Firefox, AVG, and Infections

"W. eWatson" <wolftracks@invalid.com> wrote in message
news:h7uig1$bcc$1@news.eternal-september.org...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> FromTheRafters wrote:<!--coloro:green--><span style="color:green <!--/coloro-->
>> "W. eWatson" <wolftracks@invalid.com> wrote in message
>> news:h7qrsc$i3r$1@news.eternal-september.org...
>><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> A question remains. What is wrong with AT&T/Yahoo's protection? I
>>> can assure you that I do not run around looking for oddball exe
>>> files to download and open.
>>>
>>> If no one knows, I think I'll ask them.<!--colorc--><!--/colorc-->
>>
>> No matter what somebody else does on their computer(s) to combat the
>> spread of malware to you, you still need *antivirus* software to run
>> locally. Some folks substitute strict safe practices with antimalware
>> applications, mostly to clean up after themselves post infestation,
>> but also resident protection mechanisms to 'save their bacon' whilst
>> they ignore safe practices.
>>
>> So, nothing may be *wrong* with their filtering. It will ultimately
>> be your responsibility to protect yourself either way.<!--colorc--><!--/colorc-->
> I think my post suggests that. Nevertheless, the absence of any such
> statement by AT&T almost suggests they are giving one full protection.<!--colorc--><!--/colorc-->

Indeed, and whatever AV vendors' software they use is probably
advertized as a "solution". Just saying it is a solution (or full
protection) doesn't make it so, and those that understand the problem
know better than to believe such bold claims. The bottom line is that
such programs are tools to aid you, rather than software to replace you,
in your quest to remain malware free. By trying to relieve the user of
the onus of maintaining security, they encourage bad behavior and worsen
the overall problem.
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> They seem to be making a good attempt at it. I haven't yet added their
> Security Monitor, Suite, Monitor ... whatever they call it.<!--colorc--><!--/colorc-->

It is almost always helpful to have some filtering going on. Reducing
your exposure to malware gives you less chances to infest yourself.
Still, some will get through - giving you that opportunity. Then, it is
up to you - again.
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> Interestingly, I had started to install it, and realized I didn't have
> time to do it, so began to cancel. I received a msg that I would have
> download it again if I did. I guess that's smart so as not to somehow
> avoid some infection. Nothing disturbing, just never had that happen
> during a download, for example, Google Earth.<!--colorc--><!--/colorc-->

Funny, they are astute enough to know that cancelling a download will
cancel the download.

"gasp - - you will not be "fully protected" by our "solution" if you
cancel this download!" P

 

....
Well, thanks for the replies. The interleaving has gotten a bit deep.
Let me gather your recent responses here in one place. After this post,
and maybe my response to your next post, I'm dropping the thread in
favor of a new one on having someone look at my vault. I have a personal
rule about threads, which is that if the problem isn't solved after
about five of my responses, start again. I've gone a bit over it here,
so it's about time to follow my rule. WW is my response.
===========Collected from Above============
(total protection) That's certainly a gross understatement I'm afraid.
WW: Yes, but one would hope that AT&T/Yahoo might might be expected to
comment on it's not 100%, and suggest some vigilance they cannot
provide. Undoubtedly marketing stepped in, or I missed it.

(Thunderbird)When I last looked, you were at 2.0.0.23 - that part is OK.
WW: Yep.

(My avoidance of msgs from unknowns) It's highly probable that your ISP
/is/ doing a malware check. How thorough is debatable though. However
it could be adequate. As may have been pointed out by others, what you
download from those you know can be just as dangerous.
WW: It worked for a very, very long time though when I was on my own.

(AT&T firewall) Unless you own or lease your /hardware/ firewall from
your ISP the your protection is probably mostly imagined. Probably only
a minuscule few ports are blocked. Sorry!

(AT&T and potential weakness of them to prevent infections through web
sites) Although the assessment of being on your own is quite accurate,
your following move was ill advised. At least you'll be able to
uninstall the McAfee software once you've learned your lesson. And now,
won't you have two different antivirus engines going? This too is not
advised. Yes - they probably "give" away the McAfee software for free.

