can't use a firewall: want to protect myself against virusses

[Ultraworld]

HELP

Got msblast.exe
Really anoying. Most virusses used to be e-mail attachments so I thought I was safe there I use webmail and never runned those attachments..

Now I want to get rid of the virus & I want to protect myself.

so a few questions . . .

1. If there are no programs (who execute those instructions) behind a port then I should be safe, shouldn't I?

2. What is RPC? that is the program running behind port 135.

3. How can I close RPC

4. Are there any other programs behind ports which might be used in the future.

5. How can I manually get rid of the virus.

6. What does a patch do. (begore I run something I want to know what job it does)



I am connected to a network so I can't use a firewall

 

[Plexus]

Well, if you want to block unwanted attempts to access any of your ports, I reccomend http://www.zonelabs.com/ 's Zone Alarm. I'm on a network and I have no problem with it. Best of all, the free version can run for as long as you want.

And one of the best ways to prevent stuff like this is to patch your OS, a patch fixes a problem found with the software.

 

[dannyevilcat]

I'll second the Zone Alarm. I've had it for years, no problems with it at all.

 

[CrackedCrystal]

Wow, lots of questions, I will take a stab at them.

1. If there are no programs (who execute those instructions) behind a port then I should be safe, shouldn't I?
I don' really know what you are talking about here.

2. What is RPC? that is the program running behind port 135.
RPC is Remote Procedure Call. It is a Windows Serive that assists other Windows services. It allows a program to execute another program on a server.

3. How can I close RPC
You can close it through the Service Manager, but you do not want to. Dozens of services depend on RPC and your computer will have hundreds of problems if you close it.

4. Are there any other programs behind ports which might be used in the future.
Not sure what you mean here either. If you mean are there any other programs that can be expoited like Blaster did, there is no answer. You don't know until someone finds an exploit.

5. How can I manually get rid of the virus.
I will let Microsoft field that one:
http://www.microsoft.com/security/incident/blast.asp

6. What does a patch do. (begore I run something I want to know what job it does)
The Blaster virus takes advantage of a bug in Windows where you could over-run the RPC buffer and allow code to be run on a target manchine. That is why you get the RPC failure message. The patch corrects this problem. The virus removal steps in addition remove an entry in the registry created by the virus.

I am connected to a network so I can't use a firewall
This is not true. You still can have a firewall.

Hope that helps!

 

[Ultraworld]

thanks
will ask our network nestor about the firewall
Can I still share mp3s with a firewall

 

[Ultraworld]

I don' really know what you are talking about here.

i try it again: programs (eg kazaa) use one of the 60000 ports you got to communicate with the rest of the world. Vive versa some programs (running on compus around the world) use one of your ports to talk with programs (which might do harm) running on your computer. But if there are no programs to talk with you should be safe

or am i wrong

thanks again

 

[CrackedCrystal]

Ok, I see what you are asking. You are asking if you do not have any programs listening to an incoming port, will your computer be secure? Basically if you relate port numbers with telephone lines, if no one is on your side to pick up the phone.

Well, I do not think you can remove everything listening to a port. I think Windows has a few things that use them, and you said that you are on a network so some are vital to be open. I however have never tried. Not to mention you would not want to remove your internet/email/etc just to stop all programs from listening to ports. To use a cliche, the cure would be worse than the disease. A "netstat -a" on the command prompt will show the status of all your active and listening ports.

Even if you were able to remove them all, you still would not be completely safe. Other forms of attack would still affect you. I mean, someone could give you an infected floppy disk.

The best course of action to take is have a firewall and virus checker. If you have a good firewall, you will have a three prong defense. The firewall will stop anyone from trying to get into your computer from outside. The Anti-virus will stop any harmful code that sneaks in through email or file sharing for example. And the firewall will be able to stop any outgoing programs that happen to break through the other two layers (or spyware that virus checkers will not catch).

Just to clarify though, contray to what many people think, a firewall is not a single thing, more of an idea. It is a collection of small things that protect a network or computers. Some examples are port stealthing, Network Address Translation, and Packet filtering. In fact, some people consider an anti-virus application to be part of the firewall as well. What firewall programs do is collect many of these individual ideas into one program.

And although you sound like you have a good idea what a port is, for others reading this, despite its name a port is not something you plug a cable into. It is nothing more than a number placed on a piece of data going across the network describing what program the reciepient computer should pass the data to. Now that was a mouthfull