OK, So I did the ShieldsUp test and (Grc.com) my computer firewall security passed the tests. Most ports were stealth, etc etc.

We have a network that is protected by a firewall router. I have my own computer connected to the network. I personally use Zone Alarm.

Question #1: Assuming that all my programs are clean (No malware, trojans, viruses), am I relatively safe from "External attacks? (Hackers//ScriptKiddies//Etc)

Question #2: Would using a P2P program, such as Azureus//bittorrent, *Significantly increase my *external security vulnerabilities? (Assuming I don't ever download virus's or trojans)

(Some P2P programs (I use Azureus//bittorrent), require you to open ports for TCP & UDP (You can choose any number.)

For example, If I were to go into my network settings (Physical firewall) and allowed port 123456 to be open and set my ZoneAlarm port 123456 to be open: ALSO, the program requires that I allow Azureus.exe to act as a server.)


Question #3: What If I open ports for the P2P program? Would this make a difference?


Thanks, and I'd really appreciate any feedback as to I always had these questions run in the back of my mind but I had never had them answered.

#1. Yes. Just practice updating your software in order to stay safe from exploits. This includes stuff like OS, Java, Flash, Quicktime. Also using alternative browsers to IE would lessen your chances of getting infected (no ActiveX).

#2. No.

#3. No. Only difference is your P2P application works better when it has full connectivity to Internet.

Just remember to use antivirus software too :)

1) Your router protects you from outside threats.

2) using P2P greatly increases your computers risk. Lots of P2P software itself comes with ad/spyware. Even worse....people intentionally alter the content of downloads...they create poisoned downloads. You think you're getting an album for free, or a movie for free..or Windows Server or whatever for free..but it's been...well, it has a special little package in it which will help itself to your system when you try to run/play it.

3) older home grade broadband routers crumble under the heavy concurrent loads P2P traffic puts on them..newer higher performing ones do better....more CPU/RAM.

{QUOTE-> using P2P greatly increases your computers risk. Lots of P2P software itself comes with ad/spyware. <-QUOTE}

Stick to Scene material, and there is no risk for that. Scene releases never have malware.

Terrible things will happen to you and your family if you use p2p.

Plague, flood and hair loss will strike you.
You and your first born son will be cursed to eternity. :lurking:

Seriously, just don't click happily to anything you might download. Opening ports is natural and that's how p2p programs are supposed to work (yes, they need server rights too). Don't bother in dreaming evil hackers trying to hack into your PC. Well, unless you are working for the Pentagon... Theoretically, if the p2p program you use has a vulnerability, it could allow someone from outside to send you malware in. But if you keep your client updated, it's like risking being hit by meteorite while walking on the street.

The only risk from p2p, is from the files you download. They may be malware in disguise. So, scan then with multiple antivirus (like jotti's) and if you are paranoid about it, use a HIPS or behaviour blocker.

{QUOTE-> Stick to Scene material, and there is no risk for that. Scene releases never have malware. <-QUOTE}

Yeah screensaver kits have never been known to have NewDotNet.

{QUOTE-> Terrible things will happen to you and your family if you use p2p.

Plague, flood and hair loss will strike you.
You and your first born son will be cursed to eternity. :lurking: <-QUOTE}

The correlation between computers that run P2P...and being infested with malware...is easy to see when you're in the computer support field for many years. It's not worrying about someone trying to hack into your PC...it's the DNS/winsock injections that result from malware, crap like that.

{QUOTE-> The correlation between computers that run P2P...and being infested with malware...is easy to see when you're in the computer support field for many years. It's not worrying about someone trying to hack into your PC...it's the DNS/winsock injections that result from malware, crap like that. <-QUOTE}

And pray tell sir, was it the p2p's program fault (assuming he doesn't use spyware clients of course) or was it the user's fault who clicks on anything, be it an infected mail attachment or a game crack that happens to be a virus?

You can get killed driving at 60 km/h because you are a bad driver and you can drive at 130 km/h without an accident because you are a good driver. Don't blame the car, blame the driver.

I have been running p2p programs for over 10 years and have never been hacked or infected via the p2p program. And i suspect that most of the million users out there have the same experience, otherwise by now the internet fora would be full of panic by Torrent/emule users that get hacked through their clients. Thankfully, this is not the case.

