Cautionary Tale

[bustr]

Last week I picked up a spyware\hijack that none of my antivirus or antispyware programs detected. The only indication of it was last friday night I watched my play in the MA progressivly go down hill to the point that I had to log out and stop playing. The only indication of anything wrong was a 200,000k memory bleed in a process related to my McAfee antispyware.

I do disable the antivirus\spyware services before playing. These applications will leave processes resident after the services are shut off that don't affect the game.

I ran manual scans with all my filter software and nothing was detected. Over the weekend I could not play the game. When I ran a ping plot my time to the game server was 62-73. When I was at the arena selection menu the ping was 140-173. Before this happened my FR in the game was 60-120. Now it was 6-27.

Last night I ran manual updates for new definitions. They were available, and my antivirus and spyware programs during manual scans detected about half a dozen different exploits. When I logged on to the game server my ping was back to 62-73 and my FR was 62-120.

Several thoughts:
1. If your game play is slower than you remember, check to see if your ping time to the game server with out AH running matches roughly what you see at the arena selection menu when logged on.

2. While not running the game, open your task manager and see if you have any processes that are using excessive memory. 100,000-200,000k would be a issue. In some cases 20,000-25,000k can be. At least one XP process uses 15,000k

3. New exploits are being released all the time. Your antivirus and spyware suppliers can be out of sync with your needs in releasing definitions to account for them. In that case check frequently for updates. I have several types of antispyware installed for manual scans. I've found not every app can detect what every other app can.

[bustr]

Sounds like its time for Firefox.............

[214thCavalier]

Well i never ever stop my antivirus or firewall for anything.
I cannot understand why some of you disable it for gaming.

[JB73]

hmmm

i never run my virus software in the background...

manual scan once a month, spyware check same time (both updated a time os scan)

i have not gotten either a virus or spyware on my system in over a year....

in fact i have had only 1 virus / spyware in my entire PC owning life and that was an email from my parents i opened stupidly (they hadn't told me their PC stopped working a week before because of a virus LOL)




stay away from those "free" pr0n sites, and warez junk

[bustr]

Originally posted by 214thCavalier
Well i never ever stop my antivirus or firewall for anything.
I cannot understand why some of you disable it for gaming.

McAfee's real time and firewall hooks the AH executable and it never connects. I'm not sure I want to make exceptions for the game since AH has never had a documented issue of affecting a players PC. I also have a concern about how much delay is introduced into the overall game performance factor with 2 filters running during the game. It was the connection to the AH server that the hijack was trying to phone home on and timeing out causing my system to choke and slow down.

[bustr]

Originally posted by JB73
hmmm



stay away from those "free" pr0n sites, and warez junk

Man's gotta know his limitations. But if you had seen what I saw ........Dern fine blue print of one beutifull big JUG......I just love those Pratt and Whitney's. Got so carried away with the intake on that monster, well I clicked on the add to see 2 more big beutiful JUG's....... Man's just gotta stay loyal to his ride..................

[AKDogg]

U wouldn't happen to be Bustr from the MostWanted in AW would ya?

[Siaf__csf]

Guys if you disable your firewall and even ONE of the users in your ISP's network node is infected with a worm, the worm will come a' knockin' on your door within the very first seconds.

Some of the worms install, get detected by your antivirus (if you run it at that point) and get removed. They install again, get detected and removed etc.

Worst case scenario, they install and antivirus fails to remove them.

Moral of the story: Never ever disable your personal firewall if you connect directly to the internet. If you're behind a NAT router you're not as exposed to worms. If not, do not turn the firewall off.

If the firewall sucks so bad that you can't configure it properly (such as zonealarm free) then get one that works. Sygate personal firewall works adequetly although to this date I haven't found a fw that matches the final free version of Tiny Personal Firewall (which you no longer find downloadable.) Luckily I have it on my hd.

[Skuzzy]

Siaf, only another user on the same IP subnet as you can hit your system with a worm and that is only treu if your ISP is stupid enough to allow ports 13x and 445 to propagate through thier network.
Cable users are another story.  People on your node, in the same subnet, can easily see your computer.  Firewall or not.

Also note, if you are not running with file sharing enabled, you will stop most of it, and if you have all the security updates on your system (port 445 was the bad boy about allowing the recent worms to propagate, which has been fixed), then you are not going to have an issue with worms.

There really is not reason, other than paranoia, to be running an anti-virus program when you have nothing running on your desktop except for Aces High.
Anti-virus programs are the worst resource abusers on the market.  While they are needed by many people due to poor system configurations, or poorer Internet network configurations, they are overkill if you have your browser and email shutdown, and you have all the security updates for XP/2K.

