Aces High Bulletin Board
Help and Support Forums => Technical Support => Topic started by: 99taylor on May 19, 2005, 05:12:37 PM
-
after spending the last week clearing my computer of spyware and virus stuff I have been advised to install xp service pack 2; is it safe or will it screw up my ah2 gameplay?
-
It is perfectly safe to install and will have no effect on your gameplay.
One piece of advice make sure your graphics drivers are up to date, the only time i had a problem was one machine having an old graphics driver.
On reboot the graphics were screwed, but its a known issue.
-
Make sure you turn the firewall off too.
-
Umm only turn off the winXP firewall if you are protected by another, otherwise you will soon be back to infection central.
-
Since the poster was asking if it was safe or not to install, I'm assuming he doesnt have any such issues. Nothing was said about having infection problems, and if he requires a software firewall, there are far better ones to use while gaming than the Windows setup that comes with SP2. If his question had been "I dont have a firewall, and havent updated to SP 2 yet. Is it safe to install?" then I would have included a very similar statement to yours, probably a qualifier like this.
For anyone who DOES NOT have a Firewall currently, or who has problems that they think might be solved by installing one, AND if you are upgrading to SP2, then by all means leave the firewall turned on. Dont expect good gameplay from AH if you do so, but you will feel better knowing you are protected by Microsoft's best I'm sure.
-
Since the poster was asking if it was safe or not to install, I'm assuming he doesnt have any such issues. Nothing was said about having infection problems
I guess you missed this bit then.
after spending the last week clearing my computer of spyware and virus stuff
-
Originally posted by 214thCavalier
Umm only turn off the winXP firewall if you are protected by another, otherwise you will soon be back to infection central.
I don't quite get where people thinks stuff just flies into there computer and corupts it?? I don't & won't use a firewall, simply it is not needed. ALL spyware, worms etc... comes from stuff YOU DO! Opening emails, going to shady web sites, installing tool bars & silly bells & whistles off web sites. And firewalls do nothing to stop this kind of thing. I have a 4 meg cable conect that is all ways on 24 hours a day and have NEVER had a sigle thing jump into my computer & screw it up. I have however done some stupid things with email attatchments & web sites... if you tell it to or let it install crap you are not sure what it is you will have problems...reguardless of firewalls & virus programs.
-
Is that true? I had always asumed that if you were online even if you wern't doing anything, people were scanning for your system and would find it and infect it without you doing anything?
-
Originally posted by FOGOLD
Is that true? I had always asumed that if you were online even if you wern't doing anything, people were scanning for your system and would find it and infect it without you doing anything?
Crispy, its called vulnerabilites (Undiscovered), the longer a system sits unprotected the more vulnerable it becomes. The only safe computer is one that is locked in a 10 foot thick concrete bunker not connected to anything a half mile in the earth. Thinking that "I don't go to porn sites", isn't going to stop someone running dictionary attacks on various services you have running on your system.
Eventually they get in, wake up.
-
Mr average Joe's unprotected computer running windows connected to the internet has been proven to be infected within 20 minutes.
http://www.theregister.co.uk/2004/08/19/infected_in20_minutes/
Good luck with your head in the sand, i hope you have a large stock of vaseline :D
-
Originally posted by FOGOLD
Is that true? I had always asumed that if you were online even if you wern't doing anything, people were scanning for your system and would find it and infect it without you doing anything?
This is true. If you are "always on" ie cable connection you can be scanned.
But keep in mind most crackers are looking for computers with important docs ie buissness, govt agencies etc.
They really arent looking for u or me.
Most attacks the normal user will see are ghost pings from websites that you have connected too (they check to see if your still connected)
programs thay self update will access the internet looking for updates etc.
Good firewall Zone alarm.
You can get it for free and it always gets updated.
You can set program prefrences to allow them to connect or make them get your permisssion.
AV programs I use Norton AV. keep it updated and scan often.
Use programs like adaware, Sbybot Search and Destroy and run often.
I also use Aluria when I'm browsing the net
http://www.aluriasoftware.com/homeproducts/
Also something I find usefull to do is create restore points in your XP system restore program.
