PeerBlock

Thks, there are some country lists on the site!

http://www.iblocklist.com/lists.php

 

I'll have to agree with this. Peerguardian type of programs worked back in the P2P days of kazaa but with bittorrent, your IP is in the swarm regardless of whether you connect to these "bad IPs" or not. At least, that is my understanding.

 

However, if these bad IPs cannot connect to you, you can't share with them and they can't upload anything to you, thereby making their job, even if only slightly, more difficult. That being said, there is NO way to know these bad IPs are even correct or misidentified as bad when they are legitimate. And, more importantly, there is NO way to know if a range of IP addresses is the only one a "bad guy" uses. It would be absolutely stupid to think you have any chance whatsoever to block them all.

I look at it this way, a poorly seeded file is going to either not download at all or download so slowly that it ends up not being worth the wait, and, a well-seeded file is going to download fast whether some seeders and leechers are left out or not. These IP blockers don't change that. But, if they help even SOMEWHAT in keeping bad IPs away, I find them worth it.

 

Yes, not only that but when you use FF or IE it is VERY educational to see the number of ip's blocked by PeerBlock as google etc does it's thing as user searches sites.

Of course the block lists are imperfect. Just like AV's don't cover 100% of all malware. Front door locks are also imperfect but nobody argues their removal.

 

Quick question on Peerblock

Forgive my ignorance (I think my question will seem stupid to a lot of you, but consider it a first time post by a Newbie), but is there any real difference between Peerblock and a HOST file? Can (or should) I use both or is that not necessary? In the middle of learning about/designing my security system on a clean install of Win 7 after getting badly hacked on XP. Thanks so much, -- S

 

Re: Quick question on Peerblock

Welcome!

I like your question!

There is a real difference in HOW these 2 work but not so much in the end result.

Both HOST and Peerblock prevent you from connecting to certain www sites and ip addresses. So in that sense they are similar. Keeping us out of trouble but limited to the sites and addresses loaded in HOST and used by Peerblock.

I use both.

HOST entries prevent you from even attempting to connect whereas Peerblock lets you try then blocks you IF the site is in their data base.

BUT, that said neither of these 2 tools will keep you from being hacked again.

For that you need at a minimum:

(1) firewall properly configured
(2) A top of the line Anti-virus product with a real time feature activated

As well I suggest you get behind a router even if you only have 1 computer.

 

Thanks Escalader -- I really appreciate your taking the time. Oh, I want to be a ghost when I get back online! Victimized by rootkit, ID theft, screwed up my files, business, the works -- cripling.

So, my plan thus far from what I've learned is using a LUA, Peerblock, Comodo firewall w/Defense + (Ive read through their entire help manual), Spyware doctor w/ Threatfire, some sort of key scrambler (a rootkit seems to have logged my keystrokes), Secunia PCI for patch checks, and am considering Tor or this program Squid (not sure which I should use), as well as file encryption and maybe some form of desktop virtualization -- I've learned most of this stuff here, so thanks a lot!

I realize this may be overkill, still sorting out the most efficient route to eliminate redunancies. I don't surf 'iffy' sites or do much P2P but would like some anonymity because apparently in disconnecting I've pissed of a hacker and my IP is under constant attack (I'm in process of changing it by disconnecting my home pc until the ISP lease period is up). I just want my IP hidden to avoid this again. Also thinking maybe something like mailwasher to prevent html script running. I've been reading through your forums for pretty much 2 weeks straight! It's bewildering.

Def behind a router with WPA2 and all remote services shut off. Sorry to be so long-winded; you guys are doing a very kind thing here, and I thank you truly. Just need to figure the best setup! Being a victim is never any fun, but I will emerge stronger for it! Any suggestions would be great; your Karma must be pretty damn sterling! Oh yeah, for on-demand I'm using 64 bit Superantispyware & Malawarebytes & Hitman Pro.

