Help protecting my computer with new cable modem...

I just recently got a cable modem so my connection stays on all the time, I have Norton continually running on my computer, with virus updates and full computer scan once a day, but now I'm having problems with popups when I'm using IE, pages that I go to that I know usually don't have popups and I'm getting them, how do I erradicate those from my computer, I have ad aware and that hasn't caught it, is there anything else, another program, that I can run to clean my computer from that stuff? Also, how do I make sure my firewall is active and is there some good firewall software available online that I can use to protect myself? Thanks for your time.

 

To complement ad-aware, install spybot - search and destroy as well. Make sure you use the update links on both programmes at least weekly to have the latest definitions.

 

Hi CaneCop,

I would add spywareblaster to your list too as well... can you tell us what OS you are useing? maybe a few system specs so I can recommend a firewall, and how to get it set up as it is nessecary to have one

Regards,
FireDancer

 

protect your registry with AdAware pro
http://www.lavasoftusa.com/software/adawareprofessional/

guard against software illicitly sending OUT comminunications with Agniumt Outpost Pro2:
http://agnitum.com/products/outpost/

guard against the rest of the world sending IN comminunications with a hardware firewall appliance with Stateful Packet Inspection like the NetGear FM114P
http://www.amazon.com/exec/obidos/tg/detail/-/B00006B9HR

there are other NetGear models with SPI if you don't need wireless. stay away from junk like any model from LinkSys, D-Link, or SMC. They may work for other people -- good for them. Excellent SOHO brands include: NetGear, NetScreen, and SonicWall


hope this helps

 

I just made the same conversion and did the following;
installed Pop-UP Stopper from www.panicware free version and it does a great job of blocking ads
installed Sygate Personal Firewall (free) version 5.0 and it also does good , go to http://smb.sygate.com/support/documents/spf/default.htm

then go to https://grc.com/x/ne.dll? check all your ports for security to see if anything is open

check periodically for updates for each of above
I also use AVG anti virus which is free and works well

I have Win2kPro SP3, IE6 sp1 and OE 6 running on my computer
With the above software a check of 1052 ports show all in a stealth mode, meaning a hacker can't see them

Good Luck in whatever you decide to do.......

 

Thanks to everyone for their help, I have downloaded the recommended firewall programs and are trying them out to see which one I like the most. I have Windows XP Home edition right now and I have figured out how to set it's firewall in addition to the firewall recommended here. I have downloaded spybot too and tried to scan but it gets about halfway done and freezes, any clue? Also, I still have popups on just about every internet page I go to, I have popup stopper but I hate to leave it running all the time if there is some way to find and remove the current popups that keep coming up, they are popups that come up on pages that normally don't have them so I know it's on my computer somewhere, any help on that would be appreciated. Thanks again for all your help so far.

 

canecop - if they are the "normal" pop-ups and the panicware product blocks them, then they are purely internet based and nothing to do with your PC. And no problem leaving the pop-up killer app running all the time. Or you might want to load the latest version of the google toolbar which includes a pop-up blocker I think I like a little better than the panicware one.

If the things you are getting are windows message screens, they won't be seen by any normal pop-up blocker and there is a service you'll need to stop and disable. It's only legit uses are on larger windows domains so you won't be stopping anything you'd need for a home PC.

wh8 - interesting comment about Linksys, Dlink, etc. being junk router/switches. Love to hear why you think so but maybe on another thread so we don't completely clutter this one.

 

I also was using AVG6 free verison.

I have recently upgrade to the $30 for two years AVG7.

I believe it is worth as it has capabilities the AVG6 does not.

With Win98 AVG6 could be set to check the Boot Sector on startup. With XP this is not possible,

But AVG7 has a quick test that runs when you start AVG7 And checks not only the Boot sector but the MBR and other critical system files. I know this works because I did have a Boot Manager installed which I decided not to use so I removed it. It then took me two days to figure out why the Quick test came up with a warning that the MBR and been changed.

I Also use Kerio.

I also suggest a Router stuck inbetween the Cable Modem and the PC. This takes a lot of load off of the Software Firewall. And blocks ALL ( or most of ) incoming attemps.

And I you happen to be using Windows XP turn its uselss Firewall off.

BillyBob

 

I would also like to hear why Linksys is being refered to as junk.

I will be watching along with Newt for an answer.

BillyBob

 

I have experience with all except Netscreen!

Where is the beef??

Me too! I want to hear!

Mike

 

I was referring to spybot freezing, not ad aware, ad aware is working fine. I left spybot running over night and it didn't move after it froze, then I had to use the task manager to end it. This has happened every time I try to scan my system with it.

As far as the pop ups, it's got to be something already downloaded on my computer somewhere, it's not the "messenger" thing that XP has, I already have that turned off, it's regular advertising popups and they come up on pages that I know don't have popups and it happens a lot! Anyone know about these?

 

Uninstall SpyBot completely.

Then d/l and install the newest and this should do it.

Most will confirm that SpyBot is overall the best. Use both but Adaware lost some when they went months trying to get out a new version.

Mike

 

CaneCop,

Hi and welcome again . I understand you are useing XP's inbound firewall with another. You might not experiance troubles now but could in the future. It is not recommended running both at same time as could cause conflicts. BillyBob is correct that XP's firewall in my opinion as well is junk as it only defends against inbound traffic. I use Kerio and it is a fully customizable rules based firewall in and out.

You can control what comes in as well as what goes out.
The key to a good set up espcialy if you are on broad band
is keeping your rules tight but not to tight. Controling of your apps will become most importaint with what ports you allow thos apps to use and connect to. I have heard that some out here have used XP's firewall in conjunction with others and had no problems... and those are few and far between.. but I have heard more about the problems people have had with running both. Why would you need 2 firewalls? If you set up the rules based firewall corecctly and maintain it you should only need the one.

