[moe_08]

hi

let me start off by admitting that i am completely and utterly ignorant when it comes to computer tech (i only use it for minimal purposes).. that being said, i have a couple of security concerns i would appreciate if any one give me some feedback on them...

i ve just bought a new computer.. after i installed the OS (win xp home sp2) i immediately installed kaspersky internet security 7.0... and then i had to update it so i connected to the Internet and KIS updates takes foreverand my connection was slow also.. so the computer was connected to the Internet for a very long time was no protection (or obsolete protection as KIS was updating)....

1- what are the security risks of connecting to the Internet BUT not doing any browsing or downloading except the KIS update definition files downloads...?

2- what are the security risks if i connect to the Internet (ie hook the ethernet ADSL cable coming from a router and have no antivirus suite installed.. but DONT DO ANY BROWSING or DOWNLOADING..... i had to connect to the Internet before i installed KIS so as to activate my OS from Microsoft?


also windows not updated until KIS finished (after a long time) then i ran windows update which took even LONGER time


N.B. i have been attacked before on a different computer but on the same network by an ip from china (i dont know the type but i think its the one that over traffic the Internet?!?)but KIS blocked it.. so i am concerned that this guy who might know my ip address, attack the new computer during the time where KIS was updating.. esp when the attack hit when i opened an email (spam) that had the subject of my financial advisor company name..


i will be using this computer to access sensitive financial online data.. and i am PARANOID about my safety and security online esp of the issues mentioned above.....
currently
i have windows updated ........KIS 7 running and updated with firewall to max... and that’s it…
before i start using it for sensitive online action.. i need to feel more protected.. i am still concerned about keyloggers, rootkit virus, trojans,...etc...


3-how to 100 % check that the computer was not infected by anything of anytype during the updates download?

4-how to add more protection for the future?

i am actually considering to write zeros to the WD 160 hard drive.. is that reasonable

please any feedback is immensely appreciated
thanks

[Nesjemannen]

1. Not that big if you have firewall + antivir.
____

2. Risks may be high - Allways have an antivirus
____

3. U can NEVER be 100% sure. There are no such tools
____

4. For your concerns, Install:
1. superantispyware,
2. Spybot SD,
3. SpywareBlaster and
4. AVG antirootkit.
Update all - and scan regulary

+Also install 5. Hijackthis if you DO GET Problems Tech guy forums will be here to help you.

Websites to these programs:
1. http://www.superantispyware.com/
2. http://www.safer-networking.org/
3. http://www.javacoolsoftware.com/spywareblaster.html
4. http://free.grisoft.com/doc/5390/us/frt/0?prd=arw
5. http://www.trendsecure.com/portal/en...kthis/download

Run Spybot SD and spywareblaster and immunize.

Good Luck with your computering!!!

[moe_08]

hi thanks for the detailed reply

1-
i just realized that during the time i was updating kasper and windows (again it took a long time to update mean while the system was with no/obsolete protection)... another computer on the lan had a trojan virus in it.... what are the risks on my computer...

please note that i dont understand the mechanics of LAN,..etc.. all i know is that this other computer (the infected one) has an ethernet cable from the cpu to a d-link device that has multipe sockets for ethernet cable (where i plug my ethernet cable from new computer to it) and then there is another cable that goes from the d-link device to the router which is connected to my regular phone line....

and when i first ran KIS it said it detected a network connection and asked what to do i choose "internet in stealth mode"


i think it look like this

infected pc ---> d link switcher -----> router ---> splitter---> my regular phone line
my pc ---------> d link switcher -----> router ---> splitter---> my regular phone line


2- how to check that nothing bad got in either during windows activation (how ever i reformated the disk full format and re install the os and this time activated after i updated kasper but before updating windows) or that my security is not compromised beacuse the time i spent on the net updating and not fully protected while a computer on the network had a trojan

3- if you were in my shoes...
ie
1-been attacked before but on diffret computer same ip
2-connected to the internet to activate windows and there was nothing running but windows firewall however formated the disk after
3- spent a LONG time updating KIS 7 before windows updates and there was an infected pc with a trojan on the computer network
4- have a win xp sp2 home edition, KIS 7 only

what would you do to use this system for online sensitive financial data access with a peacful mind?

thanks for ur help and support

[wk2000]

When you're online updating KIS and updating Windows, there is a slight risk - that an attacker uses a vulnerability of an fresh unpatched Windows to attack you. All the security updates that MS provides fixes publicly known problems, some of them have public demo code that demonstrates the vulnerability, some have exploit code already. However, if you are behind a router, and thus not directly reachable, so the risk is medium.

I've read somewhere that a new PC can survive only 30min unpatched, but it didnt say whether those PCs are protected by routers.

The best way to see if you have a virus is to do online virus scans with All the vendors, since some vendors catch some viruses and some can catch others.

In your diagram, where is the modem ? I think you are calling your modem a router. Since you called your Dlink a switch, I would recommend you go and buy a router asap, because without a router, your PCs are directly reachable on the internet.

[moe_08]

thanks but please bare with me coz i am very skeptical about getting right as its for sensitive usage....


i checked and found that i have a repotec RP-IP1800 which is both a modem and a router but with no hardware firewall..

also the trojan that was in the infected computer on the network (even though i didnt share both pcs) was Packed.Win32.NSAnti.r..

here is a recap;


when i first turned on my new built pc
-i installed the OS winxp sp2
-then connected to the net with nothing but windows firewall (no hardware) to activate windows
- installed kaspersky internet security 7
- updated kasper ( toke a looong time with windows unpatched)
- updated the windows
- ran a full kasper scan that was clean..

ALL THROUGH This, there was a computer on the network (though not sharing with it, it just connected to the same dlink and the same router as mine) that had a trojan (Packed.Win32.NSAnti.r)... obvisouly i didnt know that..

i disconnected the infectd pc form the network but it was there during the first steps where the computer was unpactched and still updating..
i also ran counterspy scan and spybot scan on the pc and it turned clean...


do i run more scans.. what prog u recommend
do i write zeros to the drive and redo the whole things

now i dont know what to do.. what's next.. do i use it for online financial usage or not yet...will u use it ???

thanks

[wk2000]

I cannot find any good info on your virus. Some aliases say its a trojan, and some say its a backdoor. Backdoors allow remote access to your machine. Generally, they are not self-replicating and don't jump across machines in a network.

I would do an online scan on that infected machine, see here:
http://www.pandasecurity.com/homeuse...ns/activescan/

I would say your new machine should be safe to use