Any peer to peer (p2p) users?

Discussion in 'other anti-malware software' started by RootAccess, Aug 19, 2007.

Thread Status:
Not open for further replies.
  1. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    I plan to use BitTorrent and mIRC on a daily basis and was wondering what everyone's network security setup is. What are the good software to use for a secure environment?
     
  2. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    I use P2P and I just have KIS 7.0 realtime with SAS for occasional ondemand scans. Works great.
     
  3. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    I use Limewire, mainly for music/music vids.
    Have Avast AV configured with the p2p shield (one of seven available) on, Comodo firewall, and SpywareTerminator.
    I used to scan every file prior to allowing them to run, and that's probably wise, but (so far) nothing has been found, and I've stopped doing it.
    I'd imagine scanning with 2 or more scanners would be important if downloading zips, or applications (Highly NOT recommended) but most mp3's, if they seem to be the right sort of size (3-10Mb) and title/comment seem to be OK.
    Avoid files that have a lot of "keywords/tags" in the title. They're usually junk/porn.

    [EDIT] PS, I also use Peerguardian for blocking certain advertising sites and the download police etc. Don't know how effective it is, updates seem to be a problem at times.
     
  4. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    I'm looking for strong protection from inbound traffic that I will be getting.
     
  5. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    922
    Location:
    Big Apple USA
    I have my NAS box running 24/7 w/ P2P. Both uTorrent & Crux. I use Outpost Pro w/ tight ruleset for P2P, NOD32 scans any / every file before opening along w / Spyware Terminator scan every file and a2 occasional scans (suspicious files). Box also has BoClean (new install) and ProSecurity.

    I've D/L'd some trojans, but they were caught and eliminated prior to launching and doing their evil deeds.

    And, forgot to mention, I'm behind a router w/ protection.

    ...screamer

    edit: Yes... PeerGuardian too ;)
     
  6. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    922
    Location:
    Big Apple USA
    The strength of your protection will depend on your firewall ruleset.
     
  7. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    Screamer, what made you choose OutPost firewall? And what rules should I be writing if I may inquire?
     
  8. Kees1958

    Kees1958 Registered Member

    Joined:
    Jul 8, 2006
    Posts:
    5,857
    Hi, all


    Besides FireWall specific rules, AV that look into data (e.g. the Avast Module for P2P, Internet etc) there is a good way to secure your download/shared directories:

    - using block (to execute) with classical HIPS like SSM for the shared directory
    - set the P2P application AND shared directories as untrusted/blocked with DefenseWall & GeSWall
    - using a executable startup filter/rule for behavior blockers in that specific directory (just add the shared directory to the C:\ and C:\WINDOWS directories protected by your 'file protection' rules).

    Regards K
     
  9. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    922
    Location:
    Big Apple USA
    I've been using Outpost for a few years on all but one of my machines. Laptop uses Comodo, just because Outpost was conflicting w/ Spyware Doctor. Work fine together on main box though. Go Figure...

    Here's a basic ruleset:

    [your apps name=??]
    VisibleState: 1
    Exe:
    ??, ??.exe
    DefaultState: 1
    RuleName: ?? HTTP connections
    Protocol: TCP
    RemotePort: 80
    Direction: Outbound
    AllowIt

    DefaultState: 1
    RuleName: ?? Outbound TCP connections
    Protocol: TCP
    RemotePort: 1025-65535
    Direction: Outbound
    AllowIt

    DefaultState: 1
    RuleName: ?? UDP connections local Port
    Protocol: UDP
    LocalPort: 6346<-- whatever port you decide to use
    AllowIt

    DefaultState: 1
    RuleName: ?? UDP connections remote Port
    Protocol: UDP
    RemotePort: 6346
    AllowIt

    DefaultState: 1
    RuleName: ?? Inbound TCP connections
    Protocol: TCP
    LocalPort: 6346
    Direction: Inbound
    AllowIt

    DefaultState: 1
    RuleName: Block ?? UDP connections
    Protocol: UDP
    LocalPort: 0-1024
    BlockIt

    DefaultState: 1
    RuleName: Block ?? Inbound TCP connections
    Protocol: TCP
    LocalPort: 0-1024
    Direction: Inbound
    BlockIt

    DefaultState: 1
    RuleName: Block ?? Outbound TCP connections
    Protocol: TCP
    RemotePort: 0-1024
    Direction: Outbound
    BlockIt

    hth,

    ...screamer
     
  10. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,068
    Location:
    Serbia
    I'm surprised no one mentioned ProtoWall or PeerGuardian (both freeware). These are specifically designed for filesharing privacy, as they would block "bad" IPs. Speaking of which, Outpost has a great plugin called 'Blockpost' (freeware), which serves the same purpose as the applications mentioned above.

    Cheers,
     
  11. RootAccess

    RootAccess Registered Member

    Joined:
    Jul 20, 2007
    Posts:
    64
    Seer, between ProtoWall or PeerGuardian, which one is better? Or which one has the bigger "bad ip address" list?

    screamer, thanks for the basic rules. How does Outpost compare to other firewalls?

    Tarq57, how is PeerGuardian working out for you?
     
  12. Tarq57

    Tarq57 Registered Member

    Joined:
    Oct 7, 2006
    Posts:
    966
    Location:
    Wellington NZ
    I activate Peerguardian every time I open Limewire. It can be set to block HTTP also. Currently says it's blocking 975134210 IP's.
    Updating is sporadic. Often when searching for the updates it blocks itself from updating, perhaps because several of the IPs that have the updates are on the block list. I don't know what that's all about.
    The program has no actual application problems apart from being bombastically slow to process the update list, when this has been successful, and there is a forum that's pretty informative.
    Don't know how watertight it is. Certainly better than nothing, though. Certainly its' presence doesn't cause me to relax at all about the possibility of malware in anything downloaded, and I think that's a pretty good approach to anything done on the web.
    (Just coz you have good airbags in the car doesn't mean you drive to crash.)
     
  13. argus tuft

    argus tuft Registered Member

    Joined:
    Sep 20, 2006
    Posts:
    280
    Location:
    Australia
    I use pg2 also, and i too have noticed that updating can be a pain, but I very rarely use p2p these days, so it doesn't bother me much.
    It does also seem to crash on startup about once a month on average. I have it set to start with windows, mainly coz I'm too lazy to change it.

    I also have windows set to show all file extensions, so that I won't be bitten by cool song.mp3.exe
     
  14. screamer

    screamer Registered Member

    Joined:
    Apr 14, 2006
    Posts:
    922
    Location:
    Big Apple USA
    It scored an 8700 = Very Good on Matousec's list:

    http://www.matousec.com/projects/windows-personal-firewall-analysis/leak-tests-results.php

    Like I said, I've been using it for a coupla years and I'm comfortable w/ it. Its yet to let me down. It has several plug-ins: Adware, Anti-Spyware, Attachment Quarentine... I only use DNS, Attack Detection & http log.

    hth,

    ...screamer
     
  15. Seer

    Seer Registered Member

    Joined:
    Feb 12, 2007
    Posts:
    2,068
    Location:
    Serbia
    Hello.

    First off, apologies to Tarq57, he mentioned PeerGuardian before me :)

    They are both equal regarding "bigger" list, as they both use Bluetack's list for updating IP addresses, if I am not mistaken. Protowall is Bluetack's app. I have used both, for a short time, but I have noticed that PeerGuardian tends to be a little heavier on the CPU, as it produced occasional spikes. But you need to try them on your system to see the exact differences.

    Cheers,
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.