From: FromTheRafters on

"RayLopez99" <raylopez88(a)gmail.com> wrote in message
news:16592792-4aab-4ce0-b2c6-8afafede4d78(a)b2g2000yqi.googlegroups.com...
On Feb 23, 10:44 pm, ASCII <m...(a)privacy.net> wrote:
> RayLopez99 wrote:
> >But using the Thai and Hungary examples, how do you know if these
> >sites are innocent or not? Very complicated.
>
> Not really,
> with a properly secured browser,
> all sites are innocent
> ...or inoperative.

What is a properly secured browser? Does the latest Internet Explorer
with all the patches installed qualify?

On Vista and Windows 7 it might be more secure. Of course it depends on
the configuration.

Quite a bit if the "danger" comes from scripting support, so if you
disallow scripting you are more secure. Better yet, a text only browser
offers quite a bit of security, it is you that must draw the line
between functionality and security.



From: FromTheRafters on
"ASCII" <me2(a)privacy.net> wrote in message
news:4b85bf7c.857093(a)EDCBIC...
> FromTheRafters wrote:
>>What is a properly secured browser?
>
> I suppose that's dependent on the threat,
> but I feel comfortable with Opera in a sandbox.
>
> Opera v10.10 (didn't care for the beta v10.50)
> http://www.opera.com/download/
>
> Sandboxie v 3.44
> http://www.sandboxie.com/index.php?DownloadSandboxie

Good stuff there.

I was reminded of Norman when I mentioned text-only browsing.
http://beacon.chebucto.ca/Content-2006/norman.html

Funny how some people leave a lasting impression.


From: David H. Lipman on
From: "FromTheRafters" <erratic(a)nomail.afraid.org>

| "ASCII" <me2(a)privacy.net> wrote in message
| news:4b85bf7c.857093(a)EDCBIC...
>> FromTheRafters wrote:
>>>What is a properly secured browser?

>> I suppose that's dependent on the threat,
>> but I feel comfortable with Opera in a sandbox.

>> Opera v10.10 (didn't care for the beta v10.50)
>> http://www.opera.com/download/

>> Sandboxie v 3.44
>> http://www.sandboxie.com/index.php?DownloadSandboxie

| Good stuff there.

| I was reminded of Norman when I mentioned text-only browsing.
| http://beacon.chebucto.ca/Content-2006/norman.html

| Funny how some people leave a lasting impression.



I forgot all about him! :-(

--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp


From: RayLopez99 on
On Feb 25, 4:58 pm, Chih-Cherng Chin <mei...(a)cheapmail.byinter.net>
wrote:
> I think it's kind of exaggerated.  The most bots I have detected in one
> day was around 5400, and I have been tracking botnets since last June.
> Now I can only detect 3000-4000 bots daily.  If a quarter of all PCs
> were part of botnets, I would do much better than that.
>
> --

let's say (as is my case) you are noticing suspicious burst of data
from your PC to some server, but you have not caught any viruses using
Webroot Antivirus with Spysweeper nor with Kaspersky. You also have a
firewall (Look N See). You scan (full scan) every other day. One
potential virus in the last five years. Running Windows XP Pro on a
Pentium IV.

What's the 'most probable bad thing' that can happen?

What I mean is this: say my PC is part of a botnet. So what? It
does not have a keylogger on it, right? It is not able to open and
read my Outlook emails (which are scanned by the AV program prior to
sending).

What's the 'most probable bad thing' that is happening? I'm asking
because Ant in this thread scared me--so I want to see 'so what'? Of
course I'm sure if some super duper hacker is involved, he will drain
all my bank accounts, but this anomalous activity has been going on
for a while, and so far my bank accounts have not been hit.

RL
From: RayLopez99 on
On Feb 25, 5:18 pm, RayLopez99 <raylope...(a)gmail.com> wrote:

> > >> The log should
> > >> indicate whether incoming or outgoing and if blocked or not.
> > > YES, it works!  I did click on "details" in my Firewall (Look 'n' See)
> > > and indeed it shows direction.  Yesterday's log is lost, but I found
> > > another 'suspicious'??? or maybe not entry today, here:
> > > aedz253.neoplus.adsl.tpnet.pl  which maps to this Polish server:
>
> > The IP address of that host is 79.186.103.253 which is being used by
> > a customer of tpnet.pl, a Polish ISP responsible for that IP.
>
> > > And it's 'outgoing'
>
> > Bad news.
>

Update: I think, and I am checking with the firewall people at Look N
Stop, that this is in fact an IP address that is being BLOCKED, not
going through. It still raises the question of what program residing
in my system would want to hook up with Poland, Thailand, etc. But if
I have some bot in my system, it has not been detected by any
antivirus program, and like I say it's being blocked from calling out
anyway.

RL