Is your PC safe when not logged on to the Internet ?

Discussion in 'privacy general' started by John Bull, Sep 3, 2010.

Thread Status:
Not open for further replies.
  1. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    My previous thread GMER inspired this question. It is a problem worthy of discussion in it`s own right.
    If somebody does not agree, then be my guest and delete it, but I consider it most important and almost never recognised.

    I am on Cable Fibre Optic Broadband.
    When looking at my lovely Desktop, not being logged on to the Internet by my browser, am I immune from infection ?
    Can I turn my Firewall and AV off ?
    Answer = NO.

    Every one of my stand alone programs are on scheduled auto-update including Granny Windows.
    All these connect to the Internet and download their material without me having any knowledge of it other than perhaps a courteous pop-up saying an update is in progress.

    So unknown to us Broadband users the Internet is ALWAYS connected except when the PC is completely shut down or if during Standby and Hibernate the local connection is severed.

    Hence if a Malware Rootkit or bug exists in the system it can operate Inward and Outward bound traffic without showing any signs of activity. There would obviously be no pop-up to say we are being burgled, that is not good practice with theft.

    Normally the Firewall and AV programs are still live when the Desktop is showing and do their work in the normal way even with the Internet seemingly closed, but if they are shut down for some reason then the Malware can operate freely.

    I have recently come across a program that requires the Internet, AV and Firewall to be shut down before running - GMER. Bearing in mind what has just been said, that sounds like big trouble. To be without a Firewall and AV protection for a 3 hour plus scan is akin to leaving the door wide open and your wallet laying on the table.

    Whilst your PC is power connected, you have a live Internet connection which can be activated by any program on your computer including Malware at any time.

    Your comments on this personally puzzling situation would be gratefully received. Particularly the shutting down of the AV and Firewall programs. Your browser is just another program, the fact that an Internet screen is not displayed means nothing, your Internet connection is still live and your Firewall and AV must not be disabled. Only Safe Mode and a complete power cut will sever the connection.

    John Bull

    Example :-
    After a long shutdown on Hibernate, no Firewall activity had occurred. I manually updated MBAM, it took less than a minute, but in that time with no Internet connection open on my part ONE intrusion was blocked by my Firewall :- Protocol = TCP, Source IP = 58.218.204.110, Destination IP = ME, Source Port = 12200, Destination Port = 9090. The IP track is shown here :-
    Chinese FW Block.JPG
     
  2. ALookingInView

    ALookingInView Registered Member

    Joined:
    Sep 14, 2009
    Posts:
    365
    When someone says "disconnect from the internet" nowadays, I'm pretty sure they usually mean unplug the ethernet cable from the back of your tower.
    If you connect wirelessly then that's a different story.
    Either way, there are plenty of ways to completely d/c from the net.
     
  3. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    Did this MBAM download trigger something or was it a random sweep?
    Next time you update use the same scenario or rollback and see what happens.

    Is the line that comes into the house truly fibre optic or is it coax?

    Malware can have it's own network stack and not rely on windows networking.
    From your view network monitoring and networking tools will not reveal anything, firewalls will be meaningless.
    Using a switch or hub with a sniffer can reveal what's really happening.

    Even if the PC is off the broadband is still connected and can transmit and receive.
    Routers and modems are not immune to attacks either, though most of these are from the inside to the device.
    Turning off the routers and modems when not using the internet isn't a bad idea.

    Your system is connected to other systems in your neighborhood.
    Your kinda multicasting when sending and recieving packets.
    Anyone in your area on your line up to the first ISP router or switch is receiving your traffic.
    The average joe is not capturing your traffic.
     
  4. drhu22

    drhu22 Registered Member

    Joined:
    Aug 21, 2010
    Posts:
    343
    Could you just disable network connection?
    eg:control panel-network connections-right click your n connection-disable
     
  5. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    John, you asked and answered your own question. And the point of this is......
     
  6. Searching_ _ _

    Searching_ _ _ Registered Member

    Joined:
    Jan 2, 2008
    Posts:
    1,988
    Location:
    iAnywhere
    2 - 1 = 1 There was more than one question mark.

