Should I turn of DSL when computer is off?

I recently got DSL. When I turn my PC on in the morning, I've noticed that there's a short (30 second) gap time before NAV is enabled. Lately, as soon as NAV is enabled, I get a NAV popup saying that there was a trojan horse attempt that was blocked.

Am I open to security problems during the time it takes NAV to be enabled on start up? Should I either always leave the PC on, or turn of the DSL modem when I shut down the computer? I have a firewall - will this help?

 

Hello iamshell,

Am I open to security problems during the time it takes NAV to be enabled on start up?
Nav is running on startup, its a Service - its the GUI that takes the time to show up.

Should I either always leave the PC on, or turn of the DSL modem when I shut down the computer?
Leaving the system running unattended never made anyone safer, so I would say shut off the modem. Its always safer to make sure that the defenses are fully up and running before a connection is made.

I have a firewall - will this help?
More important then NAV. XP's and the major Firewalls are all installed at the Service level and come up immediately.

Regards - Charles

 

Hi iamshell,

Tony's advice is good - follow the steps outlined, but it's not necessarily the case. I think that's NAV2005's Worm Blocker that's giving that message, the Worm Blocker looks at the so called "trojan" ports and spits out that message at a connection attempt.

If this is not NAV2005, then you definitely have a problem. But in any case, do make sure.

Regards - Charles

 

???Am I missing something here or just not understanding it all????

And I base my thoughts on this;

Why should the machine be trying to connect to DSL at boot up ? ( if that is indeed what it is doing. )

In this case I believe I have to go along with TonyT

If something is trying to connect to onlline at boot up I do not think shutting the Modem down will stop it. It just won't go of course.

BillyBob

 

Hi BB,

Why should the machine be trying to connect to DSL at boot up ? ( if that is indeed what it is doing. )
Depends on how its configured, can be configured as an always on or the user has to initiate the connection.

Regards - Charles

 

OK. I was not aware the it could be done that way. Or maybe I did see it somewhere and just plain said NO WAY. And it does not read to me as a very good idea anyway.

But if the system in question is set up for always on then I would say YES to turning off the DSL Modem.

Or maybe a Hardware Firewall like a Router might help.

BillyBob

 

Hi all
I have DSL and I believe it is always on.

I have two choices when I go off line, "Sign out of Qwest Choice DSL with MSN" or "Stay signed in to....You will continue to receive IM's and E-Mail alerts ".

I always sign out, but I believe that I am still hooked up to the "always on" DSL.
I know I'm behind some kind of router because I have checked a site that says it can tell me where I'm at and it showed I was in Minnesota once and California another time. Which I am not in either.

Also my firewall says it can not locate me when I run it's test.

So what are the risks?
Geri

 

OK Folks I am learning. And now that we have finished our Golf game with a Friend in Canada I can get back here. I lost BTW after a three times replay of the 18th hole.

Geri
You say you have choices. I do not.

When I just connected here I got Weather alerts from several hours ago even though WeatherBug has been sitting active in the Systray.

So unless I am thinking wrong, ( which is possible ) my Cable Modem is on but I don't think anything comes in or goes out until I actually connect somehow.

I am also behind a Linksys Router.

BillyBob

 

Clarification of my question

Thanks for all the replys - I guess my general question is whether I need to be worried about anything? I've restarted my PC twice today, and there weren't any security alerts. Now that I'm thinking about it, the trojan alerts started when I installed NAV 2005 2 weeks ago. I've been using an older version of NAV with live update for years, and I do regular full system scans, and I've never had any problems. Is it just that threats were always being stopped, but the new version of Norton is giving me alerts?

Also, a related question - I took a look at the NAV logs, and can't make any sense out of them - is there a simple guide somewhere that explains what all the reports mean, and how I know which are routine and which I should be concerned about? Like I said, I have a firewall, Norton live update, the most recent microsoft updates, and I have no evidence of anything on my computer that doesn't belong there. I checked Add/Remove programs, and there's nothing new on the list, or anything that doesn't belong there. So, is there anything I should actually be worried about?

Some examples of the stuff in the log (I've blocked out the ISP addresses):
Details: Rule "Default Block Netspy Trojan horse" blocked communication shows up over and over, then
<b>Details: The user has created a rule to "block" communications.
Inbound UDP packet.
Local address,service is (XXXXXXXX).
Remote address,service is (XXXXXXXXXX).
Process name is "C:\WINNT\System32\svchost.exe ".</b>

In all the messages about blocking, I also noticed this one under "activities" :
<B>Rule "Default Windows File Sharing" permitted (XX.XXX.XX.XXX,netbios-ssn).
Inbound TCP connection.
Local address,service is (GATEWAY1(XXX.XX.X.XX),netbios-ssn).
Remote address,service is (XX.XX.XX.XX,XXXX).
Process name is "System ".
</b>
This is all happening while my browser is open but I haven't actually been doing anything on the PC. What does all this stuff mean? Is there somewhere I can look it all up myself?

 

My wife and I are on dsl (networked together) and we never shut off the modem. We're also behind a router as well as a software firewall. I've spoken with our ISP technician who advised that this was a reasonable way to go. Anyway, I suppose you should do whatever you find brings you peace of mind.

 

Hello iamshell,

Just to be clear here: what's the firewall you're running?

NAV2005 comes with a half baked firewall called Internet Worm Protection and from your postings that's what is giving you the messages. This is new with the 2005 version which is why you've have never seen it before. Your regular firewall took care and still takes care of this.

As far as info on what the alerts mean, in the Reports panel, you'll see a ?(help) symbol, click on that and read thru the various topics.

Regards - Charles

 

Firewall

I'm running the Windows XP firewall.

 

Ok and if you haven't checked lately, make sure WF is still running because as far as I remember, NAV wants to shut WF down when its installed.

Control Panel > Security Center (if running SP2) > Windows Firewall, should be On.

If you want have WF to log it's activities: Bring up WF > Advanced tab > Security Logging > Settings > tick one of the options: Log dropped packets. Then click on Save as, this will create a Notepad file \WINDOWS\pfirewall.log

Regards - Charles

 

I've run both Norton Internet Security 2004 and 2004, and the alert comes with both versions. The alert that is being seen is telling you, as TonyT says that:

You can shut off these alerts, which are displayed because of the RULES that Norton has made default for your protection - your NIS will block all known trojans etc that are in the av database up to the last time you did a Live Update. I believe the default mode is to show those alerts. You can follow the trail to see where the offending computer is supposedly resident, but the physical address doesn't always match up with the IP address. Only usefull if you're a curious person.

And yes, NAV comes with NIS.

 

My Shemantrics are a little rusty. Is NIS a firewall? If so, that would be why the Windows Firewall gets turned off by NAV2005 during the install, and therefore should stay OFF.
Does this DSL modem/router have a FW built in?
If it is a USB modem it goes off with the PC anyway.

While checking for something in the "Add and Remove Programs" (which is a good thing) I think that iamshell missed the point regarding "Ad-Aware ".
Ad-Aware etc are FREE Anti-Spyware tools that are widely used and highly recommended. I would also include SpywareBlaster, and of course they need to be updated like your AV. For the novice, a little caution is required with the use of Spybot S&D and HiJackThis.

These alerts are a frequent ramdom occurrence with Broadband, and it is safe to configure them to not be displayed, and just let the FW do its job.

Pop.Gunna

 

Hello Meli,

And NAV comes by itself

This is not about NIS, it's about a feature of NAV2005 called Internet Worm Protection. Please read my post on what it is.



Hello Pop.Gunna,

The Internet Worm Protection is a firewall of sorts and it may affect WF.

Regards - Charles