general newbie security concern

hi

let me start off by admitting that i am completely and utterly ignorant when it comes to computer tech (i only use it for minimal purposes).. that being said, i have a couple of security concerns i would appreciate if any one give me some feedback on them...

i ve just bought a new computer.. after i installed the OS (win xp home sp2) i immediately installed kaspersky internet security 7.0... and then i had to update it so i connected to the Internet and KIS updates takes foreverand my connection was slow also.. so the computer was connected to the Internet for a very long time was no protection (or obsolete protection as KIS was updating)....

1- what are the security risks of connecting to the Internet BUT not doing any browsing or downloading except the KIS update definition files downloads...?

2- what are the security risks if i connect to the Internet (ie hook the ethernet ADSL cable coming from a router and have no antivirus suite installed.. but DONT DO ANY BROWSING or DOWNLOADING..... i had to connect to the Internet before i installed KIS so as to activate my OS from Microsoft?


also windows not updated until KIS finished (after a long time) then i ran windows update which took even LONGER time


N.B. i have been attacked before on a different computer but on the same network by an ip from china (i dont know the type but i think its the one that over traffic the Internet?!?)but KIS blocked it.. so i am concerned that this guy who might know my ip address, attack the new computer during the time where KIS was updating.. esp when the attack hit when i opened an email (spam) that had the subject of my financial advisor company name..


i will be using this computer to access sensitive financial online data.. and i am PARANOID about my safety and security online esp of the issues mentioned above.....
currently
i have windows updated ........KIS 7 running and updated with firewall to max... and that’s it…
before i start using it for sensitive online action.. i need to feel more protected.. i am still concerned about keyloggers, rootkit virus, trojans,...etc...


3-how to 100 % check that the computer was not infected by anything of anytype during the updates download?

4-how to add more protection for the future?

i am actually considering to write zeros to the WD 160 hard drive.. is that reasonable

please any feedback is immensely appreciated
thanks

 

Hello & welcome.

A direct connection to the Internet without the protection of a firewall
or router, can result in infection by automated Trojans and worms from
infected machines around the world, in a matter of a few minutes or less.
No browser need be open. I have never used KIS, but I suspect it turned
its firewall on the moment you installed it. If you are seeing attacks
in your firewall log, then you probably don't have a router. As long
as your firewall is up and running properly, they should not concern you.

Most attacks on a connection are by infected machines working through IP
ranges, not a hacker. We all get them, it's pretty much the Internet way
of life these days.

 

If KIS was installed, it would be operational with the KIS firewall protecting unsolicited inbound. Assuming you did a full install, the proactive defense module would also be operational.

If you have a private (i.e. not Internet routable) IP address, nothing.

Even with SP2 installed, there's a lot to update.

What was the nature of this attack?

Have you considered running under a limited account and setting up a separate Admin account as needed?

You should be fine. If desired, make sure that KIS alerts on riskware and take a moment to review and verify running processes.

If you had a problem, it really should be obvious

What makes you think you need more?

After you zero the hard drive, what then? Go through the same series of steps? How will the final result be different?

Blue

 

thanks for your reply

I just realized that during the time i was updating kasper and windows (again it took a long time to update mean while the system was with no/obsolete protection)... another computer on the lan had a trojan virus in it.... what are the risks on my computer...

please note that i dont understand the mechanics of LAN,..etc.. all i know is that this other computer (the infected one) has an ethernet cable from the cpu to a d-link device that has multipe sockets for ethernet cable (where i plug my ethernet cable from new computer to it) and then there is another cable that goes from the d-link device to the router which is connected to my regular phone line....

and when i first ran KIS it said it detected a network connection and asked what to do i choose "internet in stealth mode"


i think it look like this

infected pc ---> d link switcher -----> router ---> splitter---> my regular phone line
my pc ---------> d link switcher -----> router ---> splitter---> my regular phone line

WHAT TO DO NOW

i did a full scan by KIS and it was clean


2- if you were in my shoes...
ie
-connected to the internet to activate windows and there was nothing running but windows firewall and other pc on the network had a trojan in it
- spent a LONG time updating KIS 7 before windows updates
- have a win xp sp2 home edition, KIS 7 ONLY

what would you do to use this system for online sensitive financial data access with a peacful mind? apart from things concerning browsing and downloading behaviour..

 

You are still protected while updating, especially if you have the KAV/KIS proactive defense module active.

This is actually the one scenario in which a software firewall can be quite useful - infected PC on the same subnet behind a router. If you know a PC is infected, and it's on the router that you have physical access to, ummm, just unplug that PC as things are set up. That more or less falls into the common sense arena of minimizing known exposure pathways. Of course, whether or not it's an issue depends on how you've configured the KIS firewall.

This is KIS detecting you network card.

One cause of slowness could be the infected PC consuming a substantial fraction of your maximum connection bandwidth.

Well, you're not me. I'd assess the system, running processes, connections made, and so on, and make a determination from there.

If I had nagging uncertainty, I'd remove it (probably with a simple run of the system file checker ("sfc /scannow") or a Repair XP install after cleaning out the system and removal of any questionable add-ons, autostart entries and the like). I'd also stop screwing around by having a live and known infected PC on my LAN. If it were a testbed that I wanted to preserve, I'd physically isolate it from the LAN while I configured things (i.e. temporarily pull the plug).

The way you're going about this seems at odds with the objective of protecting sensitive data.

Blue

 

thanks for your reply

i didnt know that there was an infected pc on the network initially (the infection was a packed.win32.NSAnti.r) as soon as i know my son who uses this computer installed KIS 7 and deleted it and i UNPLUGGED his ethernet cable to the network...

i dont have any add ons on the system at all... all i did on the new built pc is install os--- activate windows online with only windows firewall (no hardware firewall) ----- install Kaspersky internet security 7---- update it----- updated windows... AND thats it

my concern is that while i was doing the updates (whick took a VERY LONG time and the fact that i updated kasper first leaving the windows unpatched)
something malcious either from the net or from the infected pc on the local network got in ....

i ran KIS 7 after update and it came out clean

but i still i need to do more checks before i proceed

what would you do?

as far as process, i checked em all and they seemed legit exept that spoolsv.exe keep running even when i terminate it, AND i dont have a printer even installed ....

also i found spoolsv.exe and wuauclt.exe in a folder in windows called "softwaredistribuation" and in "prefetch" other than system32 ....
does this mean that these are malcious versions of the legit files

as for connections made, i had kasper firewall to BLOCK all connections execpt for windows explorer and the system stuff...

knowing all these facts, how would you proceed to start using this new built pc for online sensitive financial usage?

thanks

 

I would return to the shop where I purchased the computer - if they have a technical department. Otherwise, to a custom shop. Explain what happened, ask them to check/cleanup the computer. Take your programs in case they want to reformat/reinstall. They can do your updates in the shop.

If it's a good shop, they can help and explain how to setup securely, configure your firewall, etc.

You will pay, but the advice/knowledge you gain will be worth it.

----
rich