Post back either way as we would love to hear how your doing with it and can maybe offer tips with kerio if thats what you chose to use.

Very Best Regards,
~FireDancer~

 

Hey pete,

"If you are using a standalone firewall it is preferable to disable the XP firewall. "

Why? I run across this statemant quite often and I grind my teeth! Seems to be a generic statement. I do know that running lets say Sygate or ZAP or kerio with each other causes problems, but ICF is an XP service, and works at that level.

I use ICF, have used it with more than one brand of firewall with not only no problems, but it gives the standalone less to do, besides blocking ports I don't have to bother with in the commercial one.

Ran across this thread which is a classic example of mindless advice about ICF, note the poster's responses http://www.wilderssecurity.com/index.php?board=23;action=display;threadid=12939

Sygate is what I currently run on XP, so I have some empathy with the poster who is not very experienced.

The irony here is that ICF comes enabled by default and most people who put standalone firewalls on happily are chugging along with both.

Regards - Charles

 

Hi Pete,

I reread my post. I might have been a tad strong in my post
Didn't mean to be offensive to you, I know that you and the other mods have a tough job here. Easy for me to be critical.

My applogies to you.

Regards - Charles

 

Hi Pete,

A good experiment would be to shut off the 3rd party firewall with just ICF and go to one of the port scanning services and see what the results are, then repeat using just the 3rd party firewall.

Also interesting is enabling the 3rd party Firewall and looking at it's logs, once w/o ICF and then with ICF. Easy enough to enable/disable ICF, no installing/uninstalling.

The Following is from Windows XP Inside/OUT by Ed Bott and Carl Siechert.

quote:
Internet Connection Firewall (ICF) is a software component that blocks unsolicited traffic from the Internet. It does this by monitoring all inbound and outbound communication involving the computers it protects. Inbound traffic (that is, communication originating from the Internet, not from you or a computer on your network) is dropped (blocked without notification to the originating party) if ICF does not recognize it as a response to an outbound communication emanating from one of the computers on your network. You notice nothing if an inbound packet is dropped, but you can (at your option) create a plain-text log of all such events.

You can configure ICF to allow particular forms of unsolicited traffic. If you’re hosting a Web site, for example, you can configure ICF to allow the HTTP Web Server service.

You should use ICF (or another firewall) on each direct Internet connection. For example, if your network is insulated from the Internet by means of a residential gateway, but one computer on the network also connects to the Internet via a modem and dial-up account, that dial-up connection should be firewall-protected.
If you’re using Internet Connection Sharing (ICS), a configuration in which one computer is directly connected to the Internet and other computers share this con- nection, enable Internet Connection Firewall only on the computer that is directly connected. If you enable ICF on the sharing computers, you will disrupt local net- work communications.

Enabling Internet Connection Firewall

Follow these steps to enable ICF:

Open Network Connections in Control Panel.

Right-click the connection you want to firewall and choose Properties from the shortcut menu.

Click the Advanced tab.

On the Advanced tab of the properties dialog box, select Protect My Computer And Network By Limiting Or Preventing Access To This Computer From The Internet.

Enabling and Configuring a Log of Firewall Activity

ICF does not create an activity log by default. If you want to see a record of what your firewall is doing, follow these steps:

On the Advanced tab of the connection’s properties dialog box, click Settings.

In the Advanced Settings dialog box, click the Security Logging tab

Select the check boxes for the kinds of events you want to log—dropped packets, successful connections, or both.

Specify a file name.

To keep a log from getting too large, specify a maximum file size.
Click OK.

Logging dropped packets can help you determine whether someone is trying to scan ports in search of a security hole in your system. Logging successful connections might also be interesting, but if you use the Internet much, a log including successful connections will quickly grow to maximum proportions.

To read your log, open it in Notepad or another text editor.

The log uses the W3C Extended Log format, a standard logging format that allows you to analyze data using third-party utilities.

To understand what the columns mean, look at the column headers in line 4 (they don’t align over the data below, but they’re in the right order).

The most significant columns are the first eight, listed in Table 20-1.

Table 20-1. The First Eight Columns of ICF’s Activity Log
Item Description
Date Year-Month-Date of occurrence
Time Hour:Minute:Second of occurrence
Action Specifies the operation that was logged by the firewall.

Possible values: OPEN, CLOSE, DROP, and INFO-EVENTS-LOST

Protocol Protocol used for the communication. Possible values: TCP, UDP, ICMP

Source IP The IP address of the computer that initiated the communication

Destination IP The IP address of your computer
Source Port The port number of the sending computer
Destination Port The port that the sending computer was trying to access on your computer Allowing Particular Services to Pass the Firewall

By default, ICF blocks all unsolicited incoming data packets. If you run a Web, FTP, or Telnet site, or if you want to enable contact from the outside on some particular TCP port, you need to take some additional setup steps.

To enable a service, such as HTTP Web Server, click the Services tab in the Advanced Settings dialog box. The Services tab provides check boxes for enabling a combination of predefined services. To use one of these services, all you need to do is select the appropriate check box.

Enabling Ping and Other Diagnostic Commands

Error correction and diagnostic commands, such as Ping and Tracert, use Internet Control Message Protocol (ICMP) rather than TCP or UDP. These functions are also disabled by default on an ICF-protected network. To enable them, click the ICMP tab of the Advanced Settings dialog box. The ICMP tab provides a set of check boxes for predefined ICMP services, along with descriptive information about each. Select the check boxes for the services you intend to use.

Limitations of Internet Connection Firewall

The firewall software supplied with Windows XP provides a basic level of protection against intrusion via the Internet. ICF is concerned only with blocking unwanted inbound traffic.
end quote

Regards - Charles