As any other internet activity, p2p is perfectly safe, much safer than visiting with IE porn sites for example. So there is no need to terrorize people about the soul eating Azureus' frog. ;D

I can correlate high infection rate with users that download "screensavers" (with extra gift it) from infected sites. Should i assume that using screensavers is dangerous?

Thanks for all the replies guys!

So what I'm getting is this:

Key Point #1:

*In terms of Firewall & Hacker Security:
*As long as you have a firewall (Hardware, Software), you don't really have to worry about external threats in the form of hacker attacks. (*Assuming your computer is clean of malware)


Key Point #2:

*The only "real" threat is FILES you download, whether from P2P or Website etc. (In the form of trojans, malware, worms etc) that CAN GIVE ACCESS to hackers etc.



Question #1: Are my key points correct?



Question #2: What if I leave my P2P program running 24/7, indefinately?
Is this also relatively safe?



ps.. i dont mean to do the capitalizing some of the words but I have a bad habit of doing that :)

{QUOTE-> Thanks for all the replies guys!

So what I'm getting is this:

Key Point #1:

*In terms of Firewall & Hacker Security:
*As long as you have a firewall (Hardware, Software), you don't really have to worry about external threats in the form of hacker attacks. (*Assuming your computer is clean of malware) <-QUOTE}

IMO...hardware firewalls period. I will not support a clients computer without it behind behind a NAT router. Software firewalls can be (and have been) compromised..their services can break, fail to start, etc. There have been exploits out there which can knock down software firewalls. This is far far less likely to happen if you're behind a NAT box. Having a PC plugged directly into a broadband modem gives it a public IP address..it takes less than a minute for your PC to be under attack from <whatever>...worms/trojans, exploits, etc.

P2P software..if you do any sharing..you're basically opening up a folder on your hard drive. I wouldn't want to do that. Downloading purposes only..yes...whatever you download...can have the potential of being poisoned..it is happening out there...there are pranksters who poison files and offer them up to share on P2P services...it's grown into another avenue of infecting computers, turning them into bots, etc. Not to mention..some P2P programs themselves have ad/spyware in them.

Hello,

1. Yes, you're safe.
2. No, you're not increasing your exposure. Just don't download crap and execute every which file.
3. P2P must open ports, but this is nothing unusual. If any vulnerabilities are found, simply update the software.

Mrk

{QUOTE-> Yeah screensaver kits have never been known to have NewDotNet. <-QUOTE}
This is a joke, right? You do know that "scene material" refers to stuff released by established warez groups? Groups that do the ripping/cracking etc. naughty stuff?


And I agree with Mrkvonic's last post. With torrents you are not sharing any directories, just the files in that torrent. As long as the software is kept up-to-date, you are fine. When it comes to other major P2P apps, like eMule, just pay attention to what folders are shared. (And AFAIK eMule doesn't by default even sahre others than its partial/completed download folders.)

And like Fuzzfas, I've so far been able to keep myself safe. Just use common sense. And the advice given here. YeOldeStonecat represents the cautious side here, however in my opinion there is a very thin line between caution and paranoia :)

thanks for the replies everyone. very helpful information...



{QUOTE-> Hello,

1. Yes, you're safe.
2. No, you're not increasing your exposure. Just don't download crap and execute every which file.
3. P2P must open ports, but this is nothing unusual. If any vulnerabilities are found, simply update the software.

Mrk <-QUOTE}




What if I were to leave my P2P on 24/7 indefinately?

Would this make a difference?

I have run bittorrents 24/7 for the last... at least three years. As I said previously, stay with Scene material, recognized groups, and preferrably private trackers, and there is no malware to be infected with. Download something random from Pirate Bay, then yes, perhaps there can be malware in it, but not if it's Scene.

And sure someone might theoretically hack your system when you have one out of 50,000+ ports open... but then again, lightning might hit your head next time you're out in the rain. About the same chance.

{QUOTE->
And sure someone might theoretically hack your system when you have one out of 50,000+ ports open... but then again, lightning might hit your head next time you're out in the rain. About the same chance. <-QUOTE}

All the replies so far was excellent. Although this is one of the most stress relieving replies. THis analogy makes me understand more about how secure we really are. although, u never want to feel... too safe :)


{QUOTE-> I have run bittorrents 24/7 for the last... at least three years. As I said previously, stay with Scene material, recognized groups, and preferrably private trackers, and there is no malware to be infected with. Download something random from Pirate Bay, then yes, perhaps there can be malware in it, but not if it's Scene. <-QUOTE}


Scene material, recognized groups, private trackers...

can you elaborate?

