The Framers Forum

Question posed on another thread earlier, but has anyone noticed an increase in the frequency of attacks on their computers? My antivirus software has just blocked the second attack of the day. I used to get the occasional attack - once every 4-5 months would be a fair estimate - but lately they seem to be happening on a weekly basis.

I used to have a software firewall and it would show dozens if not hundreds of 'attacks' a day - it looks quite scary, but in reality few of them were actually an attack, and as long as you keep your AV & PC fully patched even those are unlikely to get anywhere. In the end I turned off reporting and just trusted it to do its job, which it did. Its a bit like the media reports about the economy, the software is giving you scare stories that make the reals situation look worse than it is.

Just make sure you update everything, run daily scans at a time you least use the computer, and you'll be fine.

Thanks, matey!

Just because I'm paranoid doesn't mean they aren't out to get me!

It depends on the type of attack.

If possible make sure your adsl router has a firewall and that it is on. This will stop port scans and attacks on the applications.

Other attacks can include malicious websites which exploit vulnerabilities in your web browser. An excellent way to limit these is to use firefox with the no script and ad block plus plugins. These will help stop sites using cross-site scripting attacks and you can turn on scripting for the sites you trust. It is also a great way to protect your online privacy as you can block sites which track your browsing habits.

The final way would be by an email which has a infected payload or some script which will download a payload from the internet. Your AV software should pick these off.

At work our firewalls receive several attacks a day and are port scanned almost constantly. As a percentage we receive 20% legit emails, 70% spam and 10% virus attacks. This is on a volume of a couple of thousand emails per hour.

I think the most important thing to do is the first item and make sure you have a hardware firewall in place. Secondly make sure your AV software is up to date, lastly make sure all of your windows updates are done and are upto date.

As a final note make sure your wireless network is encrypted and locked down. If possible use WPA encryption. The WEP key can be cracked very quickly and then I'll have full access to your network.

A good bit of software to download is Spybot. This will help protect your machine against spyware and malware.

An OPTIMIST is a person who doesn't have all the facts.
A PESSIMIST is an optimist who does have all the facts.
A CYNIC is a pessimist who has seen the facts in action.
A PARANOID is a cynic who has FINALLY realized that the facts are after him.

Hi Woodie!

From my ADSL router settings:

"Medium
Recommended setting. This level of firewall protection allows information to be sent securely to the Internet, but prevents anyone from the Internet from identifying the network address of your Router. This is the Internet equivalent of having an unlisted phone number."
Is this OK?

I don't have a wireless network, so that's one less thing to worry about (for now - it would be "nice to have" to network my now functioning laptop (ahem! how did you resist lambasting me for that one?* ) with my front of house PC. StickNet does me for now.

Will have a look at Spybot.



*Oh Mogney, you're such a plonker!

That setting sounds ok I think. From the description it sounds like it will stop port scans. If you like, I can have a look at the router manual if you pm me the model number.

As for the num lock thing, I work for a laptop manufacturer and we get this all the time. Because of so many calls we default the num lock to off now and I think we removed the setting from the bios to allow it to boot with it on. I don't know why I didn't think of it when you had the problem.

There is a web site which will do a port scan on your connection. Its http://www.grc.com and the bit you want to run is Shields Up. Most of the stuff on this guys site is scare monerging but the shields up app is quite good.

Hi Woodie,

Ran Spybot last night and it picked up a raft of stuff (seemed to all be tracking cookies - scary how many of them shneak in when your back's turned! ). Ran the "clean-up", and my internet link is now performing better.

Re not thinking about the Num Lock, you and me both!

Tracking cookies, like port scans can appear as an 'attack' when allsorts of sites use them for legitimate purposes - however, some malware also use them for less honest purposes. Again, the majority of them do no harm. Having tracking cookies doesn't mean you've been infected by anything.

You don't need any special software to stop tracking cookies though - read this http://www.edbott.com/weblog/archives/000385.html

True about "genuine" tracking cookies, but since they've been expunged my "not that great" broadband connection is a bit more nippy.

Just noticed a pattern. I've not been on Skype for a while, but logged on this afternoon, and now I'm getting lots of "attack blocked" alerts again. When I didn't have Skype running on my PC, I think I maybe had one alert in the past couple of weeks. I now realise that this issue of increased alerts/attacks seems to have come about since I started using Skype.

Anyone got any ideas why? I don't think it's coincidental... (but I've been wrong before ;? )