Windows 7 - network monitor to detect malware?
Asked By John
28-Dec-09 06:57 AM
If a PC is infected by a virus, it is sometimes difficult to know or detect
with virus scanner because most virus can cloak themselves. But they usually
have some sort of LAN or internet traffic, either in an attempt to infect
other PCs on the LAN, or to download "payload update", or to send off stuff
collected (bank account info, ...).
So, is there a network monitor specifically designed to detect virus
activity on a home LAN that I can run on a dedicated PC?
FireWall
(1)
RootKit
(1)
Beacuse
(1)
Characteristics
(1)
Appliances
(1)
Blacklists
(1)
Philosophy
(1)
Envirment
(1)
rakesh replied to John
On 12/28/2009 05:42 PM, John wrote:
actually i'm also in search of such tool......
FromTheRafters replied to rakesh
http://www.smoothwall.org/about/express-feature-list/ ?
David H. Lipman replied to John
| If a PC is infected by a virus, it is sometimes difficult to know or detect
| with virus scanner because most virus can cloak themselves. But they usually
| have some sort of LAN or internet traffic, either in an attempt to infect
| other PCs on the LAN, or to download "payload update", or to send off stuff
| collected (bank account info, ...).
| So, is there a network monitor specifically designed to detect virus
| activity on a home LAN that I can run on a dedicated PC?
Yes... and No...
Most malware does not "cloak themselves", per se. For the most part the vast majorty that
are not detected by a given anti virus are just not yet recognized via direct or heuristic
detections. However some RootKit trojans such as TDSS (aka; TDL3) are able to cloak/hide
form most anti virus applications.
FireWall appliances *may* or may not be able to act as a network monitor. It would depend
on the software on the appliance. Beacuse it is an appliance outside the operating
envirment this cloaking becomes a moot point.
--
Dave
http://www.claymania.com/removal-trojan-adware.html
Multi-AV - http://www.pctipp.ch/downloads/dl/35905.asp
Geoff replied to John
Such a tool is called a packet sniffer. It resides on the firewall
machine or is part of the main path at the WAN/LAN interface or on a
machine that can see all the traffic on the LAN. One such tool is
called Snort, http://www.snort.org. The tool is designed to detect
packets that are characteristic of intrusion attempts from outside but
it can be used for outbound packets as well. It all depends on the
rule sets. The sniffer inspects all traffic passing between the
firewall and the LAN and alerts when the rules are triggered. The
drawback is that the characteristic activity must be known in order
for it to trigger, just as the characteristics of the malware binaries
must be known in order to detect their presence. The intent is to
detect intrusion before it happens, an Intrusion Detection System
(IDS), not a extrusion detection since this only occurs AFTER a system
has been compromised and presumably this would only occur when malware
detection has failed. Using white lists and blacklists one can alert
on packets that do not fall within the "approved" parameters.
The philosophy is defense in depth, combining system updates and
maintenance and anti-virus measures with firewall protection and
traffic analysis to detect assaults as they occur. This is usually
more effort than most people are willing to perform to protect their
home computers.
How to disable Firewall Windows 7 I am using CA Firewall. Firewall is reporting that both CA and Windows Firewalls are running. I can turn off Windows Firewall, but it is turned back on every time I reboot. I want to "permanently" turn off Vista Firewall. How can I do this? Thanks, CharlieC Windows Vista Security Discussions Windows Server (1) Vista 1) CharlieC (1) Directory (1) Firewall (1) Masen (1) DC78C94DEA29 (1) Have you tried disabling the Windows Firewall service? 1.) Right click My Computer, select Manage 2.) Click on services and applications, click on services 3.) Scroll to Windows Firewall and Double-click it 4.) Change the start up type to Disabled -Masen That did
Windows Firewall Issues Windows 7 Windows Firewall will not enable. Here is what is going on: Windows Firewall - "Windows Firewall is not using the recommended setting to protect your computer." Security Center - "Windows Firewall is turned off." Services - There is no Windows Firewall Service I have performed a Google search with little or no relevant results. Performed SFC DDR2 (PC4200) RAM Sorry Michael, Don't disable the "Base filtering engine". This is your Firewall service. Make sure that it is Started & on Automatic. I was referring to the link PC4200) RAM Actually the Base Filtering Engine (bfe) is a system service sitting below Windows Firewall which provides interfaces for lots of different firewalls, anti-virus, etc. The Windows firewall service
Vista Firewall ?????? Windows 7 Vista Firewall, a bit of a misnomer. One small step above XP's one way Firewall. it may stop a lot of stuff incoming, but very little outgoing. In fact everything software. It's very small, and you'll realize how much you need a proper Firewall. PC.Tools Firewall Plus, free for Vista, will do the trick. . . That along with Avast free Anti-Virus d also use a Router for peace of mind. . . Windows Vista Security Discussions Vista (1) Firewall (1) PC (1) XP (1) Windows Update (1) MSFTNGP (1) TK (1) MS (1) Though you're right about the inadequacy of the Microsoft-supplied Vista firewall, PCTools Firewall is not an acceptable alternative as it will block access to machines on the local
MSN & McAfee firewall. . . Windows 7 (1) MSN (McAfee) provides a firewall (2) Vista provides a firewall (3) Linksys WRT 160n router provides a firewall Should I have more than one firewall enabled? If not, do I need anything more than the one provided by the router Howard MSN Discussion Discussions Windows Vista (1) Vista (1) Moderator (1) Linksys (1) Boots (1) Firewall (1) Sboots (1) WRT (1) If you use the McAfee firewall, the Vista firewall should be disabled. The router firewall is not an issue if you are using a