So I just got a new computer and it came pre-installed with Norton Internet Security and Anti-virus. Anyways, I’ve been on the net for about 2.5 hours now and Norton has alerted me no less than 6 times of an “attack” on my computer that either is, or bears resemblance to the “ms_RPC_DCOM_BufferOverflow” attack.
Needless to say, these warnings are getting a bit annoying. Now Norton claims I have nothing to worry about, but these frequent warnings do have me a tad worried and/or annoyed. What if I log onto the net one day with Norton disabled? Will my computer potentially end up with a virus installed? Also, is there any way to have Norton stop displaying alerts whenever this event occurs? Thanks.
It’s a sad fact of life now that if you have internet connection then you are likely being “probed” dozens or hundreds of times a day by people looking for unsecured systems.
Your Norton internet security software is acting as a pseudo-firewall and is preventing these probes from gaining information and access from your computer.
Check out this page
http://www.grc.com/default.htm
and scroll down to the Shields-Up link. Inside you will find a test that will make sure that Norton is protecting your PC properly as well as lots of easy to understand information on what Norton is doing for you.
If Norton stops working properly than your PC may be exposed to intruders. If you are on high-speed internet (cable or DSL) I usually recommend that people use a hardware based firewall such as a Linksys or SMC router. These devices are cheap, easy to set up, and provide better protection than software based firewalls. They are very reliable, and make it very easy to share your high-speed internet connection with other computers in your house. I don’t know how to make Norton shut up though.
Hope this helps.
Thanks for the info.
For clarification, I’m on 56k. I have another computer as well, though it currently has no anti-virus or internet security protection. I’m seriously thinking about getting Norton for that computer now too, in light on the amount of attacks I’ve sustained (9 now, across a 3.5 hour time span). Do I have to pay two subscription fees for two different computers? I imagine so, but it’d be nice of Norton offered a discount or something.
Hmm, this is interesting.
I did a trace on the IP address of the attacker (via Norton) and apparently (if I’m reading this correctly), the address is of the same ISP I use. This isn’t a large ISP either, it’s a free-access one for the Washington area called NoCharge. Seems like an odd coincidence…
If you are getting that many alerts, you probably have the firewall settings at ‘high’ which may be more than you need.
All of the things that are being picked up will not necesarily be malicious. Check out the symantec website for more info on how the firewall works and what it picks up.
Anonymous Coward is 100% right. But just to clarify, the “probes” he referred to are the “attacks” you are referring to.
Youre not necessarily being attacked. Basically, the probes are people looking to see if you have some sort of unsecure system, OR if you have a trojan already on your system. It takes a while before you can get to the point that you realise that system attacks are generally not personal. In other words, the person probing you is simultaneously probing a couple of thousand other people in your IP range. If you happen to have downloaded a specific class of trojan that the attacker/prober is looking for, than that person finds you and takes over your system, or whatever the trojan is designed to do. So some hacker prevention starts with watching what you download.
I used to use Black Ice Defender, and it alerted me to 20-30 “attacks” per day. This could be everything from a real probe to a friends computer trying to direct connect through AIM. That got real annoying, especially because it never seemed like it was protecting me, just letting me know it was happening. I now use Zone Alarm Pro, which very quietly monitors in the background after you set up all of the parameters. (Like the things you want it to alert you to, etc.)
I’m pretty sure this is what Anonymous Coward was implying, but I thought it might need to be spelled out for those who think they’re being attacked personally every time that message comes up.
PS. I too use a hardware firewall, but I also keep up Zone Alarm, because the software firewall keeps things IN as well as OUT.
Thanks for the additional info.
I knew that I wasn’t being targeted specifically or personally (like I said, brand new computer, so I never even considered the possibility). I was just using the term “attack” as Norton used it, though I do appreciate the clarification. I think I found a way to turn off Norton’s frequent alerts, so hopefully that’ll solve my problem.