dial-up security question...

[Brad Pears]

A user recently came to me and asked a question regarding her home PC. They
are running Win 98 and have a dial-up internet connection. When the user got
her phone bill last month she discovered over $30.00 in calls to a small
country in Africa. Upon looking into it further she discovered through
research that there is a pop-up out there right now that will auto
disconnect your dial-up connection to your locall ISP and reconnect you
through a server in this country... (or something like that... at very least
it's making a connection to something over there....)

So she asked me if there was any way to prevent this. I mentioned the
freeware Pop-Swatter which eliminates pop-ups but she says she has this and
it does not seem to work for her.

The other option I thought of is this...

Does anyone know of any way of locking down the dial-up so that ONLY a
certain number (entered by the user) can be dialed? This way, only the users
ISP would be placed in the dial-up list and no other number could even be
dialed!

Any info would be greatly appreciated... (for XP too!)

Thanks,

Brad

 

[Fritz]

Download, install, update and run AdAware 6.0 (build 181) from Lavasoft. It
should remove the spyware causing the problem.
Another great anti-spyware utility is Spybot S&D - both utilities are free.
The key is to update the reference files before scanning the system.

 

[Brad Pears]

Thanks for that info...

Brad

Download, install, update and run AdAware 6.0 (build 181) from Lavasoft. It
should remove the spyware causing the problem.
Another great anti-spyware utility is Spybot S&D - both utilities are free.
The key is to update the reference files before scanning the system.

 

[Brad Pears]

Fritz, how do you ensure that your real email address is not on a newsgroup?
For instance, if you reply to this email, I believe it will reply directly
to my work email address... Is that correct? If so, how does one prevent
this from happening? I am using Outlook Express to view the newsgroups...

Thanks,

Brad

 

[Fritz]

Go to Tools/Accounts/News - double click on your news account and modify the
settings (give it a bogus e-mail address)

 

[Brad Pears]

Thanks again for that!

Go to Tools/Accounts/News - double click on your news account and modify the
settings (give it a bogus e-mail address)

 

[&nbsp]

x-no-archive: yes

A user recently came to me and asked a question regarding her home
PC. They are running Win 98 and have a dial-up internet connection.
When the user got her phone bill last month she discovered over
$30.00 in calls to a small country in Africa.

The best advice is to use a really strong anti-malware utility. The
most-thorough such utility available (bar none, no argument) is
Kaspersky Anti-Virus, available at http://www.kaspersky.com/ . Note,
though, that Kaspersky Anti-Virus can be CPU intensive, and does not
work well on all systems for that reason. Even if it doesn't, it's
worth installing the free trial just to clean the system.

 

[cquirke (MVP Win9x)]

Brad Pears wrote:

The best advice is to use a really strong anti-malware utility. The
most-thorough such utility available (bar none, no argument) is
Kaspersky Anti-Virus, available at http://www.kaspersky.com/ . Note,
though, that Kaspersky Anti-Virus can be CPU intensive, and does not
work well on all systems for that reason. Even if it doesn't, it's
worth installing the free trial just to clean the system.

There are two types of malware, and each needs different tools to fix.

Traditional malware are viruses, worms and so on that traditional
antivirus utilities will detect and attempt to clean. To protect
against incoming traditional malware, you need to:
- apply OS patches to wall out certain direct entry points
- use a firewall to further protect against network entry
- practice "safe hex:" clue about what you "open"
- run a resident av (antivirus) that scans material before use
- keep that av up to date

Commercial malware is "legitimate" software that has effects other
than what you'd want, and that stealthily installs itself with your
notional consent. Because the vendor can claim to be legitimate
software there by your consent, av will ignore these threats - so you
need specific utilities aimed at detection and management of this
software; Spybot, Ad-Aware and other (usually free) downloads.

For commercial malware, you can scan and manage the problem from
within Windows. Make sure your utilities are updated, as - just like
traditional malware - commercial malware is constantly changed to
defeat detection and removal.

For traditional malware that has become active on your system, you
should scan and manage these formally (i.e. when the infected system
is NOT running any potentially infected code whatsoever). That's easy
to do if your file system is FATxx, as DOS-based scanners can scan
this from a DOS mode boot diskette. If you use NTFS, then you have
created a problem for yourself.