    What about replying to his assumptions?
    Logical invalid assumptions are my favorite learning tool. :D A 2 for 1. ;)
     
  7. CasperFace

    CasperFace Registered Member

    Joined:
    Jul 31, 2010
    Posts:
    200
    Not necessarily. Comodo, for example, has an option to "Monitor other NDIS protocols than TCP/IP" under Firewall > Advanced > Attack Detection Settings.
     
  8. lotuseclat79

    lotuseclat79 Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    5,096
    By virtue of being on Cable Fibre Optic Broadband, apparently, you are a cable subscriber with at least a TV, Internet (computer) package if not a phone line as well.

    The question is if you turn off your computer, isn't the cable still live and your hardware router (from the cable provider) with its firewall up so you can watch TV?

    If you turn off your PC, that will or should turn down the hard drives and your PC would be safe instead of being exposed to anything that could penetrate your computer while not browsing.

    I can disable my network connection from my OS's main menu which works for my computer (Ubuntu 10.04 Linux) and typically do not activate it until my computer is setup and my environment initialized with an extra firewall set of rules for my OS when I boot up, so, I have that in addition to my router's firewall (before I boot up my router) which connects me to the Internet - i.e. there is no login to the Internet - you are either live or not and your computer is either booted up or not and fully setup before you bring up the network connection. Hint: always bring up your computer before your network connection (turn on your router).

    -- Tom
     
    Last edited: Sep 4, 2010
  9. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,042
    Hi Tom

    It may depend on the system. I have cable for TV and Internet. Cable of course is always live, but they are two independent modems. I can shutdown computer, computer cable modem and router, and have TV, or vice versa.

    Pete
     
  10. culla

    culla Registered Member

    Joined:
    Aug 15, 2005
    Posts:
    504
    safe from what john ?
     
  11. wat0114

    wat0114 Guest

    Why does GMER require these to be shut down, especially the firewall and Internet??

    The blocked ip could be that of a port scan. No big deal. As long as you have no open, vulnerable ports or vulnerable services listening on ports, you should have nothing to worry about. If you are concerned about malware getting out, then you have bigger problems to worry about, because it means you're allowing crap to install on your machine. You could (should) get yourself an economical home router to at least keep the Internet noise away from your pc's connection.
     
  12. safeguy

    safeguy Registered Member

    Joined:
    Jun 14, 2010
    Posts:
    1,709
    Yes it is...provided you store the PC away from prying eyes - perhaps lock it inside a cupboard with some form of strong unlock code..and better still make sure you don't take it out ever. Ever. And cross your fingers that no one knows how to break it. Your PC will be safe from thieves and alike...:p

    OK I was just kidding there...

    If it's malware or hack-attack that you're talking about, then I believe "a complete power cut" should be enough to keep it safe...otherwise, you just have to learn with the fact of life....see my sig below and you'll understand what I mean;)
     
  13. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Rather than saying, "unknown to us Broadband users", you mean, unknown to you, don't you? Because many people are aware of what you appear to be unaware of.
    This statement from you (in bold) tells me that you are interchanging the terms browser and internet. When you were advised to close your internet connection, or to disconnect from the internet, you were not being told to merely shut down your browser. The "internet" is more than your browser. It is the broadband connection, which, among other things, allows your programs to update automatically, "even with the Internet browser seemingly closed" .
     
  14. LockBox

    LockBox Registered Member

    Joined:
    Nov 20, 2004
    Posts:
    2,275
    Location:
    Here, There and Everywhere
    Just disable the wireless connection. This doesn't mean to 'disable radio' as with some brands of computers using their own software. To actually shut down the connection - the connection must be disabled completely.
     
  15. John Bull

    John Bull Registered Member

    Joined:
    Nov 22, 2009
    Posts:
    904
    Location:
    London UK
    Thanks Page,

    You`re a real buddy and so complimentary.
     
  16. Page42

    Page42 Registered Member

    Joined:
    Jun 18, 2007
    Posts:
    5,828
    Location:
    Last Breath Farm
    Hey, it has nothing to do with being your buddy or complimenting you. It has everything to do with trying to unravel your obvious confusion. You'd do better around here if you stop classifying members as either for you or against you. The vast majority of us are simply responding to the topic on hand, not trying to be each other's buddy.
     
Loading...
Thread Status:
Not open for further replies.