general newbie security concern

Discussion in 'other security issues & news' started by moe_08, Nov 25, 2007.

Thread Status:
Not open for further replies.
  1. moe_08

    moe_08 Registered Member

    Joined:
    Nov 25, 2007
    Posts:
    4
    hi

    let me start off by admitting that i am completely and utterly ignorant when it comes to computer tech (i only use it for minimal purposes).. that being said, i have a couple of security concerns i would appreciate if any one give me some feedback on them...

    i ve just bought a new computer.. after i installed the OS (win xp home sp2) i immediately installed kaspersky internet security 7.0... and then i had to update it so i connected to the Internet and KIS updates takes foreverand my connection was slow also.. so the computer was connected to the Internet for a very long time was no protection (or obsolete protection as KIS was updating)....

    1- what are the security risks of connecting to the Internet BUT not doing any browsing or downloading except the KIS update definition files downloads...?

    2- what are the security risks if i connect to the Internet (ie hook the ethernet ADSL cable coming from a router and have no antivirus suite installed.. but DONT DO ANY BROWSING or DOWNLOADING..... i had to connect to the Internet before i installed KIS so as to activate my OS from Microsoft?


    also windows not updated until KIS finished (after a long time) then i ran windows update which took even LONGER time


    N.B. i have been attacked before on a different computer but on the same network by an ip from china (i dont know the type but i think its the one that over traffic the Internet?!?)but KIS blocked it.. so i am concerned that this guy who might know my ip address, attack the new computer during the time where KIS was updating.. esp when the attack hit when i opened an email (spam) that had the subject of my financial advisor company name..


    i will be using this computer to access sensitive financial online data.. and i am PARANOID about my safety and security online esp of the issues mentioned above.....
    currently
    i have windows updated ........KIS 7 running and updated with firewall to max... and that’s it…
    before i start using it for sensitive online action.. i need to feel more protected.. i am still concerned about keyloggers, rootkit virus, trojans,...etc...


    3-how to 100 % check that the computer was not infected by anything of anytype during the updates download?

    4-how to add more protection for the future?

    i am actually considering to write zeros to the WD 160 hard drive.. is that reasonable

    please any feedback is immensely appreciated
    thanks
     
  2. FadeAway

    FadeAway Registered Member

    Joined:
    Apr 6, 2007
    Posts:
    270
    Location:
    USA
    Hello & welcome.

    A direct connection to the Internet without the protection of a firewall
    or router, can result in infection by automated Trojans and worms from
    infected machines around the world, in a matter of a few minutes or less.
    No browser need be open. I have never used KIS, but I suspect it turned
    its firewall on the moment you installed it. If you are seeing attacks
    in your firewall log, then you probably don't have a router. As long
    as your firewall is up and running properly, they should not concern you.

    Most attacks on a connection are by infected machines working through IP
    ranges, not a hacker. We all get them, it's pretty much the Internet way
    of life these days.
     
  3. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    If KIS was installed, it would be operational with the KIS firewall protecting unsolicited inbound. Assuming you did a full install, the proactive defense module would also be operational.
    If you have a private (i.e. not Internet routable) IP address, nothing.
    Even with SP2 installed, there's a lot to update.
    What was the nature of this attack?
    Have you considered running under a limited account and setting up a separate Admin account as needed?
    You should be fine. If desired, make sure that KIS alerts on riskware and take a moment to review and verify running processes.
    If you had a problem, it really should be obvious
    What makes you think you need more?
    After you zero the hard drive, what then? Go through the same series of steps? How will the final result be different?