I would trust a formal scanner a LOT further than even the best
Windows-hosted av. You can download free DOS-based av from
www.f-prot.com, www.nod32.com or www.sophos.com - the first is free
for private use, whereas the other two are free evaluation copies
(which means you can't get free updates to keep them current).

Your case sounds more like commercial malware, but the same risk
exposure makes traditional malware something to exclude too.

-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.

 

[&nbsp]

x-no-archive: yes

There are two types of malware, and each needs different tools to fix.

Traditional malware are viruses, worms and so on that traditional
antivirus utilities will detect and attempt to clean. To protect
against incoming traditional malware, you need to:
- apply OS patches to wall out certain direct entry points
- use a firewall to further protect against network entry
- practice "safe hex:" clue about what you "open"
- run a resident av (antivirus) that scans material before use
- keep that av up to date

Commercial malware is "legitimate" software that has effects other
than what you'd want, and that stealthily installs itself with your
notional consent. Because the vendor can claim to be legitimate
software there by your consent, av will ignore these threats - so you
need specific utilities aimed at detection and management of this
software; Spybot, Ad-Aware and other (usually free) downloads.

For commercial malware, you can scan and manage the problem from
within Windows. Make sure your utilities are updated, as - just like
traditional malware - commercial malware is constantly changed to
defeat detection and removal.

For traditional malware that has become active on your system, you
should scan and manage these formally (i.e. when the infected system
is NOT running any potentially infected code whatsoever). That's easy
to do if your file system is FATxx, as DOS-based scanners can scan
this from a DOS mode boot diskette. If you use NTFS, then you have
created a problem for yourself.

I would trust a formal scanner a LOT further than even the best
Windows-hosted av. You can download free DOS-based av from
www.f-prot.com, www.nod32.com or www.sophos.com - the first is free
for private use, whereas the other two are free evaluation copies
(which means you can't get free updates to keep them current).

Your case sounds more like commercial malware, but the same risk
exposure makes traditional malware something to exclude too.

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.

You're not going to teach me anything about malware. I've been there,
done that, many times over.

Kaspersky Anti-Virus has what they call "extended bases" available,
which is the most thorough in the industry
(http://www.kaspersky.com/extraupdates.html). These bases can detect
spyware, adware, and what they term "riskware", which is basically what
you term "commercial malware". Kaspersky does it all, and it does it
better than Spybot and Ad-aware. Give me a break, OK?

The fact that you'd recommend NOD32 to detect something like a dialer
really says something here. NOD32 may work well for prevalent Windows
malware, but it really is lacking for more-obscure malware, as many
trojans and dialers are. This isn't me taking part in an AV-utility
pissing contest, it's verifiable fact, based on the observation of many
users, and a comparison of malware database sizes.

I'm not sure what you mean by "Your case sounds more like commercial
malware". I don't have "a case" at all. The OP does, and it's a
dialer. And sorry, but Kaspersky crushes everything you recommended
like a grape for that.

 

[cquirke (MVP Win9x)]

You're not going to teach me anything about malware. I've been there,
done that, many times over.

This is a public post, not a private email - so you are not the only
reader I have in mind.

Kaspersky Anti-Virus has what they call "extended bases" available,
which is the most thorough in the industry
(http://www.kaspersky.com/extraupdates.html). These bases can detect
spyware, adware, and what they term "riskware", which is basically what
you term "commercial malware". Kaspersky does it all, and it does it
better than Spybot and Ad-aware.

Sounds good. It's not free tho, so the original poster may like to
hear of free alternatives.

The fact that you'd recommend NOD32 to detect something like a dialer
really says something here.

Not really - what part of "Your case sounds more like commercial
malware, but the same risk exposure makes traditional malware
something to exclude" did you not understand? Using a formal av scan
isn't to look for diallers, it's to exclude other malware that may not
have brought themselves to the user's attention yet.

NOD32 may work well for prevalent Windows malware, but it
really is lacking for trojans and dialers

Yes, NOD32's known to be a narrow-focus av tool in that respect, weak
on detection of trojans because they "are not viruses". I'd expect
any traditional av to miss commercial malware anyway.

I'm not sure what you mean by "Your case sounds more like commercial
malware". I don't have "a case" at all. The OP does

Well, that's who I'm writing to - generally, a post is started by an
original poster who hangs around to read the thread.

You aren't the only reader in newsgroup land, and I'm not
specificallty addressing you when I post.

-------------------- ----- ---- --- -- - - - -

Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.