Closing all web ports

[lellz]

Hey,
i don't wanna ever browse on my pc, i only game on it, and most offline, and of the online games, most of them have their own ports,
but sick of little bugs and viruses sneaking on, i closed all inbound web ports that i could think of, but i can still use the net perfectly fine,
how can i close all but the ones i want, (which is just a few apps)
when i reboot maybe...how can i close everything and then as i install i re-add the only things i use
thanks

WIN 7, TP-LINK router

 

[eibgrad]

Most routers will keep ports closed (even stealth'd) by default. That's why so many ppl have problems getting access through their routers for remote desktop, web servers, NAS, etc. One way to check the most common ports of attack is by visiting GRC.com and testing w/ ShieldsUP. I do this from time just to make sure nothing has changed behind my back.

You might also disable UPnP (Universal Plug-n-Play) on the router. This “feature” allows apps behind your router to open and forward ports by themselves. It's a nice convenience, but convenience usually translates into less security. In this case, any malware that may find its way on to your network ALSO can open and forward ports automatically.

That said, there’s a contrarian school of thought that says UPnP is preferred over managing your own ports since a) you never open and forward the wrong ports and b) those ports are eventually closed once their respective applications are closed/exited (assuming it closes/exists cleanly). And of course, it’s just plain easier (perhaps one of the few times where more convenience *might* lead to better security).

 

[lellz]

cheers, i'll keep that in mind, if i want to block lots of things i dont use, is that in inbound rules? like remote desktop and file sharing etc.

shields up found all the common and first 1000 to be all stealthed but said i failed on responding to a ping request, should i fix that and how?, also is the virus on my current system probably just bad luck, it's like my 1st ever, i'm quite careful,

starting to think of my original idea, set up my system as i like it with clean installs, and make a replica HDD and just replace if something goes wrong and recopy so i always have an identical spare

 

[eibgrad]

Yes, I was referring to inbound rules.

Having your router not respond to a ping (from the internet side) is generally consider a good thing. Most routers will not respond by default, but will have an option to enable ping responses if you prefer.

There are so many avenues for malware these days that it's very hard to say w/ any certainty what was the source. Our browsers have numerous vulnerabilities, so do the add-ons, plus there's client-side scripting (e.g., Javascript). No matter how hard you work at, no matter how much you're aware of the potential threats, it's impossible to be absolutely safe. You just have to be smart about it. Don't visit risky sites. Enable scripting on a case by case basis w/ tools like NoScript. Keep Windows updated every month. Use anti-malware tools w/ active (realtime) checking. Disable autostart for your CD/DVD drives and other removable media. And on and on. Hopefully you'll build up enough obstacles that you'll deter most threats. If it's any consolation, even the so-called "experts" get hit from time to time.

 

[lellz]

sorry i mean it "failed" the test as in it did respond to a ping request,

and thanks, i'm pretty safe with my browsing, i have a macbook that i use for everything else, and thats pretty secure, my gaming comp i'd check my gmail, youtube and game wiki's at the most, lifetime of dealing with other peoples viruses and knowing what to avoid i know the usual signs,

i realised something was wrong when my computer started opening "my doc" always, and then after opening "processes" in task manager i saw something i didn't recognise "tgsi.exe", (i'm weirdly familier with everything that runs) hogging cpu, then it spammed hundreds of porn sites in my browser, that was the dead giveaway

my system wouldn't let me delete it(even though i'm admin), only open properties, so i got the file to encrypt and archive itself so it couldn't read itself (i felt very smart when it never worked again) haha

thanks for all your help, it did some damage like my "start" on the task bar never worked again, i had to press windows key on keyboard heaps to make it work, i just reinstalled my windows and will just pray wont happen again,