maybe antivirus a good thing to run w/ AH?

[Wes14]

this kinda humorous thing happened, went to disable norton so i could go on AH (with less Fps impact) right before i went to disable it

guess what?

Norton pops up about an attack on my pc..and then the "Attacking" pc sends the same thing over and over again and gets blocked

Attacking Pc's IP:81.177.23.211,80 (as identified by norton)


so lets also add a vote based in this story

disable antivirus/firewall and let the attacking pc put what it wants on yours

or keep it on and suffer performance loss

[OOZ662]

If you aren't out surfing porn and keep your PC clean, there is little need for a firewall. You most likely have a backdoor running on your PC or have given away your IP address without knowing it.

[Wes14]

acually if i remember right it was a virus that creates a backdoor..i had one of those on my pc when i got the new norton and got rid of it

dam nerdy ppl with too much time on their hands try to wreck my pc

(not talking about AH "Nerds")

[OOZ662]

True, but viruses don't just pick random IP addresses and send either. You have to pick them up.

My point is that if your PC is clean, there's no reason to run a firewall along with AH.

[Wes14]

cant u run a firewall that allows AH's needed ports to run without being observed and basically block the rest while AH is running?

cause i dont think my pc is clean..i know that 41 processes aint normal either:noid

[Brenjen]

I always disabled my AV prog. & firewall with my old slow P/C. That being said a firewall shouldn't interfere with your AHII frame rate. If you have AHII set to pass through the firewall it won't be blocked at all.

 As far as I know, no one has ever picked up a virus from playing AHII. My Nod32 stopped me from opening a link in these boards that someone posted one time, but that was the closest thing I've experienced. Of course that's with ANY public forum.

 With the P/C I have now I can run a virus scan in the background while playing AHII & only suffer a slight frame rate drop, so there's no need for me to disable the real time protection since a quick update will barely cause a hiccup.


Edit: 41 processes is high

[Wes14]

Originally posted by Brenjen
With the P/C I have now I can run a virus scan in the background while playing AHII & only suffer a slight frame rate drop, so there's no need for me to disable the real time protection since a quick update will barely cause a hiccup.


Edit: 41 processes is high

Ur machine must have alot more Horse-power them mine cause if im stubborn and leave Antivirus on my frame rate varies from 2 to low 30's

good thing im more of a tanker or i would be screwed:mad:

[Krusty]

Some anti-virus programs are in and of themselves like viruses. I'm usinge AVG free edition (got fet up with norton and symantec BS) and I can leave it on while gaming with no impact. Mind you, I'm behind a firewall router, though.

[Skuzzy]

Originally posted by Wes14
this kinda humorous thing happened, went to disable norton so i could go on AH (with less Fps impact) right before i went to disable it

guess what?

Norton pops up about an attack on my pc..and then the "Attacking" pc sends the same thing over and over again and gets blocked

Attacking Pc's IP:81.177.23.211,80 (as identified by norton)


so lets also add a vote based in this story

disable antivirus/firewall and let the attacking pc put what it wants on yours

or keep it on and suffer performance loss

I have been on the net since the DARPA days.  I have never run a personal firewall or anti-virus program.  I have never gotten a virus or a spyware program on my computer.

If you leave all the security MS provides for Windows at is defaults, then you are inviting trouble.  If you do not do the security updates from MS, then you are inviting trouble.

Anti-virus programs only work as well as the last update to them.  They are really no better than the operating system is as it pertains to keeping a virus off your computer.  If you get a virus, it is through your own actions you got it.  While there are worms and DOS programs out there which exposed issues in the operating system, those blatant ones have been closed up.

And there is nothing that will drive me right over the edge than someone running a software firewall which is improperly configured.  If you set that stupid firewall to block all ports and then go one moronic step further and have it actually report any scan of any port, then you should be banned from using a computer.

Network software cannot connect to a TCP port which has NO LISTENERS on the port, or where there is no UDP protocol attached to a port..  It is quite impossible as that is how network software establishes connections.

Now, to see what the active ports are, so you can block the ones that need to be blocked, go to Start->Run->Command, then type "netstat -an" and press .  Make sure nothing is running when you do this.

In the right column, anything showing the state of "LISTENING" should be blocked.  The port is shown under the second column combined with the IP address of the LISTENER.  Example: "10.0.0.1:139".  This means 139 is a port needing to be blocked.

Then look at the UDP ports futher down and block them.  You might as well turn off any reporting, as it will be pretty useless.  Why?  Lets look at port 139.  That is a NETBIOS port.  If you are on cable, and someone on your node turns on thier computer, and they are on the same IP subnet, your NETBIOS port is going to be hit.  It is a perfectly legitimate hit initiated by Windows during boot up.