    Blue
     
  4. moe_08

    moe_08 Registered Member

    Joined:
    Nov 25, 2007
    Posts:
    4
    thanks for your reply

    I just realized that during the time i was updating kasper and windows (again it took a long time to update mean while the system was with no/obsolete protection)... another computer on the lan had a trojan virus in it.... what are the risks on my computer...

    please note that i dont understand the mechanics of LAN,..etc.. all i know is that this other computer (the infected one) has an ethernet cable from the cpu to a d-link device that has multipe sockets for ethernet cable (where i plug my ethernet cable from new computer to it) and then there is another cable that goes from the d-link device to the router which is connected to my regular phone line....

    and when i first ran KIS it said it detected a network connection and asked what to do i choose "internet in stealth mode"


    i think it look like this

    infected pc ---> d link switcher -----> router ---> splitter---> my regular phone line
    my pc ---------> d link switcher -----> router ---> splitter---> my regular phone line

    WHAT TO DO NOWo_Oo_Oo_O

    i did a full scan by KIS and it was clean


    2- if you were in my shoes...
    ie
    -connected to the internet to activate windows and there was nothing running but windows firewall and other pc on the network had a trojan in it
    - spent a LONG time updating KIS 7 before windows updates
    - have a win xp sp2 home edition, KIS 7 ONLY

    what would you do to use this system for online sensitive financial data access with a peacful mind? apart from things concerning browsing and downloading behaviour..
     
  5. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    You are still protected while updating, especially if you have the KAV/KIS proactive defense module active.
    This is actually the one scenario in which a software firewall can be quite useful - infected PC on the same subnet behind a router. If you know a PC is infected, and it's on the router that you have physical access to, ummm, just unplug that PC as things are set up. That more or less falls into the common sense arena of minimizing known exposure pathways. Of course, whether or not it's an issue depends on how you've configured the KIS firewall.
    This is KIS detecting you network card.
    One cause of slowness could be the infected PC consuming a substantial fraction of your maximum connection bandwidth.
    Well, you're not me. I'd assess the system, running processes, connections made, and so on, and make a determination from there.

    If I had nagging uncertainty, I'd remove it (probably with a simple run of the system file checker ("sfc /scannow") or a Repair XP install after cleaning out the system and removal of any questionable add-ons, autostart entries and the like). I'd also stop screwing around by having a live and known infected PC on my LAN. If it were a testbed that I wanted to preserve, I'd physically isolate it from the LAN while I configured things (i.e. temporarily pull the plug).

    The way you're going about this seems at odds with the objective of protecting sensitive data.

    Blue
     
  6. moe_08

    moe_08 Registered Member

    Joined:
    Nov 25, 2007
    Posts:
    4
    thanks for your reply

    i didnt know that there was an infected pc on the network initially (the infection was a packed.win32.NSAnti.r) as soon as i know my son who uses this computer installed KIS 7 and deleted it and i UNPLUGGED his ethernet cable to the network...

    i dont have any add ons on the system at all... all i did on the new built pc is install os--- activate windows online with only windows firewall (no hardware firewall) ----- install Kaspersky internet security 7---- update it----- updated windows... AND thats it

    my concern is that while i was doing the updates (whick took a VERY LONG time and the fact that i updated kasper first leaving the windows unpatched)
    something malcious either from the net or from the infected pc on the local network got in ....

    i ran KIS 7 after update and it came out clean

    but i still i need to do more checks before i proceed

    what would you doo_Oo_O?

    as far as process, i checked em all and they seemed legit exept that spoolsv.exe keep running even when i terminate it, AND i dont have a printer even installedo_O ....

    also i found spoolsv.exe and wuauclt.exe in a folder in windows called "softwaredistribuation" and in "prefetch" other than system32 ....
    does this mean that these are malcious versions of the legit files

    as for connections made, i had kasper firewall to BLOCK all connections execpt for windows explorer and the system stuff...

    knowing all these facts, how would you proceed to start using this new built pc for online sensitive financial usage?

    thanks
     
  7. Rmus

    Rmus Exploit Analyst

    Joined:
    Mar 16, 2005
    Posts:
    3,943
    Location:
    California
    I would return to the shop where I purchased the computer - if they have a technical department. Otherwise, to a custom shop. Explain what happened, ask them to check/cleanup the computer. Take your programs in case they want to reformat/reinstall. They can do your updates in the shop.

    If it's a good shop, they can help and explain how to setup securely, configure your firewall, etc.

    You will pay, but the advice/knowledge you gain will be worth it.

    ----
    rich
     
Loading...
Thread Status:
Not open for further replies.