I think One of those items relates to established sites where you need to register. But I'm unfamiliar with the other two.

A bit of reading:

http://en.wikipedia.org/wiki/The_Scene

http://en.wikipedia.org/wiki/Warez

Not condoning copyright crime here, but just an example:

The movie Meet.The.Spartans.UNRATED.DVDR-Counterfeit or the game Donkey.Xote-RELOADED are released by the Scene groups Counterfeit and RELOADED, respectively. Those releases conform to the very strict rules enforced by the Scene, and there is a lot of prestige and competition in between release groups, so they do their best to follow them, and malware is not allowed in any such releases. If you get things released by Scene groups, malware will not be found in it.

On the other hand, if you Google around randomly and find meetthespartans.avi somewhere, without any more information, who knows what it can really be?

Most private trackers allow only Scene material, and are therefore malware-free.

Examples of private trackers:

Invite only (harder to get into):

http://torrentfreak.com/most-coveted-private-torrent-sites-2008-080330/

Open trackers:

http://btracs.com/

{QUOTE-> A bit of reading:

http://en.wikipedia.org/wiki/The_Scene

http://en.wikipedia.org/wiki/Warez

Not condoning copyright crime here, but just an example:

The movie Meet.The.Spartans.UNRATED.DVDR-Counterfeit or the game Donkey.Xote-RELOADED are released by the Scene groups Counterfeit and RELOADED, respectively. Those releases conform to the very strict rules enforced by the Scene, and there is a lot of prestige and competition in between release groups, so they do their best to follow them, and malware is not allowed in any such releases. If you get things released by Scene groups, malware will not be found in it.

On the other hand, if you Google around randomly and find meetthespartans.avi somewhere, without any more information, who knows what it can really be?

Most private trackers allow only Scene material, and are therefore malware-free.

Examples of private trackers:

Invite only (harder to get into):

http://torrentfreak.com/most-coveted-private-torrent-sites-2008-080330/

Open trackers:

http://btracs.com/ <-QUOTE}



Very interesting stuff and good information. It reminds me of IRC back in the day when I first got the internet. I think it was Efnet that me and my cousin were really into... Bots, OP status, networking etc etc... it was fun stuff.

I guess that was like PRE- The Scene. Its always interesting how things evolve over time..


{QUOTE->
Most private trackers allow only Scene material, and are therefore malware-free. <-QUOTE}


What about established open trackers like http://btracs.com/,

Are these open trackers mostly Scene material // malware-free?
(VS piratebay or random google torrents)

BTRACS isnt a tracker. Its just a page that shows which other bittorrent sites are open for signup.

Sorry, what I meant were if those open sites from http://btracs.com/ were as clean of malware as invite only private trackers were. (The Scene Rules)


VS Piratebay, Mininova.org, or googled random torrents (We already know these are DEFINATELY not clean

{QUOTE-> thanks for the replies everyone. very helpful information...








What if I were to leave my P2P on 24/7 indefinately?

Would this make a difference? <-QUOTE}

Hello,
I've been running P2P 24/7 since about 2000 or 2001.
Didn't make a difference so far.
Mrk

{QUOTE-> Sorry, what I meant were if those open sites from http://btracs.com/ were as clean of malware as invite only private trackers were. (The Scene Rules)


VS Piratebay, Mininova.org, or googled random torrents (We already know these are DEFINATELY not clean <-QUOTE}
"Scene" releases can be available on private or public trackers (torrents), other p2p networks (edonkey), and even file hosting sites (rapidshare).

They will usually have a .nfo file and they may mention that certain files should be included to know if its a genuine release.

Yes, and the Scene hates P2P - it makes them visible, and they would rather see P2P dead and gone. The torrents are uploaded on the fastest trackers by "traitors" of the Scene, who have Scene access and then upload Scene stuff on P2P trackers. If the Scene finds out who those are, they are banned from the Scene for life, and possibly harrassed on the net. :D

{QUOTE-> "Scene" releases can be available on private or public trackers (torrents), other p2p networks (edonkey), and even file hosting sites (rapidshare).