If you run into trouble you can go back to a good system point.
Now as far as the SP2 question..... I had installed it but I dont like the way it trys to make you do certian things. (I uninstalled it)
If you just surf smart, take precautions you should be ok
Anyway its safe but up to you.
-
Originally posted by Crispy
I don't quite get where people thinks stuff just flies into there computer and corupts it?? I don't & won't use a firewall, simply it is not needed. ALL spyware, worms etc... comes from stuff YOU DO! Opening emails, going to shady web sites, installing tool bars & silly bells & whistles off web sites. And firewalls do nothing to stop this kind of thing. I have a 4 meg cable conect that is all ways on 24 hours a day and have NEVER had a sigle thing jump into my computer & screw it up. I have however done some stupid things with email attatchments & web sites... if you tell it to or let it install crap you are not sure what it is you will have problems...reguardless of firewalls & virus programs.
Just a note here....
You would be suprised
If you have Windows media player, real player, any kind of intellimouse (just to name a few) these programs are constantly connecting to the net looking for updates, etc.
And unless you use a firewall like zonealarm you'll never know
If you use outlook express do not use the preview pane.
Using the preview pane is the same as opening an email.
Alot of people think looking at the mail in the preview pane is not really opening it. Untrue
You should have to double click the email message to open them
(this is one of the simplest things you can do to prevent email attachement mishaps)
Just FYI
-
Originally posted by 214thCavalier
Mr average Joe's unprotected computer running windows connected to the internet has been proven to be infected within 20 minutes.
http://www.theregister.co.uk/2004/08/19/infected_in20_minutes/
Good luck with your head in the sand, i hope you have a large stock of vaseline :D
LOL well i must be extremely lucky, I have been connected 2 years solid and have never been hacked or bothered. But I don't let anything automatically update or leave any programs running. In the event I do get hacked into I have everything backed up on another hard drive and would be up and running in mins. It just isn't worth dinking with...there a pain.
-
I have service pack 2 and have one quick question. How do I turn off the Firewall?
I am already running a firewall with my Anti Virus software and suspect that the Microsft one is still running as well. (is that even possible to have 2 firewalls up and running?). At any rate I want to shut off the MS firewall associated with SP2.
Cheers, and thanks in advance.
(side note: I have encountered no real problems with SP2)
RTR
-
Originally posted by RTR
I have service pack 2 and have one quick question. How do I turn off the Firewall?
I am already running a firewall with my Anti Virus software and suspect that the Microsft one is still running as well. (is that even possible to have 2 firewalls up and running?). At any rate I want to shut off the MS firewall associated with SP2.
Cheers, and thanks in advance.
(side note: I have encountered no real problems with SP2)
RTR
Its possible to have many firewalls running. The way you turn off the firewall:
Start > Control Panel > Windows Firewall
Select "OFF" Not recommended
-
OK guys, let's clear up the mysteries:
1. If you are "always on" without a firewall are you at risk?
A) Possibly, Blackhats (aka hackers) will run port scanners against knows subnets (lists of IP addresses) looking for open ports. Finding one they may try and attack. Are you at risk of this? Lets look at the possibilities.
As we all know, Windows has shown some serious vulnerabilities in the past. Blackhats try and take advantage of these. 99% of attacks are perpetrated on "KNOWN" vulnerabilities. Most of these vulnerabilities are known for some time before the attack occurs. One of the most famous was the SQL bug. This was a know vulnerability for 6 months and a patch was out for it before some bad guys took down many high profile systems. How did this happen? Because their IT guys were knuckleheads!
So, you are vulnerable if:
1) You are running an unpatched OS. MS has very little support any more for Win 9x systems so if your using win9x or ME then I would say you are vulnerable to a point, probably a small point though. Check for update regularly, at least once or twice a week.
2) You allow web sites to install unsafe programs. We all know about spyware and spamware. BE SAFE this is how most blackhats get in. If a site offers you something for free, DON"T DO IT!
