://secunia.com/vulnerability_scanning/
http://secunia.com/vulnerability_scanning/personal/
-------------------------------------------------------------------------
http://www.securityfocus.com/
http://www.securityfocus.com/vulnerabilities
========================================
http://www.getsafeonline.org/nqcontent.cfm?a_id=1179
========================================

Sysinternals Suite -or- Autoruns & SIW will give you Info about your machine and what's going on inside & options to fix/modify
Info
>Sysinternals Suite: http://technet.microsoft.com/en-us/sysinternals/bb842062.aspx
>Autoruns: http://technet.microsoft.com/en-us/sysinternals/bb963902.aspx

>SIW: http://www.gtopala.com/siw-download.html
Direct Download: http://www.gtopala.com/download/siw.exe



<div class='quote'>
There are many free programs out there, most are of little or no use to anyone. Spybot - Search & Destroy, Ad-Aware, AVG and SpywareBlaster are about the only things I've used for years without any problems at all. Just update them 1-2 times a week and run a weekly scan, about 10 minutes of work every week. CCleaner is also a good one for cleaning up temp or junk files as well as your registry.

A Hardware Firewall(Router) is a MUST, Blocks a lot of what software firewalls miss-Linksys is excelent

2 Great free Apps: Immunization & Scanning
Spybot -more advanced
Spyblaster-easy to use

CCleaner is great too!
 AlphaAsh
Joined: 4/8/2009
Msg: 25
Norton unsafe?
Posted: 5/13/2009 3:45:24 AM
Back in the days of DOS and Windows 3.1, Norton's tools were one of few choices for keeping your PC's performance optimised. And they were pretty good.

Things changed. Norton's tools are resource hogs, no matter what PC you run them on. And like a lot of bucketware (software that ships free with everything) they're now more intrusive than the stuff they're trying to protect you from! I don't know how many times I've had to fix a family member's PC and the issue has been Norton itself, not spyware or virii.

From personal experience, avoid it. Find something a lot less intrusive. For anti-virus try AVG Free as recommended elsewhere in this thread. It now also catches a lot of spyware and cookies too.

Windows Firewall is adequate as long as you're behind a secured router (a hardware firewall), otherwise it is a good idea to use something else.

As for spyware zapping, there's lots of good stuff already mentioned in this thread. Just be aware that a favorite way of delivering spyware is by hiding it in so-called anti-spyware apps. Be careful.
Show ALL Forums  > Technology/Computers  > Norton unsafe?