I should have asked earlier - who is your ISP?
WW: AT&T/Yahoo. It makes sense to me to have two engines running on the
mail, since I use Tbird, and as AT&T pointed out, they don't protect
that route.

(On AVG Help for vault) Although many here do run AVG, it seems nobody
has experienced what you see or they aren't coming forward. Hence, I'd
suggest you lurk or join the AVG forum:

<http://forums.avg.com/>
WW: Perhaps so, but I'll pick up on this with a new thread soon.

(SP3) What might be keeping you from updating to service pack 3 and all
its subsequent fixes? Your amount of ram is good.
WW: If I allow MS to continually provide updates isn't that the same as
using SP3?

(McAffee Monitor or whatever AT&T calls it) Let us know when you've had
enough of McAfee and we'll try to help you out.
WW: See remark above about protecting Tbird info flow. I pointed out in
another part of this thread yesterday, I waved off the download. I hope
when I restart it, the download will tell me what's in it, and that I
can be selective about what I need.
===============End=========================

Cheers...

 

W. eWatson wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> <!--coloro:green--><span style="color:green <!--/coloro-->
>>
>> I like McAfee Enterprise software.
>> McAfee's retail software (and OEM) SUCK !
>>
>> Have you installed and scanned with MBAM yet ?
>>
>>
>><!--colorc--><!--/colorc-->
> I have no idea what that is? I've pretty much solved the problem with
> FF. Using Tools->Clear Recent History seems to have done it. No
> herky-jerky any longer.
>
> I'm still looking forward to post a link to a web site that will allow
> me to post temporarily a jpg image of AVG vault. <www.pastebin.com>,
> for example, but that's for collaborative debugging of (text) programs.<!--colorc--><!--/colorc-->
Well, Google answered the MBAM question. I'll put it on my to-do list
(further reading) while I still try to get an answer about the vault.

 

W. eWatson wrote:<!--coloro:blue--><span style="color:blue <!--/coloro-->
> ...
> Well, thanks for the replies. The interleaving has gotten a bit deep.
> Let me gather your recent responses here in one place. After this post,
> and maybe my response to your next post, I'm dropping the thread in
> favor of a new one on having someone look at my vault. I have a personal
> rule about threads, which is that if the problem isn't solved after
> about five of my responses, start again. I've gone a bit over it here,
> so it's about time to follow my rule. WW is my response.
> ===========Collected from Above============
> (total protection) That's certainly a gross understatement I'm afraid.
> WW: Yes, but one would hope that AT&T/Yahoo might might be expected to
> comment on it's not 100%, and suggest some vigilance they cannot
> provide. Undoubtedly marketing stepped in, or I missed it.
>
> (Thunderbird)When I last looked, you were at 2.0.0.23 - that part is OK.
> WW: Yep.
>
> (My avoidance of msgs from unknowns) It's highly probable that your ISP
> /is/ doing a malware check. How thorough is debatable though. However
> it could be adequate. As may have been pointed out by others, what you
> download from those you know can be just as dangerous.
> WW: It worked for a very, very long time though when I was on my own.
>
> (AT&T firewall) Unless you own or lease your /hardware/ firewall from
> your ISP the your protection is probably mostly imagined. Probably only
> a minuscule few ports are blocked. Sorry!
>
> (AT&T and potential weakness of them to prevent infections through web
> sites) Although the assessment of being on your own is quite accurate,
> your following move was ill advised. At least you'll be able to
> uninstall the McAfee software once you've learned your lesson. And now,
> won't you have two different antivirus engines going? This too is not
> advised. Yes - they probably "give" away the McAfee software for free.
>
> I should have asked earlier - who is your ISP?
> WW: AT&T/Yahoo. It makes sense to me to have two engines running on the
> mail, since I use Tbird, and as AT&T pointed out, they don't protect
> that route.
>
> (On AVG Help for vault) Although many here do run AVG, it seems nobody
> has experienced what you see or they aren't coming forward. Hence, I'd
> suggest you lurk or join the AVG forum:
>
> <http://forums.avg.com/>
> WW: Perhaps so, but I'll pick up on this with a new thread soon.
>
> (SP3) What might be keeping you from updating to service pack 3 and all
> its subsequent fixes? Your amount of ram is good.
> WW: If I allow MS to continually provide updates isn't that the same as
> using SP3?<!--colorc--><!--/colorc-->