Case in point: The most recent case of hacking perpetrated on the Lexux/Nexux network was done by a teenager talking sex with an undercover cop. He sent him an infected JPG file (supposedly of a nude young girl he was posing as). The file contained a worm that allowed him to steal passwords off the cops PC. One of these was a username and password for Lexux/Nexus.
3) Keep your virus softaware up to date. Never surf without this active and up to date.
4) If you do not know who sent you the file, DO NOT OPEN IT!
Conclusion:
If you turn off your firewall/virus protection while playing AH I would say you are fairly safe as long as your OS is up to date on all patches. Of course you should turn all of this back on when you are finished playing.
Remember: Hackers/Blackhats are like vampires. They usually can't come in unless you've done something to invite them in.
-
How can a .jpg file be infected with a worm/virus? I think that is an urban legend.
Regards,
Malta
Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.
-
Originally posted by stantond
How can a .jpg file be infected with a worm/virus? I think that is an urban legend.
Regards,
Malta
Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.
Was gonna ask the same thing.
A .jpg cannot be infected as it does not execute.
-
Also There is a difference between Hackers and crackers
There is another group of people who loudly call themselves hackers, but aren't. These are people (mainly adolescent males) who get a kick out of breaking into computers and phreaking the phone system. Real hackers call these people ‘crackers’ and want nothing to do with them. Real hackers mostly think crackers are lazy, irresponsible, and not very bright, and object that being able to break security doesn't make you a hacker any more than being able to hotwire cars makes you an automotive engineer. Unfortunately, many journalists and writers have been fooled into using the word ‘hacker’ to describe crackers; this irritates real hackers no end.
The basic difference is this: hackers build things, crackers break them.
Never heard of "blackhat"
http://www.plethora.net/~seebs/faqs/hacker.html
http://www.catb.org/~esr/faqs/hacker-howto.html
-
Originally posted by Elyeh
Never heard of "blackhat"
A term my old boss and current security consultant uses. Never knew how widely used it was.
-
Originally posted by stantond
How can a .jpg file be infected with a worm/virus? I think that is an urban legend.
Regards,
Malta
Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.
No legend here is the article:
http://wired.com/news/business/0,1367,67629,00.html?tw=wn_tophead_2
And here is how JPG fiels can be infected.
http://www.f-secure.com/news/items/news_2004100500.shtml
(there is a patch for this)
-
LOL
A .jpg cant infect? Depends.
What is the GDI+ JPEG Vulnerability
GDI+ is a programming interface or API that enables programs to use graphics and formatted text on a video display or printer. A vulnerability, GDI+ JPEG Vulnerability, was found in the DLL gdiplus.dll used by GDI+ that has faulty code when processing JPEG images. People who know how this code can be exploited can craft a specially designed JPEG that can exploit this bug and possibly take control of your machine. If you view an image using an application that has this vulnerability, then it is possible for the remote program to issue commands on your computer at the same security level as your user account. Therefore if your user account is an administrator of your machine, then the remote code will have administrative privileges and be able to have full access to the security of your computer.
Microsoft has released an update for this vulnerability which you can get by going to Windows Update for the operating system update and Office Update for the Microsoft office update. Be sure to do those updates immediately as this tutorial assumes you already have them and is focused on resolving issues for 3rd party applications that may be affected by the GDI+ JPEG vulnerability.
-
Originally posted by stantond
How can a .jpg file be infected with a worm/virus? I think that is an urban legend.
Regards,
Malta
Note: I have seen .scr screen savers in Windows have backdoor programs. However, that is due to a vulnerability in how Windows handles those files.
A JPEG, or any file is just that, a file. Any file can be infected.
-
Ok,
A .jpg can be infected, but with what? That's the same as saying an ascii file can be infected with a virus/worm. A .jpg is a data format for compressed images, much like .gif or .bmp or .png files are just data files. Image files are just data files.
I think there has to be an infection in the viewer for any 'virus' or 'worm' information to be transmitted from a data file (which is what a .jpg file is). Sounds pretty unlikely to me.