They will usually have a .nfo file and they may mention that certain files should be included to know if its a genuine release. <-QUOTE}


Sorry, sometimes I don't elaborate my statements clearly.

I know that there are Scene releases everywhere. From P2P (Edonkey etc) to Private Torrent tracker sites. And that there are tons of viruses/trojans on P2p networks and unorganized torrent sites like piratebay, etc. And, that leaves the possibility of someone releasing a "Fake Scene release loaded with malware".


However, there are some torrent sites that are more carefully monitored and organized and ARE TOTALLY CLEAN (99%) of the torrents / files are clean.

As King Grub mentioned, it is these private invite only tracker / torrent sites that host*ONLY clean, mal-ware free torrents/files because of The Scene Rules: (http://torrentfreak.com/most-coveted...s-2008-080330/)


He also mentioned more open tracker sites that are organized, just not invite only: (http://btracs.com/)


My question was refering to those files in those open tracker sites. I was wondering if *those files were ALSO clean and free of mal-ware just as the Invite Only sites are...



{QUOTE->
Most private trackers allow only Scene material, and are therefore malware-free.

Examples of private trackers:

Invite only (harder to get into):

http://torrentfreak.com/most-coveted...s-2008-080330/

Open trackers:

http://btracs.com/

<-QUOTE}


so, King Grub, would it be relatively safe downloading from torrents from one of the open sites at http://btracs.com ? (VS piratebay or random google torrent etc etc)

Yes, membership trackers are very strict with that is being uploaded. Not anyone can upload stuff, like on Pirate Bay, but you have to apply for uploader status, and that requires Scene access. A tracker with Scene material only has genuine Scene material; anything uploaded that does not conform to the rules is forbidden (and the rules are very strict; honor amongst thieves? :D ).

Nothing is 100%, but I have never ever heard of anyone faking Scene material on a private tracker.

{QUOTE-> YeOldeStonecat represents the cautious side here, however in my opinion there is a very thin line between caution and paranoia :) <-QUOTE}

Not paranoia. But when I read a blanket statement that talks about P2P...it leaves things open like use whatever P2P software there is out there. Now I'm sure many of us who work in supporting computers for a living...can testify that they see a correlation between computers that run various P2P software...and being infested with trojans/adware/malware, etc.

Poisoning and spoofing files is on the increase. You can Google RIAA and supports poisoning.

I choose not to run P2P stuff because of a personal decision not to support piracy...that's a whole different reason...nothing related to "paranoia" at all.

Hi,

P2P has nothing to do with piracy. Like saying you don't support VCRs or DVD burners, because they support piracy.

P2P is legitimate technology. People can use it for whatever they want. Just like people decide to use guns for lawful or criminal activity.

P2P is an effective way of sharing content around the world, like Linux distros, for example. Plus, it allows exposure to rare content that you can't buy anywhere, like old Czech movies, old Yugoslav movies, books in various languages etc.

Mrk

{QUOTE->
I choose not to run P2P stuff because of a personal decision not to support piracy... <-QUOTE}
Next one may say: "I steal my music CDs because of a personal decision not to support P2P piracy". :o

Just a choke.
But morality is given by what you share not if you share with P2P software.

Cheers

{QUOTE-> Yes, membership trackers are very strict with that is being uploaded. Not anyone can upload stuff, like on Pirate Bay, but you have to apply for uploader status, and that requires Scene access. A tracker with Scene material only has genuine Scene material; anything uploaded that does not conform to the rules is forbidden (and the rules are very strict; honor amongst thieves? :D ).

Nothing is 100%, but I have never ever heard of anyone faking Scene material on a private tracker. <-QUOTE}

ahhh. I love these organized and regulated membership sites. It gives you a new found appreciation for the torrents & torrent system.

Yes, bittorrent is currently the safest the safest P2P protocol, not necessarily malware-specific, but also in the way you share you files. You never give anyone access to anything on your hard drive except the very file/files you are downloading/seeding; there is never any way for the peers you are connected to to see or access anything else on your hard drive, and there are no known vulnerabilities in the latest versions of the main bittorrent clients (uTorrent and Azureus for example).

{QUOTE-> Hi,

P2P has nothing to do with piracy.