I'm really new at this stuff but if I'm off track please let me know! Once you've been through this it's hard to draw the line between paranoia & prudence, but I'll tell you -- 'An ounce of prevention is worth a pound of cure' could never be emphasized enough here! Seeya, -- S

 

[FONT=&quot]Home Security System[/FONT]

[FONT=&quot]Once upon a time, there was a man who wanted to protect the valuables in his home. He had stamps, coins, cash, photos, pictures, old letters, financial documents and of course family members (and a computer). He took certain actions and made certain purchases to implement a protection and recovery system.[/FONT]
[FONT=&quot]1. [/FONT][FONT=&quot]Installed [/FONT][FONT=&quot]deadbolt[/FONT][FONT=&quot] locks on all his doors[/FONT]
[FONT=&quot]2. [/FONT][FONT=&quot]Installed [/FONT][FONT=&quot]bars[/FONT][FONT=&quot] on his basement windows[/FONT]
[FONT=&quot]3. [/FONT][FONT=&quot]Installed a [/FONT][FONT=&quot]monitored security[/FONT][FONT=&quot] system to detect motion and broken windows and glass doors[/FONT]
[FONT=&quot]4. [/FONT][FONT=&quot]Installed [/FONT][FONT=&quot]smoke and carbon monoxide detectors[/FONT][FONT=&quot] to detect fire and poisonous gas. He had fire extinguishers for small fires.[/FONT]
[FONT=&quot]5. [/FONT][FONT=&quot]Established a [/FONT][FONT=&quot]escape plan[/FONT][FONT=&quot] for his family in the event of disaster and conducted a fire drill[/FONT]
[FONT=&quot]6. [/FONT][FONT=&quot]Purchased [/FONT][FONT=&quot]insurance[/FONT][FONT=&quot] for these valuables[/FONT]
[FONT=&quot]7. [/FONT][FONT=&quot]Kept some valuables and copies in an [/FONT][FONT=&quot]off site[/FONT][FONT=&quot] safety deposit box. (SDB)[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]With this layered system, he hoped to minimize intruders, detect and deal with them if they did get in. As well, he had some ability to replace valuables and recover others. It was imperfect but at least he had a plan.[/FONT]
Home Computer Security System[FONT=&quot][/FONT]

[FONT=&quot]As he worked on computer security, he felt he should try to emulate the house security system for his computer setup.[/FONT]
[FONT=&quot]1. [/FONT][FONT=&quot]Deadbolt:[/FONT][FONT=&quot] installed a router with a hardware firewall in it to block / filter out bad incoming data packets[/FONT]
[FONT=&quot]2. [/FONT][FONT=&quot]Bars:[/FONT][FONT=&quot] installed a strong well configured software firewall in case the deadbolt was circumvented or left unlocked by visiting teenagers, cousins and other friends and relatives.[/FONT]
[FONT=&quot]3. [/FONT][FONT=&quot]Motion detectors:[/FONT][FONT=&quot] installed a strong well configured real time heuristic antivirus and a Host-based Intrusion Prevention System (HIPS)[FONT=&quot][1][/FONT] to detect and nullify any bad executables that got past deadbolts and bars and were behaving in a suspicious manner[/FONT]
[FONT=&quot]4. [/FONT][FONT=&quot]Smoke Detectors:[/FONT][FONT=&quot] installed a strong well configured antivirus/antimalware software package that was current up to the hour and scanned for fires, smoke and poison gas daily. If small he quarantined them.[/FONT]
[FONT=&quot]5. [/FONT][FONT=&quot]Escape plan:[/FONT][FONT=&quot] in the event that 1 to 4 failed, he had a current backup and recovery system based on disk images so he could go back in time and restore things the way they were before the failure. He also had a fire drill to test the recovery system to ensure it works.[/FONT]
[FONT=&quot]6. [/FONT][FONT=&quot]Insurance:[/FONT][FONT=&quot] If 1 to 5 failed, he had current computer recovery disks in the safety deposit box hoping never to have to use them.[/FONT]
[FONT=&quot]7. [/FONT][FONT=&quot]Off Site:[/FONT][FONT=&quot] As insurance he had copies of all key data in digital form off site in the SDB.[/FONT]
[FONT=&quot] [/FONT]
[FONT=&quot]With this layered system, he hoped to minimize intruders, detect and deal with them if they did get in. As well, he had some ability to replace valuables and recover others. It was imperfect but at least he had a plan.[/FONT]

[1] Host-based Intrusion Prevention System (HIPS)

[FONT=&quot]The system detects unwanted and malicious program activity and blocks it in real-time. HIPS responses should to only be initiated for dangerous and unwanted events without affecting the operation of safe programs ensuring a high level of protection for users that doesn’t affect the performance of the computer.[/FONT]

 

Now if only it worked that way. Excellent overview of security though, not that I can get away with it since my family hates both pop-ups and blocking software.

