rec.autos.simulators

First off, it is IMPERATIVE, IMHO, that you get a firewall program of some kind.
Trojans can come disguised as many things, and there are many ways to break into
systems.  If you have a firewall installed, you've cut your threat level way down.
ZoneAlarm (http://www.racesimcentral.net/) comes highly recommended, for one, any
program that attempts to access the internet will cause ZoneAlarm to send you an
alert, requiring you to acknowledge whether or not the program gets access or not.
DO NOT GIVE A PROGRAM ACCESS IF YOU DO NOT KNOW WHAT IT
IS!  Even if you are computer 'clueless', ask friends that are not before allowing a
program to get access to the outside world.  For more information about firewalls
and how to configure them for racing, see our writeup on firewalls at The Pits (Hardware section).

Tiny firewall is another good one to look at http://www.racesimcentral.net/ .

Process 2000 is a process viewer that shows EVERYTHING running on your
system, including all threads that may be spawned by the process.  The difference
between P2k viewer and the system info viewer is that P2k will allow you to KILL
processes, sysinfo will not.  If you are attempting to diagnose what may be causing
system slowdown, or even attempting a shutdown of a virus or trojan, P2k will allow
you to kill the process, and then you can remove it.  Insure after removal that you check
your registry, startup files (autoexec.bat, win.ini, system.ini) for references to that program,
and remove them.  P2k can be found at http://www.racesimcentral.net/

And Rik A., an A/B switch does nothing that shutting your computer down doesn't.  If you
accidentally get a trojan, it will initiate when you go back online, and Sub7 even has the
capability of alerting it's controller when you do get online.  At that point the controller
can automatically 'cue' commands to the trojan while you were shut down, and the trojan
can automatically send info from your computer (such as password files) to it's controller.

Hope this helps...

Cheers!

--
?? Jan Kohl ??
SECURITY CONSULTANT
The Pits -  http://www.racesimcentral.net/
Castle  Graphics - http://www.racesimcentral.net/

doesn't.

Well sure it does, I can use the computer when I'm not online! Can't do that
when it's shut off! ;-)

If you
point the controller
it's controller.

Is this with file sharing off or does it make no difference?
Thanks,
rik

Coaxial A-B switches feature some insertion loss, resulting in poorer
quality signal for both your cable modem and your TV. An bidirectional
active splitter with adjustable gain might be a better choice. Don't know if
they're sold where you're at, but Kathrein have some excellent examples of
those in their range (and you could still unplug the cable modem should you
insist on it).

Jan.
=----
"Pay attention when I'm talking to you boy!" -Foghorn Leghorn.

Makes no difference.  Trojans operate as any other program when initiated, they
follow their program path to do what they were written for.

Modern Trojans (such as Sub7) are very dangerous, at least as far as personal
security goes.  The remote administrator has just as much control over your system
as you do...at least, if you don't realize that you have one.  Trojans can be installed
from a very small program, and now have the capability to actually go to remote
websites and add additional modules to their composition.  This works in their benefit
by A) keeping the initial filesize very small to keep suspicion down and B) if there are
updated modules to provide added capabilities, they can add them as they go.

Many of the newer Trojans can evade detection by anti-virus programs (even with
the latest updates) by 'binding' with other programs to disguise their signature.

Here's a quick synopsis of the abilities that a trojan gives a remote user...
1) modify and change your registry
2) read all keystrokes (including credit card numbers, ect) from the keyboard
3) see anything using your ***, open up windows on your desktop, send
        messages to your desktop
4) copy any file from your system to theirs
5) create backup copies of itself, attempt to disguise itself, rename itself, uninstall
        itself and install other backdoor programs
6) conduct attacks against other systems
7) read network information to gain access to other systems
8) shut down/restart your system, uninstall programs, delete files, corrupt system files
9) see all URLs and cookies from websites that you visit
10) send themselves to other users, using your email program
11) use a proxy server to send information (so that the end user remains unknown)
12) add modules and update information to itself
13) shut down or uninstall virus programs and software firewalls
14) continuously poll for network connections and send information when a connection
            becomes active
15) recieve 'queued up' commands from a remote controller when a connection becomes
        active

Think that's pretty comprehensive...hope this helps...

Cheers!
--
?? Jan Kohl ??
SECURITY CONSULTANT
The Pits -  http://www.racesimcentral.net/
Castle  Graphics - http://www.racesimcentral.net/

<snip the good advice>

Jan, would you recommend firewall software on top of a hardware
firewall built into a broadband router, such as the products from
Linksys, SMC, and Netgear?

That's my current solution, it's a must for anyone with multiple
computers in terms of ease, convenience, and safety.

--
Andy Carabino
to email, remove the 'fat'

All the mini-firewall/routers are really just a convenience...they do not provide a really
solid firewall (as compared to things like Checkpoint, Cisco PIX, ect).  That's not to
say that they don't work well, but if someone REALLY wanted to attempt to break
into your system, a Linksys/Netgear/whatever would not stop them...

Cheers!
--
?? Jan Kohl ??
SECURITY CONSULTANT
The Pits -  http://www.theuspits.com
Castle  Graphics - http://www.castlegraphics.com

Ben

Don't know if you are aware of this, but here are some things I have
discovered over the years rgarding Trojans/Viruses/Etc.:

1) The writers can sit down and spent multiple hours/days/months writing
these stupid things, but they almost always seem to use Visual Basic to
write them (easy entry through your browser I suppose is why). God only
knows why these idiots can't spend that time learning a REAL programming
language like C/C++.

