Continued attacks

I just reinstalled (clean install) Windows XP for the 5th
time. Although I'm taking precautions, it appears that
these are not enough, because everytime I connect to the
Internet (particularly with Earthlink) I am hit by a
particularly nasty virus (most recently all my profiles
were completely corrupted). I will now wait until I
receive my service pack CD's by mail. Two questions:

Is it possible to be specifically targeted (although I
can't possibly imagine why), how is this done, and how do
I protect myself?

Also, I will be reinstalling Norton AV 2004 and running
Live Update, downloading Spybot again, and once the latest
CD has been installed (patches through 10/03), running
Windows Update. Any recommendations on which order I
should do the above?

Dave
Fri Feb 27 14:41:14 CST 2004

its unlikely you are being directly targeted, but it only takes a minute or
two for a scan to find unprotected machines and infect them.

the service pack cd is a start. get the latest new security update cd that
just came out also.

step #1 should be to install a firewall. at least turn on and block
everything with the xp firewall. i prefer the zonealarm firewall, the free
version is just fine. the xp one should be good enough to stop the scans
long enough to download zonealarm and all the patches you need.

"Susan" <anonymous@discussions.microsoft.com> wrote in message
news:357401c3fd70$33e58470$a401280a@phx.gbl...
> I just reinstalled (clean install) Windows XP for the 5th
> time. Although I'm taking precautions, it appears that
> these are not enough, because everytime I connect to the
> Internet (particularly with Earthlink) I am hit by a
> particularly nasty virus (most recently all my profiles
> were completely corrupted). I will now wait until I
> receive my service pack CD's by mail. Two questions:
>
> Is it possible to be specifically targeted (although I
> can't possibly imagine why), how is this done, and how do
> I protect myself?
>
> Also, I will be reinstalling Norton AV 2004 and running
> Live Update, downloading Spybot again, and once the latest
> CD has been installed (patches through 10/03), running
> Windows Update. Any recommendations on which order I
> should do the above?
>
>
>
>

N
Fri Feb 27 20:14:45 CST 2004

In article <357401c3fd70$33e58470$a401280a@phx.gbl>,
anonymous@discussions.microsoft.com says...
> I just reinstalled (clean install) Windows XP for the 5th
> time. Although I'm taking precautions, it appears that
> these are not enough, because everytime I connect to the
> Internet (particularly with Earthlink) I am hit by a
> particularly nasty virus (most recently all my profiles
> were completely corrupted). I will now wait until I
> receive my service pack CD's by mail. Two questions:
>
> Is it possible to be specifically targeted (although I
> can't possibly imagine why), how is this done, and how do
> I protect myself?
>
> Also, I will be reinstalling Norton AV 2004 and running
> Live Update, downloading Spybot again, and once the latest
> CD has been installed (patches through 10/03), running
> Windows Update. Any recommendations on which order I
> should do the above?

When I helped a friend set up a DSL connection with a Windows XP computer
(my first experience with XP), the first thing I did was to enable the
ICF...before I took it online. I went to the MS Windows Update site and got
his system patched, then went to Symantec and got everything caught up.
Nothing happened, but I was plenty nervous; much more that when I go online
here. I am behind a NAT router, and recommended to him to get one. I guess I
wasn't alone; he already had some ideas from another friend of his.

He had that NAT router installed the day after I set him up.

Without a NAT router, the first priority on a Windows install is to make
sure the ICF, or some other firewall, is in place before connecting to the
Internet. It appears that the native ICF is good enough to cover you during
the updates.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Lanwench
Sat Feb 28 10:58:52 CST 2004

N. Miller wrote:
<snip>
Without a NAT router, the first priority on a Windows install is to
> make sure the ICF, or some other firewall, is in place before
> connecting to the Internet. It appears that the native ICF is good
> enough to cover you during the updates.

Note that NAT alone may not be good enough to protect your network - I'd
recommend a hardware firewall/router appliance that does stateful packet
inspection - the NetGear FR114P is about $80 USD.

anonymous
Sun Feb 29 15:11:08 CST 2004

LinkSys BEFSX41. Firewall router. Cisco group.

