Hello. After being infected by then liberated from two worms in one week
including the LuvSan worm, I was wondering if a personal firewall is able to
protect my computer from future worm attacks? Considering that worm viruses
can infect your computer JUST BY BEING CONNECTED TO THE INTERNET and NOT
even downloading anything, this poses a great risk to those of us who have
cable modems, satellite modems and DSLs, which provide a constant connection
to the internet as long as the computer is on. I know about several free
firewalls (Kerio, Zone Alarm, Sygate and Outpost) and that Comcast
high-speed internet users (like myself) get a one year free subscription to
McAfee firewall. So are firewalls a good protection from worms?

Having a cable modem, myself, I know that I can create an internet
connection icon in my system tray by going to (this is for Win XP Pro, by
the way) Control Panel > Network Connections > Open "Local Area Connection"
> General tab > checking "Show icon in notification area when connected" >
press "OK." I also know that if I right click the icon and select "Disable,"
my connection through my modem APPEARS to get severed (and to reconnect I
simply open my internet browser and tell it to connect). Now, so that I can
protect myself while NOT using the internet, will disabling my connection
using that icon actually sever my connection to the internet (because I've
heard that sometimes you can still be connected to the internet and not know
it, like when you don't even have a browser window open you are still
connected) and therefore protect me from worms? If not, I suppose I can
always physically sever my connection by disconnecting my ethernet cord from
my computer.

Thank you.

Jeremy

"Jeremy" <(E-Mail Removed)> wrote in
news:(E-Mail Removed):

> Hello. After being infected by then liberated from two worms in one
> week including the LuvSan worm, I was wondering if a personal firewall
> is able to protect my computer from future worm attacks? Considering
> that worm viruses can infect your computer JUST BY BEING CONNECTED TO
> THE INTERNET and NOT even downloading anything, this poses a great
> risk to those of us who have cable modems, satellite modems and DSLs,
> which provide a constant connection to the internet as long as the
> computer is on. I know about several free firewalls (Kerio, Zone
> Alarm, Sygate and Outpost) and that Comcast high-speed internet users
> (like myself) get a one year free subscription to McAfee firewall. So
> are firewalls a good protection from worms?
>
> Having a cable modem, myself, I know that I can create an internet
> connection icon in my system tray by going to (this is for Win XP Pro,
> by the way) Control Panel > Network Connections > Open "Local Area
> Connection"
>> General tab > checking "Show icon in notification area when
>> connected" >
> press "OK." I also know that if I right click the icon and select
> "Disable," my connection through my modem APPEARS to get severed (and
> to reconnect I simply open my internet browser and tell it to
> connect). Now, so that I can protect myself while NOT using the
> internet, will disabling my connection using that icon actually sever
> my connection to the internet (because I've heard that sometimes you
> can still be connected to the internet and not know it, like when you
> don't even have a browser window open you are still connected) and
> therefore protect me from worms? If not, I suppose I can always
> physically sever my connection by disconnecting my ethernet cord from
> my computer.
>
> Thank you.
>
> Jeremy
>
>
>

Can a host based FW protect from a self replicating worm trying to reach
the services running on your computer through ports? The answer is yes,
if the traffic that the worm is in is unsolicited inbound traffic
reaching the FW. A packet filtering FW will stop the traffic and the worm
that could be in the traffic.

If the computer behind the FW is soliciting inbound traffic from a
computer because the machine has initiated outbound traffic to a
machine, a FW will not be able to stop a worm that is coming in the
traffic.

It's up to the AV and the last line of defense, which should be the
first line of defense, the O/S, could possible stop the worm or malware
from reaching the machine.

Two FW's that I know of that can stop a worm coming in the network
traffic are Sybase with its IDS/firewall and BlackIce with its IDS
firewall. They both will close open ports to an attack of this nature
with BI being the more powerful of the two in stopping malware from
reaching the machine and executing on the machine.

The best solution for a FW solution is a NAT router and a host based FW
solution on the machine.

The protection of the machine starts with the O/S.

http://www.homenethelp.com/web/explain/about-NAT.asp
http://www.uksecurityonline.com/husdg/windowsxp.php

Do keep in mind, that nothing is 100% and one must use common sense too
in the protection.

Duane

--
The protection of the machine is a process and not a given!