Loading ...
Sorry, an error occurred while loading the content.

Why you must install a firewall on your PC NOW-MUST READ

Expand Messages
  • Karen Eck
    Thanks to Neill for this message ... ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Seasilver is back!!! http://www.seasilver.com/karen_eck
    Message 1 of 1 , Oct 2, 2003
      Thanks to Neill for this message

      >eGroup and Friends,
      >I personally have not installed a Firewall. However, I have set up my
      >network interface to be essentially invisible to hackers - (aka. grc.com )
      >- looking for an open port to allow entry, along with using Norton
      >Antivirus (NAV) to monitor everything entering my computer from any
      >direction ,i.e. discs of any kind, email, the internet downloads of any
      >kind etc. . In Spite of this NAV detected a virus that had infected half a
      >dozen files on my computer a few days back. This is the first time I have
      >had this happen to me. I have had NAV detect a virus on floppys that were
      >given to me but nothing like this where it had become an internal problem.
      >I still do not know how this virus penetrated my PC as I update my NAV
      >database daily. My only option was to delete the infected files and reload
      >WIN 98 2nd edition. A pain in the ass. and some functions have still not
      >returned to a normal state , More a nuisance than anything.
      >I am seriously considering the subject suggestion. In light of this below
      >article and what I read at <http://www.grc.com>www.grc.com (Gibson
      >Research ) :
      >Monday, September 22nd
      >New DCOM/RPC Exploits Appearing
      >1a0b1780.jpg September 22nd, 2003 – The SANS Institute reports that:
      >"Multiple exploits have been released for the "long filename" RPC DCOM
      >heap buffer overflow discussed in the
      >Security Advisory MS03-039. Internet postings indicate that attackers are
      >refining techniques in pursuit of a "universal" exploit that works against
      >multiple versions of Windows."
      >This is the technology required before a universal worm to exploit this
      >latest vulnerability can be created. Many security watchers believe that a
      >new worm, not unlike "MSBlast" which targeted the previous DCOM/RPC
      >vulnerability, is virtually inevitable.
      >Please make certain that all of your friends,
      >coworkers, and family are safely protected.
      >1a0b1820.jpg <http://www.grc.com/dcom/>Version 2.0 of our DCOMbobulator is
      >available for download. If DCOM is enabled on the system (for patch
      >verification) it recognizes the presence of Microsoft's latest round of
      >DCOM patches and properly reports that a fully patched system is no longer
      >vulnerable to the most recently discovered DCOM vulnerabilities.
      > "
      >At the very least I would use the tools provided on grc.com to make your
      >computer more invisible to hackers. Steve Gibson is an incredible guy who
      >has contributed greatily to the art of protecting PC's from the network
      >yoyo's that would make your life miserable. This at no cost to you. His
      >Webpage server has come under a very organized attack several times and
      >these were real pros doing the attacking ( maybe alphabet agencies - which
      >many believe are intimately involved in this . Especially where the truth
      >is being disseminated.)
      >Believe me , if you have never had a virus penetrate deeply into your PC
      >you do not want this experience. Many times the only way to completely
      >clear this is to reformat your hardisk and reload everything , however
      >this does not completely solve the problem because the critical files ,
      >You want to keep, that may have been infected can not be restored to the
      >new reload without problems. another god reason to make CD backups of all
      >your essential files. There is no excuse these days for not doing this
      >periodically with the CD RW capability or even CD R's as blank discs cost
      >Take Care,
      >Why you must install a firewall NOW
      >If you haven't already installed a personal firewall on your Windows
      >computer, consider this your last warning.
      >MSBlast <http://zdnet.com.com/2100-1105_2-5062532.html>, the recent worm
      >that exploited the buffer overflow in Windows's DCOM RPC protocol, wasn't
      >the sort of e-mail-borne pest that antivirus software is good at catching.
      >Instead, it infiltrated computers directly through their Internet connections.
      >Although installing the latest Microsoft patches should prevent infections
      >from this sort of worm, a simple software firewall will do the trick, too,
      >whether or not you have antivirus software installed.
      >I MENTION THIS because Microsoft announced last week another critical flaw
      >affecting DCOM RPC, and released a new patch
      >to fix it that supercedes the previous patch for this protocol. While
      >there are still no public exploits that take advantage of this flaw
