Hi, i am using some software to automatically set the clock in certain intervalls. Also i´m using Comodo´s CPF3. Some check on GRC showed, that ports 13, 37 & 123 are permanently open. Is this a potentiall security risc? I guess they have to be open in order to function properly. Or can the firewall be configured to keep this ports "stealth", despite of being "listening"? Thanks for your suggestions!
I would look into using some other time sync software. There's no reason why it should be holding ports open or listening for any extended period of time. It should connect out to the time servers, get a response, and be done with it until the next sync.
So it´s definitly a risk? This software, Dimension 4, V5.0, is free & i´ve been searching a lot without finding any alternate. Even if i found another program, will this behaviour be different? thx for answering.
In order for it to be a "risk", there needs to be some exploitable software behind the open port(s) and then someone needs to know how to exploit any vulnerabilities in that software to their benefit. I have used D4 in the past and didn't have any problems though. Odds are you're fine.... I have used other sync software without this issue. One is Automachron, here is a link: http://oneguycoding.com/automachron/ There are probably many others available as well...
I am wondering which software is acting as a server just to update time. Windows' default service does not do that. As Kerodo said, it does not "listen", it "asks", so unsolicited is not allowed and the port is closed/stealth. Not a risk, but as I said it is not necessary to hold the port(s) open for the time to be updated. If you don't need absolutely accurate time (and I certainly don't), may I suggest ditching whatever time-sync you're using and relying on your MOBO battery only? It will keep the time... Cheers,
http://www.thinkman.com/dimension4/ For some reason, it is not easy to find a decent syncing freeware. Regarding this program, it can be set to sync one & quit, what would solve the problem. But i find it nice, to have it syncing the clock every x minutes. Maybe this is why it keeps the ports open. Yes, of course. But i like to have a very exact time during the computer sessions.
You can disable internet time in Windows and use the program provided by NIST. http://tf.nist.gov/service/its.htm
I use Atomic TimeSync by AnalogX. It can be set to use the server and interval of your choosing or run manually. It opens port 37 just long enough to make the query then closes it. If the server it checks answers quickly, the port can be open for less than a second. I'm not familiar with Comodo, but you should be able to make the rule for your time sync program address specific, opening only to the site you use, closed/stealthed to everyone else. Rick