Speaking of NETBIOS, make sure you set your workgroup to something other than "WORKGROUP".  Make it something unique.  It is an easy security precaution to take and one that is often overlooked.  If you have other computers on your LAN, then make sure to change all of them to the same workgroup.  Leaving the default worgroup name and enabling file sharing is a quick way to get nailed by some script kiddy.

I really hate the way software firewalls have been presented to users.  All the documentation and marketing garbage is designed to make you paranoid.  And in doing so, 99% of people who use them have no idea how to use them properly.

Take the above example.  This guy is supposedly getting a connection attempt to port 80.  Duh.  Port 80 is your browser.  Guess what?  Your browser will ignore than connection attempt.  No need to block that port.

Taking it a step further.  If your browser is not open, then nothing would have happened.  The connection would not even have shown up at all.  The 'attack' as it is described, continues as the stupid firewall is actually allowing the connection to be made then terminating it.  So the remote guy is trying to figure out if this is a WEB server or not.  All you have done is expose your computer to more attacks by blocking a port which did not need to be blocked.

[Roscoroo]

here this will help ya learn

http://security.symantec.com/sscv6/default.asp?langid=ie&venid=sym

Do the security check, then check your results  ,if your pc / routor /or gateway  is configured correctly you should see at least all "closed" ..

port 139 netbios is another important port that should be closed or in stealth (not seen on the net )

when running the test every pc ive tested with at this site has always failed the Anti virous part ... but then this test  cant test AV anyway .

i pass with  closed and Stealthed ports. none are open ... and all i run is a routor/gateway and  AV program .. no software  firewalls on any of my pc's.

befor i ran a routor I did all my config manually in windows and could pass with all closed ports  ... this wasnt to hard to do it just took time studying and testing at the symantec site til i figured it out.

with a properly configed setup the only way you can catch a virous is if YOU Open it /let it in.  also a proper setup stops all the ping traffic your getting thats setting off your Firewall and slowing down your connect / AH Frame rates..

[Skuzzy]

Hey Rosco.  That Symantec link will not even start on my computer.  Apparently they do not like my security settings.

Looking at what they are doing, I will say this.  If your computer will not run the tests, then your computer is probably pretty well protected from most things.

Apparently, Symantec does not consider Java a security threat.  I find that a bit funny.

[Roscoroo]

yea Ive got to turn on java to get it to run ... witch of course if it dont run your most likely pritty safe ..
 

But thats the site i used to learn off of ...so if it can work for a idiot like me ... lol

Poor java .. it is a threat and it isnt .. alot of games still run thru java still ... and  we remember java chat rooms ..boy were those a virous waiting to happen.


Im pretty sure Wes14  wont pass and hopefully he'll spend the time studying and learning  from it .

[MrRiplEy[H]]

This is where I do not agree with Skuzzy at all. A personal firewall is the only means for a general user to maintain any control over the network activity of the computer.

All the security measures and windows updates in the world won't help you if you get hit by a trojan the second you make a fresh install and enable ethernet. This happened to me personally when I installed my first new computer using a cable connection the first time. Right after the setup installed the ethernet drivers, pop goes the trojan in. Luckily I realized what had happened and could reformat, reinstall and leave the ethernet cable disconnected. Later investigation revealed that the cable service was riddled with portscanning trojans just waiting for a fresh un-nated machine to be connected. The service provider knew the situation but by law they were not allowed to analyze any client activity and therefore were not allowed to inform customers their machines were infected and spreading.

Sure you can preconfigure everything so that your computer is patched and closed down before the first internet connection. If you're an expert and have prepared everything ready with an already working computer..

The Joe Schmoe will just barely know how to click that setup icon and press 'next' untill the software firewall is installed in order to keep the port scans out. In fact, even that is too difficult for at least 20% of the users.

Same goes with trojans. If Joe gets one on his box, the firewall will be the only thing stopping it from connecting out and spreading, or even worse, dropping 10 new trojans to the box immediately.

Having said that I have to admit that even the personal firewall is rarely the answer as users will not know which connections they should allow and which not. And they are not willing to find out when they don't. But still I prefer to keep everyone I know behind a firewall instead of being out in the open.

[Skuzzy]

The problem I have with personal firewalls has to do with people not configuring them properly.

I know exactly what problem you had MrRipley.  Earlier versions of XP had that exploit available.

I run a dedicated firewall at home.  Dedicated firewalls are much better than any personal software firewall will ever be.  I did not clarify that in my first post.  I have never used a personal software firewall and never will.

And I will argue most people do not have a clue as to how networking actually works which leads to mis-configuraing a firewall based on the rantings and ravings of some clown's marketing spiel.

[Wes14]

Skuzzy
the "attack" was on port 5117 if i remember right

Roscoroo
i ran the test..everything seemed to pass