      >(exploits are often precursors to major worms), the clock is ticking.
      >History has shown that worms are usually released within 30 days of a
      >major vulnerability announcement.
      >In July, for example, Microsoft reported and patched a buffer overflow
      >vulnerability in RPC based on the work of the Last Stage of Delirium
      >Research Group <http://lsd-pl.net/>. The MSBlast worm, which capitalized
      >on this vulnerability, appeared on Aug. 12.
      >Last Wednesday, based on additional research by the companies eEye Digital
      >Security <http://www.eeye.com/html/>, NSFOCUS <http://www.nsfocus.com/>,
      >and Tenable Network Security <http://www.tenablesecurity.com/>, Microsoft
      >reported two more buffer overflows and one denial-of-service vulnerability
      >within its RPC protocol. The fact that it is similar to the first flaw
      >could mean a shorter timeline to the next major RPC worm.
      >The Remote Procedure Call (RPC) is a protocol used by the Windows
      >operating system. It's based on an RPC protocol from the Open Software
      >Foundation, but it's the Microsoft-specific parts that are afflicted with
      >vulnerabilities. The Distributed Component Model (DCOM), previously called
      >Network Object Linking and Embedding (OLE), is a service that allows
      >software on one computer to communicate directly with software on other
      >computers over a network. In short, DCOM RPC in Windows allows a program
      >on one machine to run code on another machine. To do so, a Windows
      >computer must first listen on a dedicated port, usually 135.
      >MICROSOFT ADDED DCOM to Windows NT, and eventually to Windows 95, around
      >1996. Previously, OLE was primarily used on a single computer and for
      >relatively simple tasks, such as allowing Excel to import text from Word.
      >When early Windows computers were first hooked up to a network, however,
      >these associations were strained as files were shared and sent to other
      >computers elsewhere on the network. DCOM allowed Windows apps to share
      >objects no matter where the original objects were stored.
      >The problem is that RPC, like other services that use DCOM, is turned on
      >by default for all Windows versions, whether or not you are working on a
      >network. Also, when your system's connected to the Internet, DCOM makes
      >Windows automatically listen on port 135 (and others) for remote signals.
      >This means a hacker need only construct a special message and aim it at
      >port 135 on your Windows computer to cause a buffer overflow error. The
      >buffer overflow, in turn, could replace part of a program's original code
      >with new code.
      >That's how a hacker could use this flaw to take over your computer
      >remotely. Upon seizing control of your computer, a hacker could then
      >reformat the hard drive, use the computer to damage other computers, or
      >steal personal data. (Note that this description makes it sound easier
      >than it truly is to execute.)
      >WHAT CAN YOU DO to protect yourself? The best solution is to download and
      >install the patches for these new RPC flaws immediately, which you can do
      >at the Windows Update <http://www.windowsupdate.com> site.
      >For added safety, I also recommend installing a personal firewall, if you
      >don't already have one. Windows XP includes a nominal personal firewall,
      >but I recommend the free version of ZoneAlarm
      ><http://downloads-zdnet.com.com/3000-2092-10217783.html?tag=lst-0-1>. If
      >you like what you see (the user interface is intuitive and easy-to-use),
      >then you should consider buying the full version, ZoneAlarm Pro 4.0
      ><http://reviews-zdnet.com.com/4505-3514_16-21131904.html>, to get maximum
      >protection and extra features, such as pop-up killers.
      >These days, I consider a personal firewall, along with antivirus software,
      >a requirement if you connect your PC to the Net. There are 65,000 ports on
      >a computer, of which the DCOM RPC protocol uses eight. Activity on any of
      >these ports could signal the presence of a new RPC-based worm. But,
      >without a firewall, you'd never know the worm was attacking your system.
      >Now, you can't say you weren't warned.
      >Do you Yahoo!?
      >New Yahoo! Shopping - with improved product search

      Seasilver is back!!! http://www.seasilver.com/karen_eck Trust
      Mother Nature!!!
      http://www.miraculewater.com The World's first water processors
      designed to
      concentrate the elements of life in water and remove the poisons all
      at the same time.
      http://www.karen-eck.com 541-523-0494 Toll Free 888-345-9657
      Your purchases/donations help support this information
      http://www.paypal.com to kareneck@..., PO Box 445, Baker City, OR 97814

      [Non-text portions of this message have been removed]
    Your message has been successfully submitted and would be delivered to recipients shortly.