 

Right! Sounds like mine.

What I do is let them run their own PC's and trash about!

Mine is mine.

PS with my own setup I really get very few pops or blocks.

I use PeerBlocks allow list to minimize the "issue"

 

I've only got a single system in the household, so I'm kinda screwed, hehe. I love Peerblock, the only problem I've found is that even with HTTP unblocked, it blocks a LOT of websites. Online streams are a bigger issue, you can allow one IP so the stream can play, then 9 times out of 10 the stream keeps changing the IP, making for an endless loop of allows.

 

You are clearly using your PC differently than I do, no problem with that!

On the endless loop can you change the ip range to allow say 000 to 255 on the from to PeerBlock list sort of anticipating their ip usage?

 

Okay Escalader -- Your response was funny and I actually laughed out loud during a very unfunny time in my life. Thanks for that; got it, I'm way past prudent and am paranoid. But remember you're dealing with a Newbie -- I did read the word doc that greets you and warns against "layered systems" though I wasn't sure how to define that -- I guess in my "at least I got a plan" I did just that! After reading through the horror stories and living through my own this stuff makes your head spin -- rootkits (kernal, firware, etc.), ADS, man-in-the-browser attacks, etc. makes trojans and worms and viruses seem like the product of 8th graders having fun.

I know everyone takes a different tack when it comes to PC security; but having slightly more than a vague clue I wish there were template examples of different approaches somewhere like "Virtualization-based technique, benefits & drawbacks," "antivirus/firewall based approach, benefits & drawbacks..." that kind of thing.

At least it's nice to have someone shake you and say "get a hold of yourself kid, you're way beyond prudent here!" Okay then, back to the drawing board.

 

FWIW, the method of FW and AV are not mutually exclusive from Virtulization. Users exploit both.

Have a slow read through this post and the links from Blue.

https://www.wilderssecurity.com/showthread.php?p=1538690#post1538690

Make a written plan then implement your plan.

If I had gone through what you describe happened to you after I changed ALL my passwords and dealt with the bank and the authorities on the id theft ( is that right?)

I would completely wipe all my PC's change the router codes and reinstall the os of choice (I think you said you did move to W7 so that would do it IF you wiped the drive 100% before W7 or did it during install.

Then update the os, and install my security tools.

1. Password management system
2. Secure browser with no script
3. FW
4. AV
5. Host
6. PeerBlock
7. KeyScrambler
8. Image / File recovery system

 

Thanks so much, again. Really appreciate the help. Only real open question is that when I installed Win 7 I did a reformat drive during the Win 7 installation, got the usual and very welcome message "This will wipe out all data" but the reformat process was really fast (maybe it takes the instructions and reformats after during the install).

You said above "IF you wiped the drive 100% before or during Win 7 install." Problem is this wasn't possible during the reformat -- I noticed after hitting "Format Disk" that the difference between the total & available space was 0.1 GB (I believe). Is this good enough, or is it possible in that fraction of space a stowaway of my problems may reside? I did have unauthorized charges to China on my credit cards also, and understand some sophisticated hacking groups reside there, adding to my paranoia.

Here's a chuckle you can have at my expense as a token of gratitude -- originally I thought in my paranoia I should wipe the drive using a DoD program like Eraser, but read somewhere this might make Win 7 install more difficult (I think that only applies to an upgrade -- I bought the full version).

Thanks again, -- S

 

Don't worry about this there is always this difference between total and available.

This is true, China does have hackers as do other countries.
One of the block lists in PeerBlock is China.

To rid yourself of paranoia you must write down your plan and then implement it.