Just HAD togive MY alternative ;)

anonymous
Sun Feb 29 15:21:05 CST 2004

Yes, you COULD be specifically targeted. But I'm also doubtful about that. Do you have anyone really hating you? Getting your IP is easy. Setting up a system to attack you is not that hard either. Someone REALLY gotta hate you if that is the case ;
Ordianry hacking could be it too. Depends over what time period you have been reinstalling. Hackers set up system to scan on certain IP ranges and if your on that range then..

N
Mon Mar 01 01:27:27 CST 2004

In article <OZp5d2h$DHA.2660@TK2MSFTNGP10.phx.gbl>,
lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
> N. Miller wrote:
> <snip>
> Without a NAT router, the first priority on a Windows install is to
> > make sure the ICF, or some other firewall, is in place before
> > connecting to the Internet. It appears that the native ICF is good
> > enough to cover you during the updates.
>
> Note that NAT alone may not be good enough to protect your network - I'd
> recommend a hardware firewall/router appliance that does stateful packet
> inspection - the NetGear FR114P is about $80 USD.

Every NAT router that I have used had a firewall feature; I don't recall
that I even found one without it. I've had a Linksys BEFSR11, which was
flaky, an SMC Barricade, which died some time after I installed an
unsupported (in the U.S.; it was officially supported in EU) firmware
upgrade, and currently am running the Netgear FR114P.

Only the later firmware updates (an earlier U.S. supported version) on the
Barricade and the Netgear have SPI. The original Barricade firmware version,
and the Linksys lacked SPI; though I haven't checked the latest firmware
version for that model (should be the same as for the BEFSR41 and BEFSR81).

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

N
Mon Mar 01 01:31:07 CST 2004

In article <6E05EEEA-E894-4848-B569-C75BF6604AB7@microsoft.com>,
anonymous@discussions.microsoft.com says...
> Yes, you COULD be specifically targeted. But I'm also doubtful about that.
> Do you have anyone really hating you? Getting your IP is easy. Setting up
> a system to attack you is not that hard either. Someone REALLY gotta hate
> you if that is the case ;P

And know specifically where you are; if you have a dynamically assigned IP
address, though, they would need to use some "social engineering" to try to
induce you to install a Trojan horse program.

> Ordianry hacking could be it too. Depends over what time period you have
> been reinstalling. Hackers set up system to scan on certain IP ranges and
> if your on that range then...

Broadband/Highspeed access IP address pools are favored for such scans.
Finding a vulnerable computer on a high speed connection is the goal.

--
Norman
~Win dain a lotica, En vai tu ri, Si lo ta
~Fin dein a loluca, En dragu a sei lain
~Vi fa-ru les shutai am, En riga-lint

Lanwench
Mon Mar 01 18:03:14 CST 2004

I have always preferred the Netgear products (mainly for their interface &
support), but yes, that model Linksys is indeed a firewall. We'll see what
Cisco changes in the Linksys products...and how support improves!

WayuU wrote:
> LinkSys BEFSX41. Firewall router. Cisco group.
>
> Just HAD togive MY alternative ;)

Lanwench
Mon Mar 01 18:03:39 CST 2004

NAT != firewall, but it's better than nothing at all.

N. Miller wrote:
> In article <OZp5d2h$DHA.2660@TK2MSFTNGP10.phx.gbl>,
> lanwench@heybuddy.donotsendme.unsolicitedmail.atyahoo.com says...
>> N. Miller wrote:
>> <snip>
>> Without a NAT router, the first priority on a Windows install is to
>>> make sure the ICF, or some other firewall, is in place before
>>> connecting to the Internet. It appears that the native ICF is good
>>> enough to cover you during the updates.
>>
>> Note that NAT alone may not be good enough to protect your network -
>> I'd recommend a hardware firewall/router appliance that does
>> stateful packet inspection - the NetGear FR114P is about $80 USD.
>
> Every NAT router that I have used had a firewall feature; I don't
> recall that I even found one without it. I've had a Linksys BEFSR11,
> which was flaky, an SMC Barricade, which died some time after I
> installed an unsupported (in the U.S.; it was officially supported in
> EU) firmware upgrade, and currently am running the Netgear FR114P.
>
> Only the later firmware updates (an earlier U.S. supported version)
> on the Barricade and the Netgear have SPI. The original Barricade
> firmware version, and the Linksys lacked SPI; though I haven't
> checked the latest firmware version for that model (should be the
> same as for the BEFSR41 and BEFSR81).