BLOCK ALL- Fragmented IP Packet Handling???

Discussion in 'other firewalls' started by PC-Guy, Jan 10, 2006.

Thread Status:
Not open for further replies.
  1. PC-Guy
    Offline

    PC-Guy Registered Member

    Hey:ninja: ,

    I'm still getting "viruses":oops: just by "being online" and not surfing the internet. I have High Speed Cable Modem, which is always ON. Norton Antivirus is active and my Norton Personal Firewall is always enabled at start-up. BOTH products are up-to-date, and Window's XP is up-to-date, aswell.

    I went on vacation and left my PC (computer) ON the entire Christmas week. NO internet browser was open. NO programs running at all, "except my firewall and NAV". When I get back from vacation I now have several viruses, just by leaving my PC on.

    I have as I mention Norton Antivirus auto enable at sartup.

    Norton Personal Firewall auto enabled.

    Microsoft AntiSpyware auto enabled and up-to-date.

    All that and still get viruses. I have tried all other programs and NONE have prevented viruses from getting "into" my computer.

    I was looking at the settings in my Norton Personal Firewall 2004, and there is an option to BLOCK or PERMIT Fragmented IP Packet Handling.

    This is how it's written:

    Fragmented IP Packet Handling
    O Permit all except suspected attacks (recommended)
    O Block all


    It was set to "permit all" but I switched it to "block all" to see if that helps to prevent viruses.

    What does this feature mean or do? how should I have it set?

    After setting it to "block all", I went to http://scan.sygate.com/prestealthscan.html and the "test" came back all "blocked".

    Before when I had it set to "permit all" Port 80 and another port came back open, now it show's all BLOCKED. Is this Goodo_Oo_O

    Thanks Everyone!:shifty:
  2. FatalChaos
    Offline

    FatalChaos Registered Member

    Norton anti-virus real time protection isn't that useful, and I don't know how much the norton firewall protects against viruses (to test it look at the stick about leaktests and download some leaktests and test them on yourself).
  3. PC-Guy
    Offline

    PC-Guy Registered Member


    What do YOU recommend? What do you use?o_O
  4. noway
    Offline

    noway Registered Member

    I don't think viruses are sneaking in to your computer like a cat burglar when you are away. The likelyhood of one or more of the following is much greater:

    1. Your virus scanner is worrying you with false positives, etc.

    Make note of the files identified by your scanner and test them with another scanner, possibly a freeware scanner that is run on-demand only or an online scanner. Search Google with the name of the virus and see what it's all about. I'm not too familiar with Firefox, but if you are worried about stuff in your browser cache maybe there is an option to empty cache on closing browser or set disk cache to zero and increase memory cache. That way you won't be worried about stuff being flagged from the browser cache. When browsing, don't install third party programs online that you aren't familiar with. If you really like them, download them to hard drive and scan them before installing.

    2. The actions that let viruses into your computer are your actions.

    You can examine your browser's security settings. Make a list of all the programs that access the internet...you can see this list in the firewall. Make sure you know what they are and search Google to see if they pose any security problems. If you have archived copies of each installation program somewhere for each of these in case you need to reinstall them, check all these installation programs with virus scanner, in case some of them had been comprimized at an earlier time. If there are any IRC or P2P programs in the list, uninstall them. Configure your email client to use plain text for reading messages if it is a local client. When you receive an attachment from someone, just delete it. Update your virus definitions regularly.

    3. Your computer has been unknowingly comprimized and something or somebody on your computer is bringing stuff in, from the inside-->out-->in
    and now it needs to be cleaned up and kept clean for future use.

    Use a password when booting and when resuming from screensaver. Shut down the computer when not in use or take it's internet connectivity offline. Consider a simpler firewall like Zonealarm Free. Get a proper drive imaging program or restoration program. If you are sure you have viruses, I would just format, install the imaging program and make an image. Then install the programs you want (the ones you scanned in Step 2) and create an image after each few programs. Before creating the image, scan for viruses. Store the images on another partition, hard drive, or CD/DVD. If you get viruses, then you can restore the system to a clean slate without having to clean the viruses. You could use XP System Restore or GoBack or other software rollback solutions, but most aren't as robust or exact as Drive Image or Ghost, etc. Keep your Data (saved files, saved mail, original program copies, browser cache, drive imaging files, etc.) on a different partition or hard drive than where the operating system resides. Only install the programs you absolutely need. Don't install programs that could conflict with one another. Before installing a new program, create an image. If you don't like the program, restore rather than uninstall to insure that you are clean. You said you "have tried all other programs and NONE have prevented viruses"...does this mean you tried dozens of antivirus programs? If they prevent viruses for most people and you are the exception, you can't blame the programs. But the rewards are yours if you keep your drives clean from remnants of old programs and don't install programs that may conflict with one another. Many people have successfully used Norton Antivirus and Firewall but forums are full of people having problems from obvious bugs that have been introduced from program updates from Symantec using LiveUpdate. If you frequent security forums regularly you may see when these bugs are introduced and avoid them or find workarounds (their software can even conflict with new Microsoft updates, etc)...if not, maybe it is time to move on from Norton.

    Good luck.
  5. CrazyM
    Offline

    CrazyM Firewall Expert


    How are you determining, or what is alerting to the viruses?

    It deals with fragmented packets, the default "permit all except suspected attacks" should be fine for most users. If everything works fine with "block all" then you could continue with that. This setting will not impact your possible virus issue.

    This setting should not effect the results at the online scan sites. Have you checked your rules, or do you have anything else in place that could impact the results?

    Regards,

    CrazyM
  6. FatalChaos
    Offline

    FatalChaos Registered Member

    Sorry for the long response Time.

    I would use NOD32 for real time protection, and KAV for on demand scanning. If you are short on budget, Antivir 7 beta w/ heurestics 2.0 engine for real time and Bit Defender free + antivir for on demand scanning.

    As for firewalls and HIPS to prevent viruses from doing anything, Zone alarm, Core Force, Sunbelt Firewall, and Outpost Pro all do the job well. Special HIPS programs like ProcessGuard can also be helpful.
Thread Status:
Not open for further replies.