P2P is an effective way of sharing content around the world, like Linux distros, for example. <-QUOTE}

That's a whole different arguement that can take an entire different thread to a thousand pages with peoples opinions that will not change. I disagree with "has nothing to do with piracy"...I'd state that it's one of the biggest vehicles used in music, warez, and movie distribution outside of the retail channels. The % of legit users going for legit content...versus kiddies getting pirated "stuff'...I'd wager that's more of a 10/90 ratio than 50/50.

I go through ooodles and oodles of *nix distros..can't find where the standard download from their site has ever failed me.

Hello,

Try downloading suse or fedora from the main repositories; they will usually be slow. Try bittorrent or something like that, you can get the distro in minutes.

I agree about the ratio. Now tell me, how many people used VCRs to copy movies they rented?

It's not about technology, it's about human nature.

And then, think of the positive exposure; so much rare content, forgotten art, mundane art, niche markets, all thriving because p2p brings content from millions of global users to millions more. A true sharing, a true world wide web.

Just the matter of how you see things and do things.

Downloading an occasional movie you can't get in the usual way? Well, if you feel like a criminal, then donate to local charity or arts museum and you're square.

Mrk

People do use P2P for piracy but it doesnt mean p2p was created for piracy.

P2P is a just tool that can be used for good or bad.

{QUOTE-> Not paranoia. But when I read a blanket statement that talks about P2P...it leaves things open like use whatever P2P software there is out there. Now I'm sure many of us who work in supporting computers for a living...can testify that they see a correlation between computers that run various P2P software...and being infested with trojans/adware/malware, etc.

Poisoning and spoofing files is on the increase. You can Google RIAA and supports poisoning.

I choose not to run P2P stuff because of a personal decision not to support piracy...that's a whole different reason...nothing related to "paranoia" at all. <-QUOTE}

Back to my original point about P2P content being infected..when you "think" you're downloading some bands song for free....that MP3 file is..not so friendly

http://smoothwall.com/news/newsitem.php?id=1459

http://www.avertlabs.com/research/blog/index.php/2008/05/06/fake-mp3s-running-rampant

http://www.itpro.co.uk/security/news/195672/file-sharing-infects-500000-computers.html

Which could very well be downloaded on a website. Anyway,
{QUOTE-> When a user attempts to load one of these MP3 and MPG files, they don’t get the music/video they were hoping for; instead they’re directed to download a file named PLAY_MP3.exe. <-QUOTE}
Main thing here is that, if you fear this can happen, get a program that blocks executables.
From set and forget solutions like Abtrusion Protector, free but not developed anymore, and Anti-Executable, paid, robust and really easy.
To a more evolved, and complete in other areas, SSM free and similar (HIPS).
Even built in tools like SRP (for XP Pro, or as tlu in another thread suggests, turning XP Home in Pro).

To me this is obvious, P2P or not. You run what you want to run, nothing gets executed by mistake, trickery, or remote code execution. For most activities, this should be obvious to use, if explained to the user. A pdf doesn't need to execute anything, nor mp3's, nor movies etc. Executables are programs, period.

The only things i download are from a private bittorrent sites so i am 100% safe

{QUOTE-> Back to my original point about P2P content being infected..when you "think" you're downloading some bands song for free....that MP3 file is..not so friendly

http://smoothwall.com/news/newsitem.php?id=1459

http://www.avertlabs.com/research/blog/index.php/2008/05/06/fake-mp3s-running-rampant

http://www.itpro.co.uk/security/news/195672/file-sharing-infects-500000-computers.html <-QUOTE}

Again, stay with Scene material - no infections, MP3 or not.

Thanks everyone! this is a GREAT POST about P2P and Firewall security regarding P2P

I wanted to do a quick summary of all the major points:

The basics of Firewall and P2P security:

1. Use a physical firewall ( router ) for inbound protection

2. Use a software fire wall for outbound protection:

This is to protect malware on your computer to communicating to the host information about your computer

3. The safest P2P is Bittorrent:

4. Use Azureus and Utorrent, and always keep them updated.

5. It is safe to open *the correct ports *so your P2P program can download / upload faster

P2P & Malware

1. Do not download random files from random sources

2. Use trustworthy and credible sources such as Private Trackers (Bittorrent), ED2K for Emule, etc

{QUOTE-> The only things i download are from a private bittorrent sites so i am 100% safe <-QUOTE}


Remember, nothing is 100% safe. I do believe that private bittorrent is much more regulated and safe than public open sites. Although, I do believe malware is still possible.

