Trojan question

I received this message from Norton (addresses deleted):

So my antivirus software detected an attempt. How do I find out where it came from? I assume by using the remote address in some way; but how?

FWIW I tried to run Live Update yesterday and got a message that I had to remove and re-install Norton. Using the help page, I discovered that the problem might have been a virus that disabled Live Update. So I removed and re-installed Norton, ran Live Update, scanned my computer, and ran Live Update again.

I delete suspect emails from my suspect email folder without opening them. The only browsers I had open when I got the message were SDMB and eBay, plus my Netscape Mail & Newsgroups (which does not receive suspect emails, as those are deleted from webmail).

You can find out the country (probably) by going to SamSpade and putting in the IP address in to “Do Stuff” box. It doesn’t really matter though. It’s a worm trying to get in through the internet. Stuff like this happens all the time, you can’t find who does it, and it’s why you have the protection in the first place. As long as it’s working don’t worry about it.

Looks like the remote address is ns.kornet.net. Should I sent an email to their abuse address?

How could a worm try to invade my computer? I doubt SDMB would provide a doorway. I scan my computer ecery week, so the images I uploaded to my ISP for my eBay auction should be clean.

It won’t help. This kind of stuff is a constant background noise on the net. It’s not just trying to get to your computer, it’s trying every computer it can find, looking for the vulnerability that allows it to spread. If you keep your machine patched, it reduces the potential vulnerabilities that can be exploited. If you use a firewall, that hides any potential vulnerabilities from the network.

The worm is knocking on your door, but your door is locked. Rest easy.

Thanks.

I tried using a firewall (Guard Dog) on my previous computer, and it slowed it down to near uselessness. I’m crossing my fingers that Norton will catch attacks that may disable it.

I’ve never been a big fan of software based firewalls.

You can get hardware based firewalls pretty cheap these days. This one is about $65 and works quite well. I mention that one becuase I have used it in several places for various clients with no trouble but there are others to be had. This one is surprsingly full featured for the price though so I’ve gone with it.

You also might check with your ISP. More and more ISPs are offering firewalls in the equipment they give you. I have a 2Wire DSL router from SBC and it includes a firewall. Whether they make you pay for an equipment upgrade (if needed) or not you’ll have to find out but it is worth looking in to.

Once you get it setup you can pretty much forget about them and you will likely never know it is there (unless you try to do something for which a port is blocked but that is easily remedied).

Why not?

I’ve used the free version of ZoneAlarms for the last few years and it has worked very well for me.

Silly me. I opened this thread thinking Johnny L.A. had a safe-sex related hot date question. :smack:

It is not that software firewalls do not do the job intended…they do. Indeed they can be easier to use to and in some cases may be more effective.

For instance, hardware firewalls usually assume anything coming from inside your network and going out is ok. This definitely may not always be the case. A software firewall is better at watching something inside trying to get out and asking you if you want to allow it. It is possible to block this stuff on a hardware firewall too but it is more up to you to block ports and open appropriate ones and you have to figure out what those ports are. Software firewalls tend to be more user friendly in this respect.

That said I do not like any unnecessary overhead on my pc slowing things down. I have also found software firewalls to be more finicky in their maintenance and operation not to mention possible conflicts with other software I have running. A hardware firewall is fast and is mostly hands-off once configured appropriately. I have also found hardware firewalls to have more advanced features like Stateful Packet Inspection for better protection (I took a quick look at Zone Alarm’s features and did not see them mention they used SPI).

Also, if you have more than one computer on your nework and use a software based firewall you need to put it on every computer and manage them all. With hardware based one box protects everyone.

I’m thinking of actually joining the 21st Century and getting Internet access through cable. So if I got this box I could hook it up to my AirPort, right? (I don’t use the AirPort currently, since I’ve had problems connecting through dial-up.) I assume I can get a card for my PC so that I can use it with the AirPort. That way my PC and Mac will both be protected, right?