So... the very nature of VBscript, requires a Windows System executable in
order to run them (wscript.exe), which is usually found in the following
directories:

%SystemRoot%\WINNT\System32\
%SystemRoot%\Windows\System\

You can easily change the MAPI (program 'OPEN' mapping) to not have
'wscript.exe' open up vbscript files. I personally map notepad.exe to my
vbscript MAPI, and have not had a single trojan/virus/etc. running on my
system. I may have more than a few ON my system... but they are essentially
quarantined, without any means to run themselves.

Just thought I'd pass that along. Remember... these trojans/viruses MUST be
executed in some way in order to initiate the function. You cripple their
ability to run (nip it in the bud), you effectively negate most of the risk.

Although... people reading this please take very careful note:

I am NOT telling you to avoid firewalls, etc. In fact, I highly recommend
them, but as Jan eluded to... many of these trojans/viruses like to
'piggyback' other programs, and simply have their script run to initiate
themselves. Basically... they get past many of the most advanced firewalls
through the back-door so-to-speak. Please take this advice as an 'additional
security precaution'.

That's my 2 cents.. hope it helps.

Cheers,

Schumi

Pits (Hardware section).
references to that program,
point the controller

I agree... even MS Proxy Server 2 I wouldn't consider a "great"
firewall.  would you really put PIX and Checkpoint in the same league?
just curious...

However, NAT should do the trick for most home users, and throw in
something like black ice stopping outbounds from weird ports and
stuff...  what I like about Black Ice is the user doesn't have to
learn a bunch of technical information and therefore mess up the
security configuration.

Well, what I was referring to was the fact that a properly set up 'real' firewall
will only allow connections that have been designated as 'ok', all other inward/
outbound connections are halted at the firewall.  With Linksys/Netgear/whatever,
there are certain programs on the operating system which could be given a buffer
overflow and thus give access to the target computer.  Not *quite* so likely on
something such as Checkpoint, but combined with a good IDS it would be much
more difficult.

I know Black Ice on previous versions did not stop outbound connections, but I
heard they were going to fix that.  I've not tried it recently to see...

Cheers!
--
?? Jan Kohl ??
SECURITY CONSULTANT
The Pits -  http://www.theuspits.com
Castle  Graphics - http://www.castlegraphics.com

A firewall will not stopping trojans from infecting your system at all.
It might have difficulties reporting your data to someone but that does't
stop a trojan from doing anything to your system. Since trojans -once
installed- have the same rights as any other program they can do pretty
much the same things you can do - e.g. disable your (software) firewall,
send emails, read/format your disk, etc.

The ONLY way to be safe is to prevent trojans (and other nasties) from
getting onto your system, i.e. don't install software of questionable
origin, use an email client without all the fancy automation stuff,
browse with the highest possible security settings, etc. Also check for
secutity updates for your programs/OS. The best way is of course to store
sensible data on an extra machine that connects to the net only when
absolutly neccessary.

Don't get me wrong: PFWs are nice for what they do, however don't
fool yourself by thinking that you're safe just because you've a firewall
and virus scanner.  On an unsafe system the scanner is IMO even more
important than a PFW since it will detect most trojans/virii when they
arrive on your system - unlike the FW that will only _attempt_ to stop
them from talking/listening to the outside world. However a clever
virus/trojan will fool/shutdown both.

Knowledge and caution with installing new programs is by far the safe
approach than just installing a fancy FW and forget about security
because "I have a firewall installed".

Regards

Martin

clipped

I've been following this thread with interest and appreciate the info.
Since many viruscheckers don't detect trojans (if I understand this
correctly) then what's the best way to check for them on your system?  I've
recently installed a firewall and other protective measures but want to be
sure that there's nothing already on my system

tia for any advice

The problem is that even the most careful person can get a virii or trojan, and
at the moment, the only recourse is to block it's transmission back to it's sender
until you remove it.  Any program can be 'bound' with a trojan, and even with
the best virus scanners it can be difficult to discover it...until it begins operation.
I've even found brand new commercial software that inadvertently was infected
with a virus, and while it was easily picked up (due to the type of virus), there's
nothing to say that a more lethal trojan couldn't find it's way into a commercial
release.  There have been several cases in recent years (notably the Quake server
platform) that had built in 'backdoors' that were released by the company!  Your
only defense in these cases is to have something that will notify you when unknown
or unauthorized network transmissions are being made.

The bottom line is this...any machine that is connected to a network is at risk, and
is never 100% secure.  By keeping this in mind, using good security practices and
updated scanners and firewalls, you certainly reduce the chances of getting hacked.

Cheers!
--
?? Jan Kohl ??
SECURITY CONSULTANT
The Pits -  http://www.theuspits.com
Castle  Graphics - http://www.castlegraphics.com

There is also a method to find not-yet-dicovered virii by searching for
certain pattern that viruses often contain. Obviously this method isn't
perfect since a new virus don't have to use those "suspicious patterns"
and it might also produce false alarms.

So basically it depends on a scanners database if and how many trojans
it'll find. You'd have to check the vendors docs (or site) for a list of
the detected trojans/viruses.

Well if you want to be _sure_ you'd have to reinstall the system (+format
the disk including the bootrecords) from a virus-free source.
Plus install only software that you _completely_ trust.

However a good scanner (regular updates, protection against most known
trojans/viruses, auto-scanning of incoming files/emails) and being
selective about what you download and install should be enough in most
cases.

For those email threats it helps to get an extra ("dumb")email client
and/or disable scripting on your system. At least use all the safety
features your client provides.

Martin