The only places that I can believe that is 99.99 safe is from credible retailing software distributors (Like Microsoft, etc)

(Please correct me if I am wrong)

OK, so I think I listed a summary of the major P2P and Firewall Security.

*But I don't have an understanding of how exactly can your security be breached:



{QUOTE-> ... Theoretically, if the p2p program you use has a vulnerability, it could allow someone from outside to send you malware in. But if you keep your client updated, it's like risking being hit by meteorite while walking on the street.

<-QUOTE}


Ok, you said Theoretical risk, = Low risk. But, is, in fact, possible.

So, let's continue to assume that your computer is clean and no malware:

And Let's say you ran Azureus as the P2P program (That is CLEAN).
Let's say there IS a vulnerability and you don't update or patch it.

Question #1:

Now, how *exactly does a hacker exploit that vulnerability to attack your system. What exactly is attacking your system. Does this mean they can use Azureus to *actually put malware into your computer?

*Now, in that scenario, Azureus must have *full access rights to your computer. (I think most if not all programs by default have full administrator rights)

Well, what if you run a program like Dropmyrights which *takes away administrator rights from programs.

Let's go back to the scenario, and say that we take away Azureus's administrative rights using that program.

Now, since Azureus doesn't have any rights, *even if Azureus does in fact, have a vulnerability. And even if a hacker tries to exploit it:

Question #2

*Aren't you still safe, because you've taken away Azureus's ability to compromise your system? Am I wrong here?



Now let's go one step broader:

If you took away full adminstrative rights of *all your high risk programs (Such as P2P, Internet Explorer etc) // OR use a Windows Limited User Account
http://www.wilderssecurity.com/showthread.php?t=196737


And lets say you uninstalled your firewall, and took out your router firewall. And now this leaves all your ports open.

Question #3

Would you be safe from attacks? Since none of your risk programs could be used to compromise your system (Since you've stripped all their rights away).

{QUOTE->
And lets say you uninstalled your firewall, and took out your router firewall. And now this leaves all your ports open. Question #3 Would you be safe from attacks? Since none of your risk programs could be used to compromise your system (Since you've stripped all their rights away). <-QUOTE}

If all your ports are opened up it doesn't matter, you can still get hacked. Open up your door tonight and leave it open while you sleep, same thing. Your home may have a burglar alarm (HIPS and such in the computer world), but who cares, your door is open, I'm gonna walk right on in.

Something no one is mentioning as far as safety when using P2P, and IP blocker. Other users may not see your files, but without an IP blocker, the MPAA, RIAA and other such schoolyard bullies can connect to you and prove you are sharing an illegal file. I suggest Peerguardian 2. Let that run while you download, you'll be amazed at the amount of organizations trying to connect to you, especially on a public torrent website.

As far as your other questions, that's best left to people who know more than I do.

PeerGuardian is unnecessary, when uTorrent has a built-in IP-filter. It uses the same blocklists as PG.

Just add nipfilter:

http://www.bluetack.co.uk/bims/filters/

to the uTorrent folder under Document and Settings, rename it ipfilter.dat (delete the old one), and enable ipfilter in advanced settings. Check for updates on the page above regularly. It's the very same source that PG updates from, but it doesn't interfer with normal surfing like PG.

{QUOTE-> PeerGuardian is unnecessary, when uTorrent has a built-in IP-filter. It uses the same blocklists as PG.

Just add nipfilter:

http://www.bluetack.co.uk/bims/filters/

to the uTorrent folder under Document and Settings, rename it ipfilter.dat (delete the old one), and enable ipfilter in advanced settings. Check for updates on the page above regularly. It's the very same source that PG updates from, but it doesn't interfer with normal surfing like PG. <-QUOTE}

How does it not interfere with surfing if they are blocking the same exact IP addresses? I can leave HTTP allowed in PG2 and still get interference if the IP of the website I want or a server related to it is on that list, so how can the IP filter in uTorrent get around that? Also, completely off-topic, but after all the fuss over uTorrents' issues a bit back regarding their "connections" to various organizations, and the fact that it's closed source P2P app, I'm not so sure I trust its IP filter to begin with.