I have never used an anti-virus program and in all my years of using a computer, I have never gotten a virus on my systems.  Granted, I may be a little sharper than the average computer user, and I run configurations which 99.9% of users would find intolerable, but people have to decide if the headaches of running these resource hogs are worth the trouble.

Most people who run these programs have no end of problems with real-time connections (i.e. stuttering, dropped connections, CTD's and so on) and yet they blame everything but the anti-virus program or the firewall.  This last one has always bothered me.

Now let me say, after all that.  Most people need these programs as they run a default setup Microsoft provides, which is not secure at all.  But, as I stated above, they do not need tobe running when the only thing you have running is Aces High.  I cannot speak to the security of other games, but I do know about ours.

[Ohio43]

Not sure how good the new Service pack 2 is with it's firewall, but AH2 works fine with it enabled.

[Siaf__csf]

Dunno Skuzzy, the local ISP's must be inept then because I see worms hitting my boxes with netbios queries all the time if I leave them open. It's freaky to run the packet sniffer these days.

Once I made the mistake of setting up a new box, fresh install and leaving it plugged to the modem.

On the very same second I installed network drivers the machine was infected with msblast or something like it. After a quick reformat and reinstall I installed a packet sniffer out of curiosity to see what hit me - and I saw several hits per second from several different addresses. I emailed the abuse dept of the ISP but they said they were bound by law and couldn't do anything about it. The ISP's are not allowed to sniff the traffic even just to kill illegal nbt queries or rampant virus/worm traffic.

From that experience I'd suspect that many others may be in a similar situation which would make disabling the firewall extremely risky.

That and I really see no reason why one should disable the firewall during gameplay.

[AKDogg]

Well, I haven't been using a Antivirus since my last OS install which has been about 3 months.  I still get my DSL modem dropout only when I play AH.  It has never dropped out during browsing the web or playing any other online game.  I even changed routers and even took them out and connected directly to modem.  Still no change.  I use to get disco maybe 1 time a month.  Now its 3-6 times a night in 3 hrs time.  Something is not right, lol.

[Sundiver]

Skuzzy, I've always taken your word as Gospel on most thins computer related. Perhaps you could share how you have your system configured with us? A sticky FAQ for good system security then we could choose how much of it we are able to live with? I think it would help the community as a whole. Especially those of us that are laymen in terms of computer security.

Thanks,
Sundiver.

[Skuzzy]

Siaf, that is certainly possible.  If you install XP and it did not have SP2 built into the CD distribution, you can get hit very quickly with the msblast worm.
I do not have any real problems with firewalls.  They are not too bad about resource hogging, as long as the user sets them up to block specific ports, and not every port, and run them with logging disabled.

Mwdogg, we cannot cause a DSL/Cable modem to drop a connection.  It is impossible as those modems only drop a connection when they lose the sync signal from the ISP/Telco.  Just FYI.  And you may not change anything, but the ISP/Telco could have changed something.

Sundiver, the only issue I have with posting how to set up a secure system is it coming back to haunt HTC.  I cannot risk posting information like that without someone laying potentially tieing it to HTC.
I see it too often.  Heck, I say something as innocent as "yes that is a decent video card", and all of a sudden, someone is posting how I recommended it and flaming HTC for doing so.
I posted a lot of the security information in the "Hardware and Software" forums once, with all manner of disclaimers.  It did not matter.  Word got out that HTC recommended it.

[StarOfAfrica2]

I have a separate XP install on a second HD for playing AH.  Absolutely stripped down, all the remote access services turned off, no system restore, nothing that isnt absolutely necessary to boot up and run.  The only two things on the desktop are the trash can (defaults there) and a link to aceshigh.exe.  I have 14 processes running at boot.  When I used to use AOL my firewall blocked about 50 ping attempts per day, sometimes more.  Switching to RoadRunner dropped me to 5 a week.  I left this install running every day for 3 weeks while I went to work, firewall showed 0 pings, 0 traffic period.

I think I can live with the risk of just the router firewall.

The rest of you can do what you want, or what you have to do with the conditions you have to operate in.  Firewall (irrespective of which one I run) slows down my connection by 15-40ms.  It also can cause occasional lost packets.  Anti-Virus slows the connection even more because it has to examine every packet that passes through.  

By the way, for those who are in covered areas .......... RoadRunner is specifically advertising themselves as a "gamers choice" connection.  They advertise they are the best gaming connection on the market, bar none.  I'm not making any endorsements, but I do get excellent connections from them ususally, and nowadays I seldom see my firewall take any hits.