blog好き

Nov 05 2002

Categories: life

1 Comment »

Well, I think you need to consider a little more… but it’s a good start:

– Nimda is an e-mail worm, not a trojan. As such, the point of infection was through Outlook/Outlook Express. The virus worms its way into your system through an insecure port that Outlook left insecure.

– Norton is very effective at stopping infection of Nimda. I recommend spending the extra $50 and getting the Corporate Edition… which has a significantly better e-mail protector than the standard Norton. Ever since I started using Norton Corporate on my laptop, I haven’t been infected by a virus on that computer.

– Kamzu was lucky because ZoneAlarm monitors all activity on all ports. With that said, I highly recommend ZoneAlarm. It’s the best damn software firewall you can get these days since it’s the only one with a half-decent port protector. Unfortunately, the overhead for ZA is fairly high compared to other less-effective products.

– Trojans are what are typically spread through IRC. Trojans differ in that it must be user executed, so if I send you a file called mahoromatic__s2_06.avi, and it was really a trojan rather than what you think it is, and you click on it, you’re infected.

But, that’s highly unlikely. These days most trojan infections don’t occur on IRC but through WinMX/KaZaa. Hey, it’s hikaru_utada_simple_clean.mp3! It might be, but it might also have a trojan attached to it. Congrats! You’ve just been infected, but at least you’re singing along to Simple and Clean now. Who’s infecting you? 50/50 chance it’s either a 13 year old with nothing better to do or a record company exec with nothing better to do (besides count his money).

So? I have ZoneAlarm. It’ll stop the trojans from infecting me.

No, it won’t. You’re infected once you click the file, and ZA might stop it from accessing the internet, but more advanced trojans piggyback on files like mirc.exe. If you allowed mirc to access the internet through ZA, you’ve just given the trojan full access. You’re only hope is that Norton catches the trojan before you click. That and don’t use KaZaa.

Some other things to consider:

– Don’t use Sysreset. It’s less bloatware than Polaris or Invision, but it has exploits. If you only need a few scripts, just install those scripts on a base mIRC. Less worries there. Stay the hell away from dal.net and other shady IRC networks. That helps a lot too.

– Consider getting a hardware firewall. Having a hardware/software firewall combo can save a lot of headaches in the long run. A hardware firewall is nice for keeping people from scanning your network’s ports.

– Never ever check e-mail on a Windows machine. I use a Solaris box with Pine for all my e-mail needs and backed with a strong e-mail filter. With my 4 active accounts and a small website, I get 2-3 virii a week.