Sadly no. As an added bonus, your Windows Updates will halt on
12-APR-2010 as SP2 will no longer be supported if you don't install SP3.
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> (McAfee Monitor or whatever AT&T calls it) Let us know when you've had
> enough of McAfee and we'll try to help you out.
> WW: See remark above about protecting Tbird info flow. I pointed out in
> another part of this thread yesterday, I waved off the download. I hope
> when I restart it, the download will tell me what's in it, and that I
> can be selective about what I need.<!--colorc--><!--/colorc-->

You really don't won't any part of it I suspect.
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> ===============End=========================
>
> Cheers...<!--colorc--><!--/colorc-->

If you don't have a good NAT router between your DSL modem and
computer, you should consider doing this soon.

As was pointed out before, Avira's AntiVir Personal is superior to
AVG. If at some point you haven't resolved your situation with AVG,
you should consider Avira.

--
1PW

 

<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
>> Cheers...<!--colorc--><!--/colorc-->
>
> If you don't have a good NAT router between your DSL modem and
> computer, you should consider doing this soon.
>
> As was pointed out before, Avira's AntiVir Personal is superior to
> AVG. If at some point you haven't resolved your situation with AVG,
> you should consider Avira.
> <!--colorc--><!--/colorc-->

I'll have more to say on that (Avira) in a moment. Somehow most seem to
think I'm stuck on AVG. I had downloaded maybe a year ago and it was handy.

I'll look up NAT router on Google in a minute.

This is the end of this thread, as far as I'm concerned. I'll be
starting a new one related to it soon. Stay tuned.

Until next time ...

 

From: "W. eWatson" <wolftracks@invalid.com>

<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro--><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
>>> Cheers...<!--colorc--><!--/colorc--><!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
>> If you don't have a good NAT router between your DSL modem and
>> computer, you should consider doing this soon.<!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->
<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
>> As was pointed out before, Avira's AntiVir Personal is superior to
>> AVG. If at some point you haven't resolved your situation with AVG,
>> you should consider Avira.<!--colorc--><!--/colorc--><!--colorc--><!--/colorc-->


| I'll have more to say on that (Avira) in a moment. Somehow most seem to
| think I'm stuck on AVG. I had downloaded maybe a year ago and it was handy.

| I'll look up NAT router on Google in a minute.

| This is the end of this thread, as far as I'm concerned. I'll be
| starting a new one related to it soon. Stay tuned.

| Until next time ...

Plaese do NOT keep creating new threads.

Plaese stick to the thread you have created to keep the full discussion contiguous.
It has already become fragmented :-(

NAT Router -- A Router that perform Network Address Translation (NAT) to provide routing
between private address schemes like 192.168.0.0 to a WAN node.

NAT Routers by nature do simplistic FireWall capabilities and can be told to specifically
allow or deny traffic. For exmaple to specifically block all NetBIOS over IP traffic.

An example of this capability is to block NetBIOS message that would often come as spam
PopUp to the PC. While WinXP Sp2 turned off the "Messenger Service", a Windows PC drectly
connected to the Internet with "Messenger Service" enabled can receive a NetBIOS PopUp
message such as by using the "NET SEND " command. A PC behind a NAT Router with the
"Messenger Service" enabled will not receive such messages.

--
Dave

Multi-AV -

 

"David H. Lipman" wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro-->
> NAT Routers by nature do simplistic FireWall capabilities and can
> be told to specifically allow or deny traffic. For example to
> specifically block all NetBIOS over IP traffic.<!--colorc--><!--/colorc-->

Another way to explain it is that a NAT router will block all
unsolicited traffic originating from the internet from reachine any PC's
on the lan side of the router, with the possible exception of ICMP
packets (ping requests) and even those can be blocked.

