I think we should all lobby for legislation that would allow confiscation of any hacker's entire net worth, personal property etc. if convicted of originating a virus or worm on the web. These idiots are causing everyone a lot of time and trouble and there should be consequences.

------------------
Fitzwilliam

There are also a lot of companies making millions of dollars playing on the fears of people getting virii. The odds of anyone on a home PC getting hacked or getting a virus w/o using commen sense is practically nil. It's usually only businesses that have to worry about it. Anybody on a personal PC that says they get a lot of hits on their ZA from hack attempts is crazy. It's almost always from their own ISP.

The possibility of a home user becoming infected with a virus is very real, but not as great a threat as the companies writing the anti-virus software would like you to think. The recent Sircam virus/worm for instance, did cause plenty trouble, I got 5 copies of it. Want one? http://www.PCGuide.com/ubb/biggrin.gif Just kidding... We've seen a couple of people here on the forums with problems caused by trying to remove it. CIH or Chernobyl, in the past couple of years, has made its way onto many home users' systems. We've seen a couple of those too.

The threat of a virus infecting your system is very real, but minimal if you take a few simple precautions.

Never open any attachments from anyone you do not know without scanning them first, and it might be a good idea to run a virus scanner on attachments from people you do know. The chance they have gotten a virus is very real. Install and use a good anti-virus program, and keep the DAT files current. Only download software from reputable sources. (Just one of the reasons I'm so picky about the type of links posted here.)

Know what signs to look for to recognize a file as a possible virus threat. Any legitimate attachment should have a 3 character extension. filename.abc would be a normal file. Most email virus programs use dual extensions, filename.abc.def would make me suspicious. Some also hide the secondary extension, but not many. If it comes from a person you do not know, immediately be suspicious. If it contains a supposed picture file of a celebrity, that's a common ploy to get people to open it.

The Zone Alarm alerts are definitely NOT mostly from my ISP. I check the IP addresses and it's actually very rare that I see one that comes from my ISP. I've run whois on quite a number of them, they come from all over the place, many from Asia. Many are simple pings from websites trying to find out if you're still connected to the page, but a large number of the ones I see come from many different IP addresses. The ones to worry about are the ones that keep trying different ports for 10 minutes or more. One recently tried for over an hour, always from the same IP address, checking different ports. The ISP got a notice about it.

Your ISP pings your computer very rarely, if at all. If you're connected, the server knows it, so it simply listens for activity. If it doesn't discover any activity from your end for a certain time limit some will shut down the connection. But your ISP has no real reason to ping your computer. The server already knows you're connected, and which port you're connected on. It's not trying to connect to your computer, you're the one that connects to it, I don't think ISP's servers are set up to try and initiate any connection with yur computer, they simply sit there and listen for you to dial in. I've been running Zone Alarm for about 2 years and have never seen a connection attempt from my ISP. And I see bunches every day...so far 6 tonight in about an hour, none from the same IP...

------------------
Support the right to keep and arm bears.
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.geocities.com/paleopete/)

[This message has been edited by Paleo Pete (edited 08-09-2001).]

that's what I meant about chances of getting a virus is nil is if you use commen sense. It will happen, and I'm sure someday I might get one, but, I only meant that with simple commen sense you probably won't.
The alerts I usually get ARE from my ISP, I have to differ with you there. ALL ISP's,including yours, do have a reason to check you and it's mainly to see if you're running a server. That's very important for them to find out if you are. I don't much like ZA myself, Tiny is a lot better, I obviously believe you when you say you're getting many hits on ZA, you would know more than I would for sure, but, I can honestly say,from playing around, although ZA may block most things, it doesn't log very many of them at all. So if you say you have many hits with ZA, quadruple that amount and that's probably the real estimate you're getting hit. Try out Tiny for a week and you can see a difference right away.

Zonealarm and Tiny are both good. But if you really want to see the type of scans and other traffic coming and going from your computer. I would use
Snort and Windump/Tcpdump. In combination with the firewall of your choice those 2 programs will give you all the details you need about any "hack" attempt.

------------------
Comment heard from a Klingon programmer.

"Our users will know fear and cower before our software! Ship it! Ship it and let them flee like the dogs they are!"

Paleo Pete - Thanks for hammering home the message about virus attacks. In fact my standalone PC was infected by the SirCam virus/worm via an attachment from a trusted source.

<<The ones to worry about are the ones that keep trying different ports . . .>>
<<. . . The server already knows you're connected, and which port you're connected on.>>

I wonder, could you please explain the significance of "ports". I just don't understand. Judging by the port numbers there appear to be tens of thousands of it, but where do they reside, what do they refer to? Are they physical ports inside targetted PCs, ie my PC, or the source PC, or where?
Also, I do get constantly pinged by 172. xxxx which is AOL, my ISP.

The computer uses logical (virtual) ports for communications purposes. All communications between computers occurs using logical ports, and each has a number. Your computer has over 65,000 of them. Port 80, for instance is where all HTTP communicatins take place. Open a webpage, yur computer "talks" to the server that stores the webpage through Port 80.

Ports (http://www.networkice.com/advice/Exploits/Ports/) has a partial list of what communications software uses what ports.

If this explanation is unclear, I'll try again later, it's late and it's been a long day...

------------------
Support the right to keep and arm bears.
Note: Please post your questions on the forums, not in my email.

Computer Information Links (http://www.geocities.com/paleopete/)

Kaos, what you are saying about an ISP pinging you to check if are running a server may be more true for cable/dsl services than for dial-up, there are many of us out here who are still stuck with dial-up service and don't get pinged from our ISPs.

------------------
mjc
Links list:Computer Links (http://www.dreamwater.org/tech/mjc/index.htm)

Celts are the men that heaven made mad, For all their battles are merry and their songs are all sad.

Gun Control...hitting what you aim at!

Actually, mjc , I just installed ZoneAlarm this week and my first ping was from my ISP. Was "playing" with ZA and went and checked on "whois". Was miffed because my ISP merged with another company, and made all of us change our email addresses and such...and they still haven't changed theirs...their address still reads the old name.