One password manager is RoboForm which you can get free. It can store your NEW strong passwords on on a USB stick and it encrypts them. Once you use the stick to log in on a safer browser you can eject the USB stick thus your passwords are NOT available.

Prior to your id and hacking crisis did you suffer from email spam?

 

You are the man Sir! Thank you so much -- you must have really good Karma.

Yeah I sure did suffer from email spam. I read somewhere along the way here that using an email preview pain can be troublesome because an unopened email in preview can run HTML -- hence the use of No Script I'm assuming.

The difference on the HD (unused vs. available) is 1 GB, not .1 and is due to the system volume folder which is inaccessible through normal channels (though there are some commands I've found to delete it). Do you think I should delete this in case there's something hiding out my reformat didn't catch? I've learned last night it's used for restore pts most commonly, but was wondering if there's a risk there.

I'm almost there with the plan (modeled after yours -- simple in it's non-layered approach and robust -- very cool), and will be on my feet again soon.

If there's anything I can do to repay your kindness I'd be glad help you guys anyway I can. Just let me know.

 

Please don't mess with the volumes used by the operating system. As to restore points they can be useful. Later you can reduce their number if HDD space ever becomes an issue.

On spam users need to set up filters to block them and resist any tempation to open them out of curiosity. If your ISP provides you with web mail the best way is to review your mail on THEIR server not your PC, id all the spam there so the ISP filters get better.

Then you can download "clean" email only to your system if you want to keep it.

I use MS Office Outlook which has a junk mail filter updated by MS once a month. There are also specialized spam programs one can use.

You said your plan is non layered? Was that a typo?

 

I guess I meant much less overly layered than my first monstrosity in attempting to replicate Fort Knox, though I suspect you're making fun of me again...that's okay, I appreciate any and all humor right now!

That's a great idea WRT using my IP provider's mail to ID the spammers; was thinking about using Thunderbird (if it's 64 bit compatible) as Win 7 lacks an email client, then find an anti-spammer program or block file to deal with it once I'm courageous enough to get back on the internet. Again, I really appreciate your help, Cheers, -- S

 

Ahhhh, Windows 7 does come with a perfectly good email client. Windows Live Mail. It has the ability to id spam and make rules to filter out spam based on the spam mail. I use it all the time.

 

As Escalader has already made an excellent plan/list of suggestions for you, I'd just like to add the following;

- Perhaps use a browser like Firefox which offers add-ons like AdBlockPlus.
This add-on will (you'd probably never have guessed ) block almost all ads.
Thereby you will also block all ads which have been infected with a drive-by download because some black hat hacker managed to compromise an ad-server.

- Read Escalader's point 5 again and invest some time in making an image of your OS.
It's incredibly usefull to have the assurance that you can restore your PC in 15-20 minutes to a clean state.
For the above reason, I'd recommend to partition your HDD; one partition for the OS+programs and one for data as pics, docs, music, etc.
That way you can easily restore an image without losing any other (crucial) data.

- For a firewall+HIPS, I would recommend the free version of Online Armor.
I've found it to be on par with Comodo but more stable and much more user-friendly.
If you have read the entire Comodo manual, OA will be easy.
(Set a password for OA, so your children can't change any settings).

- Make separate user-accounts for the kids.
If they do manage to infect the machine, the malware will (usually) be limited in the havoc it can cause and it's much easier to clean.
(Although a thorough scan with an anti-virus/malware program will probably take longer than just restoring the image mentioned above).

- Use only those programs you are comfortable with and understand.

Cheers.

 

Thanks again to both of you. I actually have 3 seperate HD in my system from old builds, and have a copy of Acronis True Image I use to make scheduled backups (before I realized there were so many free aps). I'm extremely grateful for the advice you guys have given me; now must press on with it all! Best, -- S

 

Just a horrible thought... are these 3 HD'd all clean?

 

my pc crashed upon installing peerblock... it probably due to pbfilter.sys.
tried the several methods posted but still unable to resolve..

so i resort to peerguardian.
may i know if it has the same functions? any disadvantages?

 

sorry didnt know that both are different companies.
i always thought that peerblock is an upgraded version.
sorry to hijack my Q&A here