{QUOTE-> If all your ports are opened up it doesn't matter, you can still get hacked. Open up your door tonight and leave it open while you sleep, same thing. Your home may have a burglar alarm (HIPS and such in the computer world), but who cares, your door is open, I'm gonna walk right on in.

<-QUOTE}


Oh wow, really?

That's kind of surprising because I couldn't imagine how exactly someone can *compromise your security via and open port *If your security has no exploitive holes
but then again, I don't have an in depth understanding of how firewalls, ports, and intrusions work.

(I'm excluding the less common possibility of a military precision team of hackers attack with super computers that can get into probably any home computer)


What about if you run Windows XP on a limited account like SunRun?
http://www.wilderssecurity.com/showthread.php?t=196737

If its not 100%, then At least running on a Limited User account is a lot safer correct?
As is in it being another layer of security in addition with your firewall. (Since your OS and all your programs are stripped away of Admin rights)

{QUOTE-> If all your ports are opened up it doesn't matter, you can still get hacked. Open up your door tonight and leave it open while you sleep, same thing. Your home may have a burglar alarm (HIPS and such in the computer world), but who cares, your door is open, I'm gonna walk right on in.
<-QUOTE}

Hi,

Your analogy is inaccurate.

If you have a service listening on a port, it does not mean you'll get "hacked." It could happen only if the service has a significant vulnerability and someone trying to hack you can exploit it to gain privileges outside the scope of the said service.

People running p2p for years have their p2p ports open - and ... does that mean they get hacked every saturday night? No, they don't.

Being afraid of the big bad wolf is counterproductive. You should study the animal and then realize things are not as dreadful as they sound.

Mrk

{QUOTE-> Hi,

Your analogy is inaccurate.

If you have a service listening on a port, it does not mean you'll get "hacked." It could happen only if the service has a significant vulnerability and someone trying to hack you can exploit it to gain privileges outside the scope of the said service.

People running p2p for years have their p2p ports open - and ... does that mean they get hacked every saturday night? No, they don't.

Being afraid of the big bad wolf is counterproductive. You should study the animal and then realize things are not as dreadful as they sound.

Mrk <-QUOTE}

I evidently don't know as much as I thought I did (which admittedly wasn't a lot to begin with), but cannot someone exploit a port that does not have a service running on it? Now, I'm using his example of having no firewall whatsoever. If you don't have one, they show as "open" correct? Now, of course you can open a port, for, let's say Emule, but once Emule is closed, the port will no longer show as open, right, just closed?

I was under the impression that an open port, service or not, was an invitation in. Pardon me while I go read up on this, I hate giving wrong advice.

{QUOTE-> Hi,

Your analogy is inaccurate.

If you have a service listening on a port, it does not mean you'll get "hacked." It could happen only if the service has a significant vulnerability and someone trying to hack you can exploit it to gain privileges outside the scope of the said service.

People running p2p for years have their p2p ports open - and ... does that mean they get hacked every saturday night? No, they don't.

Being afraid of the big bad wolf is counterproductive. You should study the animal and then realize things are not as dreadful as they sound.

Mrk <-QUOTE}




But does using Limited User Rights or a Limited User Account (such as SuRun) add another layer of protection with your firewall?

Or is that more of a malware protection layer? OR BOTH??

Hello,

If you turn your firewall off and have no services listening, all your ports will be CLOSED.

Ports are not doors as you imagine them. Ports are numbers that allow your machine to accept multiple connections. And ports alone have no meaning.

It's the services listening on different ports that could be exploited.

Now, opening port for emule ... If you use a firewall, you allow the firewall to accept unsolicited incoming connections to the particular port. This is the idea of opening the port. That;s what you call service - service coming from the word server.

Open port = server, as simple as that ...

I'm not going to go into details regarding TCP flags etc, but that's the general idea.

And your application is listening on this port, awaiting incoming connections, so it can function properly.

If the app is buggy, it can be exploited, if not, nothing can happen.

But if you have no services running that require a port and even if you use no firewall, all your ports will be closed and you'll be as secure as you can be.


connect, yes limited user adds more protection - not firewall wise, though. The limited user can prevent exploits from being exploited, if they exist and someone targets them.

But if you know what you're doing, keep your system patched fairly often, you run a low risk of getting "hit" by someone exploiting a new wild, zero-day vulnerability.

