I'm curious about this because of a recent article that I just read ("Internet Security Fail").




This is what disturbs me the most in the article:
"The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose. And the zero-day exploits used in these attacks are unknown to antivirus companies by definition. As far as we can tell, before releasing their malicious codes to attack victims, the attackers tested them against all of the relevant antivirus products on the market to make sure that the malware wouldn’t be detected. They have unlimited time to perfect their attacks. It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons."


So, the operative word here is "targeted malware". It's one thing to exploit anti-virus software, but another to actually get inside a computer's security perimeter. The majority of infections are caused by an unsuspected payload getting onto a computer and then eventually being executed, or somebody clicking on a website icon/link and accepting the invitation to execute. The anti-virus software is the last line of defense (discounting other intrinsic protections like hardware DEP). But what about hackers that are out there, trying to punch holes through computer firewalls at random? Is Windows Firewall, in combination with your ISP, cable modem, and wireless router security, enough to protect against direct malicious attacks like that? I would venture to say that the home user is pretty well off the radar of hackers and that it's only large institutions whose servers are connected to the Internet 24x7 that are really at risk. But then, there's the matter of hacker apprentices who may port scan the IP address ranges just hoping to find something vulnerable to start poking around at, as a practice test... right? Or have things improved enough to prevent such activities?

My main curiosity is to know if your "Internet footprint" is of any consequence. If I'm away from my computer for a good stretch, is there any benefit to turning off the Internet connection? Or should I never worry about that?

The hardest thing to bdo is a direct hack into a computer. Is it impossible? no, but its difficult and time consuming enough that the average user isn't worth the effort.

Now if theres something a hacker wants, its pretty much theirs, but just to steal bank info, theres alot easy ways, i.e. comprimised websites, bad d/l's etc.

You may want to unplug your connection, just to keep your computer from d/l unknowing things like updates, plus you know if someones hacked your wifi.

^ I guess it all comes down to "accessible prey", when it comes to the general public. If you're got your firewall turned on, operating without any user defined exceptions and you haven't installed any software that might revise it (like VUZE), and your wireless router has at least WPA2 running, then I expect that your computer wouldn't be worth the trouble. I'm just wondering about the random chance thing... a hacker has a bunch of zombie computers doing port scans and sweeps, looking for vulnerable computers attached to the Internet, then by a stroke of bad luck just happens to choose yours to mess around with.

When two animals are running away from a predator, the only thing each animal needs to worry about is staying ahead of the other animal. The predator will get the slowest one. So, all we need to be concerned about is being more protected than the average computer. Malicious hackers probably look for the easier targets, because the harder ones are too time consuming... why slave away at a "wild guess value" computer when there are plenty of other ones with greater vulnerabilities and just as much of a chance in pay off (meaning financial information).

If the hackers bored and wants you, forget it, its pretty much game over. The odds are probably less than you getting run over by a car. Especialy if you have a router, as it hides your system, despite what windows opens.

Try this:
https://www.grc.com/x/ne.dll?bh0bkyd2

It'll show you what you look like to the web.

To stay ahead, an updated system should have no "known" vulnerabilities, so you should be all good.

Originally Posted by Patonb

If the hackers bored and wants you, forget it, its pretty much game over. The odds are probably less than you getting run over by a car. Especialy if you have a router, as it hides your system, despite what windows opens.

Well, that's very extreme. Something along the lines of pissing off a malicious hacker on some warez forum, and he decides to follow my IP address, burrow through the security defenses of my ISP, cable modem, and wireless router, then begin chipping away at my firewall. Of course, I'd have to be on-line. But I may have a firewall that'll let me know when someone's trying to cross the line, and simply disable my Internet for a while. Perhaps he'd have a 'bot to keep checking. But then, what happens when I get a new IP address from my ISP and I don't reappear on the forum? Now he'd have no way to know who I was. My only signature, my former IP address, is no longer valid. I'd have no other traceable bit left behind.

Originally Posted by Patonb

Try this:
https://www.grc.com/x/ne.dll?bh0bkyd2

It'll show you what you look like to the web.

To stay ahead, an updated system should have no "known" vulnerabilities, so you should be all good.

I did try that and I'm presently struggling to figure out why my Echo Request (ping reply) is returning, when I've specified rules to block it.

Yha, only thing is you'd need to specifically ask and explain, simply, why you need an ip change, as my dynamic ip from my isp actually bounces around 2 different addresses. You'd want to ensure you didnt get the old one again.

BTW, your isp and cable modem offer 0 security, only your router with he firewall is any security.

Youre returning a ping? on no, youve b33n h4x3d f0r r431

Just kidding.

The issue was my wireless router. It was set to return pings. I turned that off and subsequently passed the test. Hopefully it won't cause any other issues, like slower responses from DNS or ISP servers.