Regards,
Malta
-
If you read the article the detective downloaded a SLIDESHOW.
This was the exe file, NOT THE INDIVUAL JPEGS.
Also in the last article they didnt really say anything.... Just that there might be a problem in the future.
(FROM THE ARTICLE)
Image files, including the JPG-format commonly used for storing for example digital photos, are usually considered safe. There are many e-mail viruses that fool users to execute program files by masquerading them as picture files. But these viruses are always stored as an executable file and antivirus scanners will still scan the file and detect the virus. Even if the file looks like a picture to the end user. Viruses based on the newly discovered vulnerability would however be stored as real JPG-files. This means that many antivirus scanners, including some products from F-Secure, would consider these files as safe and pass them through without scanning. Users of antivirus products need to review the scanning settings and ensure that picture files are scanned properly, IF A JPG-VIRUS BECOMES WIDESPREAD.
Again a jpeg... a.jpg file will not execute therefore no worm/virus
-
Elyh, it says it right there in your own post.
Viruses based on the newly discovered vulnerability would however be stored as real JPG-files. This means that many antivirus scanners, including some products from F-Secure, would consider these files as safe and pass them through without scanning. Users of antivirus products need to review the scanning settings and ensure that picture files are scanned properly, IF A JPG-VIRUS BECOMES WIDESPREAD.
Now, if you are up to date on your security downloads, the JPEG vulnerability is plugged, and you dont have to worry about it, A/V or no. Also, to be fair, JPG viruses are NOT widespread, or all that common. They jumped on this one fairly quick and fixed it. So the list of vulnerable people is probably pretty small (although 98 and ME users could be in that list). But the virus in this case is stored as a regular JPG file. You can most certainly have viruses infect you that are not outwardly executeable. If you download the file, thats all the "execution" that is necessary. Other, predetermined criteria will execute the virus, not you.
-
Yes and no....
The virus is a exe disguised to look as a .jpg
According to the article it could happen. Its says it WOULD be stored as a normal.jpg file.
It seems that its still speculation. Article never claimed it has actually been done yet..... Just it could happen
As of right now though, the .jpg is harmless.... its the code added to it that makes it become a virus.
Not to dispute this, and i agree its something to watch for.
The only point I was trying to make was that a plain ole .jpg is harmless. I had the feeling that the poster was maybe paranoid to open a .jpg file based on what they read.
I was just letting him know that 99.9% a .jpg is just that....
a data file.
It would by like saying if I open my eyes I'll get blinded.....
Yes and no. It depends what I look at when I open them.
Key points to follow.....
If you dont reconize the sender.... delete the email if it has an attachment.
look at the properties of the attachment. If you dont reconize it dont open it.
SOA2....... I enjoy these debates,
thanks
-
OK, all this back and forth on the JPG vulerability misses the whole point of my original post.
99% of attacks are perpetrated against KNOWN vulnerabilities. If you fail to keep your OS up to date you are in danger.
The biggest excuse I hear about why this is not done is, "well, I don't want some patch crashing my system(s)". This is just BS and I hear it from so called professionals. I have nt had an MS update crash any of my systems or cause any real issues in a long, long time.
-
this jpg has a bunch of them :)
(http://www.pogbird.com/X45/worms.jpg)
-
But those are not worms...
-
they are butterflies in disguise :)
-
Originally posted by Elyeh
Yes and no....
The virus is a exe disguised to look as a .jpg
According to the article it could happen. Its says it WOULD be stored as a normal.jpg file.
It seems that its still speculation. Article never claimed it has actually been done yet..... Just it could happen
As of right now though, the .jpg is harmless.... its the code added to it that makes it become a virus.
Not to dispute this, and i agree its something to watch for.
The only point I was trying to make was that a plain ole .jpg is harmless. I had the feeling that the poster was maybe paranoid to open a .jpg file based on what they read.
I was just letting him know that 99.9% a .jpg is just that....
a data file.
It would by like saying if I open my eyes I'll get blinded.....
Yes and no. It depends what I look at when I open them.
Key points to follow.....