Mrk

Understood, thank you MrkVonic.

OK. Thanks for the reply Mrkvonic.


So what I am getting from you is this: (And please correct me if I'm wrong)


1. Open ports, in and of themselves are *actually closed, until you run a service / program to use the port. (For example "Emule")


2. *It is *only in the vulnerability of a program / service *that uses a specific port, that allows an outside to compromise your system.

{QUOTE->
If the app is buggy, it can be exploited, if not, nothing can happen"
<-QUOTE}

*Keep all your programs patched. And even if you turn off your fire wall. And you should be generally safe, correct?

*3. The program / service vulnerability that listens to a port, is the vehicle that the outside uses to compromise your system.

*And *This program vulnerabiliy, *has NOTHING to do with whether it has Admin rights or not, and so it wouldn't make a difference if you are running as an Limited User Account VS an Admin

For example,
a. Running a vulnerable Azureus (with full admin rights)
b. Running a vulernable Azureus (with limited rights under an LUA account)

= the same chances of being exploited?

The difference maker is *whether Azureus is vulernable or not:

is this correct?






So, if I am correct in my above statements, I *think I can conclude the following:
in terms of using different types of applications that require internet access or require ports:

Whether it is a P2P application, or a AIM / MSN messenger application, or an email client connected, or an IRC program such as MIRC.

*As long as the program is fully patched, we can use these programs relatively safely and connect to difference servers etc safely.


Can I safely conclude these statements?

Hello,

You got it well except one thing:

Exploiting a vulnerability depends on what the application can do!

It does not change the vulnerability itself, but it does change the potential impact on the system.

So ... if you have a vulnerable application that has a hole that can be exploited, the severity will be reduced if you use LUA, because in LUA there is only so much an application can do.

Chances of exploit - same. Severity of impact - different.

Therefore, using LUA is not a bad idea at all.

But if you use the admin account, make sure you patch your apps, especially if they interact with the outside world.

Mrk

I've been schooled, thanks! :)

Hi connect4,

I do use P2P (torrent) clients quite a lot (for a number of years to download distros) to test firewalls ability to handle many connections but have yet to see system (attempted) compromise due directly to the P2P client (as long as the P2P client is known to be clean and downloaded from vendor site)
The main problems are from the software downloaded and allowed to be executed/installed. Certainly I am not saying all software downloaded via P2P is infected, but there is a risk.

What I do see mostly with P2P is that there can be a lot of invalid packets (bad/out of connection/invalid flags etc) I am not sure at this time if this is some attempt from others to limit the connection speed or just others having "fun" to see if some attack can be made against other users (or just a problem with the client in use). I do want to find time to check on this, but I have very limited spare time at the moment.

{QUOTE-> I've been schooled, thanks! :) <-QUOTE}

Same here.

I've also learned such a great deal from this thread.

Thanks Mrkvonic and everyone who has contributed.


{QUOTE->
Exploiting a vulnerability depends on what the application can do!

It does not change the vulnerability itself, but it does change the potential impact on the system.

So ... if you have a vulnerable application that has a hole that can be exploited, the severity will be reduced if you use LUA, because in LUA there is only so much an application can do.

Chances of exploit - same. Severity of impact - different.

Therefore, using LUA is not a bad idea at all.
<-QUOTE}


ahh, that makes more sense now.

So that means that, if you sandbox the application your running, *even if the program has been exploited, *it can or cannot do any harm:

*depending on how secure your sandbox application is.

Ex: Kind of like opening a trojan / virus in the sandbox, it *cannot affect your files outside of the sandbox as long as your sandbox program has good sandboxing security.

This is very relieving to hear and I will run all my internet programs either with a. Limited Rights
b. Within a sandbox

= Good security setup :)



{QUOTE->
...What I do see mostly with P2P is that there can be a lot of invalid packets (bad/out of connection/invalid flags etc) I am not sure at this time if this is some attempt from others to limit the connection speed or just others having "fun" to see if some attack can be made against other users (or just a problem with the client in use). I do want to find time to check on this, but I have very limited spare time at the moment.
<-QUOTE}

Hi Stem,

thanks for your input. Although I am actually not that experienced with firewals, ports, security except for everything I have learned so far in this thread.

For example, I have no idea what a packet, bad connection, or an invalid flag is....