Thanks to Neill for this message
>eGroup and Friends,
>I personally have not installed a Firewall. However, I have set up my
>network interface to be essentially invisible to hackers - (aka. grc.com )
>- looking for an open port to allow entry, along with using Norton
>Antivirus (NAV) to monitor everything entering my computer from any
>direction ,i.e. discs of any kind, email, the internet downloads of any
>kind etc. . In Spite of this NAV detected a virus that had infected half a
>dozen files on my computer a few days back. This is the first time I have
>had this happen to me. I have had NAV detect a virus on floppys that were
>given to me but nothing like this where it had become an internal problem.
>I still do not know how this virus penetrated my PC as I update my NAV
>database daily. My only option was to delete the infected files and reload
>WIN 98 2nd edition. A pain in the ass. and some functions have still not
>returned to a normal state , More a nuisance than anything.
>I am seriously considering the subject suggestion. In light of this below
>article and what I read at <http://www.grc.com>www.grc.com (Gibson
>Research ) :
>Monday, September 22nd
>New DCOM/RPC Exploits Appearing
>1a0b1780.jpg September 22nd, 2003 The SANS Institute reports that:
>"Multiple exploits have been released for the "long filename" RPC DCOM
>heap buffer overflow discussed in the
>Security Advisory MS03-039. Internet postings indicate that attackers are
>refining techniques in pursuit of a "universal" exploit that works against
>multiple versions of Windows."
>This is the technology required before a universal worm to exploit this
>latest vulnerability can be created. Many security watchers believe that a
>new worm, not unlike "MSBlast" which targeted the previous DCOM/RPC
>vulnerability, is virtually inevitable.
>Please make certain that all of your friends,
>coworkers, and family are safely protected.
>1a0b1820.jpg <http://www.grc.com/dcom/>Version 2.0 of our DCOMbobulator is
>available for download. If DCOM is enabled on the system (for patch
>verification) it recognizes the presence of Microsoft's latest round of
>DCOM patches and properly reports that a fully patched system is no longer
>vulnerable to the most recently discovered DCOM vulnerabilities.
>At the very least I would use the tools provided on grc.com to make your
>computer more invisible to hackers. Steve Gibson is an incredible guy who
>has contributed greatily to the art of protecting PC's from the network
>yoyo's that would make your life miserable. This at no cost to you. His
>Webpage server has come under a very organized attack several times and
>these were real pros doing the attacking ( maybe alphabet agencies - which
>many believe are intimately involved in this . Especially where the truth
>is being disseminated.)
>Believe me , if you have never had a virus penetrate deeply into your PC
>you do not want this experience. Many times the only way to completely
>clear this is to reformat your hardisk and reload everything , however
>this does not completely solve the problem because the critical files ,
>You want to keep, that may have been infected can not be restored to the
>new reload without problems. another god reason to make CD backups of all
>your essential files. There is no excuse these days for not doing this
>periodically with the CD RW capability or even CD R's as blank discs cost
>Why you must install a firewall NOW
>If you haven't already installed a personal firewall on your Windows
>computer, consider this your last warning.
>MSBlast <http://zdnet.com.com/2100-1105_2-5062532.html>, the recent worm
>that exploited the buffer overflow in Windows's DCOM RPC protocol, wasn't
>the sort of e-mail-borne pest that antivirus software is good at catching.
>Instead, it infiltrated computers directly through their Internet connections.
>Although installing the latest Microsoft patches should prevent infections
>from this sort of worm, a simple software firewall will do the trick, too,
>whether or not you have antivirus software installed.
>I MENTION THIS because Microsoft announced last week another critical flaw
>affecting DCOM RPC, and released a new patch
>to fix it that supercedes the previous patch for this protocol. While
>there are still no public exploits that take advantage of this flaw
>(exploits are often precursors to major worms), the clock is ticking.
>History has shown that worms are usually released within 30 days of a
>major vulnerability announcement.
>In July, for example, Microsoft reported and patched a buffer overflow
>vulnerability in RPC based on the work of the Last Stage of Delirium
>Research Group <http://lsd-pl.net/>. The MSBlast worm, which capitalized
>on this vulnerability, appeared on Aug. 12.
>Last Wednesday, based on additional research by the companies eEye Digital
>Security <http://www.eeye.com/html/>, NSFOCUS <http://www.nsfocus.com/>,
>and Tenable Network Security <http://www.tenablesecurity.com/>, Microsoft
>reported two more buffer overflows and one denial-of-service vulnerability
>within its RPC protocol. The fact that it is similar to the first flaw
>could mean a shorter timeline to the next major RPC worm.
>The Remote Procedure Call (RPC) is a protocol used by the Windows
>operating system. It's based on an RPC protocol from the Open Software
>Foundation, but it's the Microsoft-specific parts that are afflicted with
>vulnerabilities. The Distributed Component Model (DCOM), previously called
>Network Object Linking and Embedding (OLE), is a service that allows
>software on one computer to communicate directly with software on other
>computers over a network. In short, DCOM RPC in Windows allows a program
>on one machine to run code on another machine. To do so, a Windows
>computer must first listen on a dedicated port, usually 135.
>MICROSOFT ADDED DCOM to Windows NT, and eventually to Windows 95, around
>1996. Previously, OLE was primarily used on a single computer and for
>relatively simple tasks, such as allowing Excel to import text from Word.
>When early Windows computers were first hooked up to a network, however,
>these associations were strained as files were shared and sent to other
>computers elsewhere on the network. DCOM allowed Windows apps to share
>objects no matter where the original objects were stored.
>The problem is that RPC, like other services that use DCOM, is turned on
>by default for all Windows versions, whether or not you are working on a
>network. Also, when your system's connected to the Internet, DCOM makes
>Windows automatically listen on port 135 (and others) for remote signals.
>This means a hacker need only construct a special message and aim it at
>port 135 on your Windows computer to cause a buffer overflow error. The
>buffer overflow, in turn, could replace part of a program's original code
>with new code.
>That's how a hacker could use this flaw to take over your computer
>remotely. Upon seizing control of your computer, a hacker could then
>reformat the hard drive, use the computer to damage other computers, or
>steal personal data. (Note that this description makes it sound easier
>than it truly is to execute.)
>WHAT CAN YOU DO to protect yourself? The best solution is to download and
>install the patches for these new RPC flaws immediately, which you can do
>at the Windows Update <http://www.windowsupdate.com> site.
>For added safety, I also recommend installing a personal firewall, if you
>don't already have one. Windows XP includes a nominal personal firewall,
>but I recommend the free version of ZoneAlarm
>you like what you see (the user interface is intuitive and easy-to-use),
>then you should consider buying the full version, ZoneAlarm Pro 4.0
><http://reviews-zdnet.com.com/4505-3514_16-21131904.html>, to get maximum
>protection and extra features, such as pop-up killers.
>These days, I consider a personal firewall, along with antivirus software,
>a requirement if you connect your PC to the Net. There are 65,000 ports on
>a computer, of which the DCOM RPC protocol uses eight. Activity on any of
>these ports could signal the presence of a new RPC-based worm. But,
>without a firewall, you'd never know the worm was attacking your system.
>Now, you can't say you weren't warned.
>Do you Yahoo!?
>New Yahoo! Shopping - with improved product search
Seasilver is back!!! http://www.seasilver.com/karen_eck
The World's first water processors
concentrate the elements of life in water and remove the poisons all
at the same time.
541-523-0494 Toll Free 888-345-9657
Your purchases/donations help support this information
, PO Box 445, Baker City, OR 97814
[Non-text portions of this message have been removed]