Jump to content

Virus?

Guest NeilVJ

By Guest NeilVJ,
in Website wishlist & problems

 Share

Recommended Posts

mikeb Newbie

mikeb

Posted
Posted (edited)

That's very true ... unless you are able to directly block the server(s) that are HOSTING the cr@p then a firewall isn't going to help you very much at all - no matter whether it's on your PC or in your router.

I have a local FW on the PC as well as a fairly reasonable one set up in my router. On the PC, I DO NOT have Acrobat configured to access the net but obviously FireFox and plenty of other stuff is. Interestingly tho, the FW didn't squawk despite the cr@p being downloaded and apparently getting as far as Acrobat. But it defo isn't a FW problem, it ALWAYS squawks when anything not configured attempts to connect to anywhere. Presumably, FireFox did the actual download and then the cr@p simply got passed on to Acrobat, either via the browser plug-in or because windoze has Acrobat set as the default application for PDFs of course. No local FW would really have been of any help in this particular instance.

However, I now have a large block of IPs allegedly allocated to Telos permanently blocked in my router FW, including of course the 1 single server address that appeared to be the ultimate source of the cr@p over the weekend. The reason I've blocked their entire range is quite simply because their servers are apparently littered with numerous dodgy sites dishing out malware various on various IPs apparently under their direct control. Whether they're intentionally dodgy sites or innocent genuine sites that have been hacked is completely irrelevant to me, but I rather suspect that they're mostly very much intentional TBH. There would also appear to be a significant history of them appearing to provide this 'service' for some considerable period of time.

No guarantees on it's accuracy of course but have a quicky look at THIS for instance and make your own mind up and all that :P Still interesting to note that IP apparently being used at the weekend hasn't made this particular database as yet for some reason but it is well listed elsewhere.

Blocking the dodgy servers at your door so to speak will obviously prevent the cr@p from ever reaching you BUT sadly, it's only a matter of time before the scumbags eventually move on and host their cr@p elsewhere of course so you're back to having no protection again :P

I am absolutely NOT an expert in any way shape or form so I fully accept that I may well be completely wrong on all this and/or interpreting various sources of malware reports and data somewhat incorrectly of course. I am also very well aware that various registration/configuration data etc. can be very easily faked as well. But there's not a cat in hell's chance of me ever allowing my network to connect to ANY Telos server any time soon. HOWEVER, if I am totally wrong in my conclusions and possibly making false accusations then perhaps someone could let me know and/or edit my post pretty d@mn fast to avoid one of those highly embarrassing libel stylee situations :P

Edited by mikeb
Link to comment
Share on other sites
  • Replies 670
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

eFestivals Mentor

eFestivals

Posted
Posted
That's very true ... unless you are able to directly block the server(s) that are HOSTING the cr@p then a firewall isn't going to help you very much at all - no matter whether it's on your PC or in your router.

that's not quite true, as I said.

The likes of firewalls such as ZoneAlarm which are installed on your PC can be set up so that a user has to specifically allow any program to have access to the world outside of that PC.

So while it doesn't stop a virus getting onto your PC in the first place, it does stop it being able to operate as it hopes to (as long as the user doesn't allow it that outside access).

Link to comment
Share on other sites
mikeb Newbie

mikeb

Posted
Posted (edited)
that's not quite true, as I said.

The likes of firewalls such as ZoneAlarm which are installed on your PC can be set up so that a user has to specifically allow any program to have access to the world outside of that PC.

So while it doesn't stop a virus getting onto your PC in the first place, it does stop it being able to operate as it hopes to (as long as the user doesn't allow it that outside access).

Edited by mikeb
Link to comment
Share on other sites
eFestivals Mentor

eFestivals

Posted
Posted
Yup ... but the point is it was apparently the BROWSER that did the download and everyone will almost certainly have their browser configured for ready access without question of course. Acrobat did not at any time attempt to access the net in my experience over the weekend. A local (software based) FW on the PC would provide no protection whatsoever in this instance unless you have it configured to request permission every single time your browser attempts to make a connection to the outside world - which is completely unworkable I would suggest. I don't fully understand the mechanism employed because I didn't actually get infected as such but although Acrobat was used it didn't actually appear to be responsible for grabbing the data, it was merely used as a means to an end. Maybe Acrobat would have ultimately attempted further connections if something else hadn't stopped it first :P but then again, most peeps would likely have Acrobat configured for ready access without question as well of course. If whatever dodgy stuff was downloaded had ultimately run in it's own right, then maybe a software FW would have prevented it grabbing even more data and doing more damage ... but it's only a maybe I think. I'm sure there are ways and means of malware avoiding easy detection and all that.

Only a hardware (router) FW will really help you I think and then only if you (or someone else) already knows the ultimate source of the dodgy data from previous experience of having a problem with it ! Same situation as with AV ... someone generally has to have a problem somewhere before any protection to others can be made available.

Mike, you've got this wrong, or misunderstood what I was saying.

The virus (in this instance) getting onto your PC in the first place can't be stopped by any firewall. The request that downloads it appears to any firewall to be something that's done with your authorisation (via your browser use).

However, a machine-based firewall (as opposed to a remote one, in a router or whatever) such as ZoneAlarm *can* stop that virus operating as it wants to once it's on your PC - because it's a separate program to any others, and because some machine-based firewalls require specific authorisation for any program to connect to anything away from that PC.

A remote firewall could operate in the same way, but most don't because they'd be a right pain in the arse to manage.

Link to comment
Share on other sites
st00ka Newbie

st00ka

Posted
Posted
I had this exact same revelation about the film "Gremlins" the other day. Go on, watch it again. The whole film is an allegory for the Cold War (as well as being a late Cold War era product), where all the hapless Americans (note how the American characters are almost all universally laughable, bungling types) and their machinery can't stop the little gremlins with funny names and a penchant for fiddling with things creeping into their world and exploiting their dependence on technology - indeed that technology itself - for their own ends (those ends being of course mindless destruction, nothing more). The message is clear: the gremlins are real, are smarter than us, and there's nothing we can do about it. It's an incredibly paranoid film, rife with each "side" being totally stereotyped to the point of farce - again, by design; the Americans think the Chinese have to be crazy little imps bent on chaos, and the Chinese think the Americans simply must be big dummies - but I can't decide whether the film makers (I forget who directed it) are trying to make us laugh at the high-jinks played on the Americans, or feel scared of the Gremlins on their behalf, or just make a point. I felt bad for them, to be truthful.
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Unfortunately, your content contains terms that we do not allow. Please edit your content to remove the highlighted words below.
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
×
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.


×
×
  • Create New...