If you dont reconize the sender.... delete the email if it has an attachment.
look at the properties of the attachment. If you dont reconize it dont open it.
SOA2....... I enjoy these debates,
thanks
Elyh I think you are confusing two different kinds of issues. IIRC there was a previous problem where you would click on a link that was actually an .exe file disguised to look like you were downloading a .jpg. This was an executable file. The second kind is actually a downloaded file (not executed by clicking on anything) that saves as a .jpg, but when certain preset conditions are met the file executes itself and does it's work.
It may be a matter of semantics of you execute it by clicking on the link or if the file executes itself after downloading. But the big difference is the first is a common type of infection, and everyone is vulneralbe if they click on links without knowing what they are clicking. The second you are only vulnerable to if you try to view the .jpg file in a viewer with the vulneralbe .dll file as its instructions. If you have downloaded the fix, you are no longer vulnerable to this file, no matter if it is infected or not.
-
Ok got ya....
So the jpeg has a .dll in it that promotes the virus.
So does it keep its .jpg extension, or does this file have its own extension as its now a modified .jpeg?
Now to mix it up some...did they say this could be done to a .bmp or .gif?
I would think a .gif would be a better target as many websites use animated gifs. You wouldnt think twice about a small gif image.
Maybe the size of the .dll code is too big for a gif
-
No, the .jpg itself does not contain the .dll. The vulnerable .dll was shipped in certain picture viewing and editing software. This .dll was (IIRC) part of the .NET code, and it left certain things open on your computer to an outside user. If you have an unpatched version of any of these programs (and you can look on microsoft.com, the list is extensive) AND you have not upgraded to the microsoft security patch that fixed it, AND you download one of these fake .jpg files, a hacker can then enter and take over your computer once you use the viewer to try to view the picture. Several aftermarket picture editing programs had their manufacturers issue patches to fix thier own programs. Microsoft issued the patch (I believe) with SP2. So if you did not fix any individual programs, the Microsoft patch replaced the .dll with a different one that doesnt leave you open to attack.
-
Ok, so the .dll is in the picture viewing software.
You download this .jpg and when you view the jpeg, the viewing software is activated and this is where the virus is launched.
Is this correct?
So the jpg is the hook to launch the viewing software, right?
Which in turns launches the virus from the .dll in the viewing software.... Sneaky
-
Originally posted by Crispy
I don't quite get where people thinks stuff just flies into there computer and corupts it?? I don't & won't use a firewall, simply it is not needed. ALL spyware, worms etc... comes from stuff YOU DO! Opening emails, going to shady web sites, installing tool bars & silly bells & whistles off web sites. And firewalls do nothing to stop this kind of thing. I have a 4 meg cable conect that is all ways on 24 hours a day and have NEVER had a sigle thing jump into my computer & screw it up. I have however done some stupid things with email attatchments & web sites... if you tell it to or let it install crap you are not sure what it is you will have problems...reguardless of firewalls & virus programs.
I used to think this way too...
But there are what is called services that running on your computer by Windows that allows certain usage of resources. These services can be used for certain purposes:
For example run command from command prompt in Win XP "telnet localhost 135" and you'll connect to some resource. This port can be connected when you are in internet if you don't use firewall that closes it from external connection. Using it some kind of programs can install stuff or do some operations. This is one of examples of security holes of Windows...
I remember when I wanted to run AH in h2h mode as server I was encuraged to turn firewall off... and my computer was rebooting all the time for unknown reasons (worm) untill I turned it on back... You should know there are lots of services that can be accessed from internet... And if they are not safe they may make a damage.
Yes firewall should be turned ON for security reasons...
Even on my Linux system that is much more secure I run firewall because I want to prevent some kind of attacks.
after spending the last week clearing my computer of spyware and virus stuff I have been advised to install xp service pack 2; is it safe or will it screw up my ah2 gameplay?
If you got sick of Viruses and Spyware - move to Linux...
It is now very user friendly and ready for daily desktop usage... And leave small amount of drive space for Windows for AH :D
Just try and you'll see that you will not be back!!!