Sygate crashes in AM, online unattended 24hrs, risks?

[Guest]

Archived from groups: comp.security.firewalls (More info?)

I had left the computer on, online, all night and the next day. When I
came to use it again I noticed Sygate had crashed but I was still online.
Obviously, I'd been unprotected the whole time. I get port scans all damn
day long, and I'm even on dial-up! How likely is it somebody got in and
did something, and what should I do to check?
I'm going to run Spybot, AdAware, and AVG again, but I'm wondering if
that's enough. I'm also wondering if anything's insidious enough to screw
with the def. files for any of these programs and if I should reinstall
the update files before I scan, and if that'd even protect me if somebody
had go in. Theoretically, I suppose they could have substituted another
exe for any of those programs that'd miss whatever they put on.
Any thoughts?

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

see.my.sig.4. wrote:

(snipped)

> I noticed Sygate had crashed but I was still online.
> Obviously, I'd been unprotected the whole time.

> How likely is it somebody got in and did something,

Highly unlikely. Not impossible but low probability.

> and what should I do to check?

Easy enough to run some basic checks, by hand.

Profile your files by date. Any files date stamped after
your crash, those are files to inspect. Chances are good
there will be some system files which are automatically
generated. Be careful to not delete valid files; this
may cause serious problems.


> I'm going to run Spybot, AdAware,

You have to install malware, yourself, to have problems.
What I mean is the greatest source of problem "ad ware"
is from your downloaded executable files, which you
open and install. Those scanning programs will not catch
classic hacks, such as backdoors and malicious trojans.


> and AVG again,

Yes, run your virus scanner. Should do this anytime you
download, after unpacking a file and after installation
of any programs. Your virus scanner "should" catch any
problem files. If your virus scanner will not run, you
have some problems.

On your virus definition file, simply look at the last
modified date stamp. If after your crash, be suspicious.

> Theoretically, I suppose they could have substituted another
> exe for any of those programs that'd miss whatever they put on.

Zone Alarm is an excellent program for personal computers.
Almost no program can be executed, which accesses the net,
without Zone Alarm popping an alert. Zone Alarm tags files
you ok for access, tags them with a "label" of sorts. If
the label doesn't match, Zone Alarm catches this. Part of
that label is time sensitive.

No firewall overnight, I would not wig out over this.
Just make a cursory check and call it even. It is
a good practice to shutdown your system when you are
not actively using it. That is the best protection
short of pulling (air gap) your internet connection.


Purl Gurl

 

[Guest]

Archived from groups: comp.security.firewalls (More info?)

see.my.sig.4.addr@nowhere.com.invalid wrote in
news:fe335d31ce9af430710df99693d275d3@news.1usenet.com:

> I had left the computer on, online, all night and the next day. When
> I came to use it again I noticed Sygate had crashed but I was still
> online. Obviously, I'd been unprotected the whole time. I get port
> scans all damn day long, and I'm even on dial-up! How likely is it
> somebody got in and did something, and what should I do to check?
> I'm going to run Spybot, AdAware, and AVG again, but I'm wondering if
> that's enough. I'm also wondering if anything's insidious enough to
> screw with the def. files for any of these programs and if I should
> reinstall the update files before I scan, and if that'd even protect
> me if somebody had go in. Theoretically, I suppose they could have
> substituted another exe for any of those programs that'd miss whatever
> they put on. Any thoughts?

What O/S did this happen on?

Duane