There is basically nothing that a software firewall does regarding
in-bound packet-blocking that is not performed more efficiently and
reliably by a NAT-router.

Most people will have their PC's behind a NAT-router these days and not
even know it, because most ISP's ship their DSL or cable modems with NAT
turned on by default.

If someone wanted to know if their PC is behind a NAT-router, all they
have to do is open a command shell (dos prompt) and enter the command
"ipconfig".

Look for this line:

IP Address . . . . . . . . . . . . . : xxx.xxx.xxx.xxx

If you see any of these:

IP Address . . . . . . . . . . . . . : 10.xxx.xxx.xxx
IP Address . . . . . . . . . . . . . : 172.16.xxx.xxx -
172.31.xxx.xxx
IP Address . . . . . . . . . . . . . : 192.168.xxx.xxx

Then you're already behind a NAT router.

If NAT functionality were more prevalent (or enabled) on DSL and cable
modems during the years 2000 through 2004, we wouldn't have had the
explosion of botnets and spam that occurred because of how Windows 2K
and XP were extremely vulnerable to exploitation during those years.

 

In article <4AA5CE35.3DEC897A@Guy.com>, Virus@Guy.com says...<!--coloro:blue--><span style="color:blue <!--/coloro-->
> There is basically nothing that a software firewall does regarding
> in-bound packet-blocking that is not performed more efficiently and
> reliably by a NAT-router.
> <!--colorc--><!--/colorc-->

Actually, that's misleading. Most software firewalls, ones running on
your computer, are misconfigured by default. Many of them are preset to
allow file sharing, and each time you install an application they may
create a hole that could be exploited.

Also, if there is an exploit in the OS it could lead to compromise.

One last threat - running as a local administrator level account,
malware can insert or disable the windows firewall.

If a person has a NAT router they won't suffer the above exploit paths
at the router unless they pole "holes" through the NAT rules - by
default there are none in most NAT routers.

Most NAT routers can detect various attack methods and block that
source, some soft firewall can do that.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)

 

Leythos wrote:
<!--coloro:blue--><span style="color:blue <!--/coloro--><!--coloro:green--><span style="color:green <!--/coloro-->
> > There is basically nothing that a software firewall does
> > regarding in-bound packet-blocking that is not performed
> > more efficiently and reliably by a NAT-router.<!--colorc--><!--/colorc-->
>
> Actually, that's misleading. <!--colorc--><!--/colorc-->

I just said that a NAT-router is better than a software firewall with
respect to in-bound connection filtering.

You go on to claim basically the same thing.

So how is what I said misleading?

 

In article <4AA66420.C74843F3@Guy.com>, Virus@Guy.com says...<!--coloro:blue--><span style="color:blue <!--/coloro-->
>
> Leythos wrote:
> <!--coloro:green--><span style="color:green <!--/coloro--><!--coloro:darkred--><span style="color:darkred <!--/coloro-->
> > > There is basically nothing that a software firewall does
> > > regarding in-bound packet-blocking that is not performed
> > > more efficiently and reliably by a NAT-router.<!--colorc--><!--/colorc-->
> >
> > Actually, that's misleading. <!--colorc--><!--/colorc-->
>
> I just said that a NAT-router is better than a software firewall with
> respect to in-bound connection filtering.
>
> You go on to claim basically the same thing.
>
> So how is what I said misleading?<!--colorc--><!--/colorc-->

I provided details on how/why, so that people could learn from it
instead of just assuming that all soft firewalls are bad.

As an example, if I was to install a Soft firewall on a limited gateway
PC acting as a firewall for my lan, depending on the soft firewall
choice, it might provide better protection should I decide to open a few
port for inbound connections.

--
You can't trust your best friends, your five senses, only the little
voice inside you that most civilians don't even hear -- Listen to that.
Trust yourself.
spam999free@rrohio.com (remove 999 for proper email address)