# Shields Up & Norton



## Fincave (Apr 20, 2006)

Hope I can explain this in a way that makes sense, I ran the following test http://www.grc.com/x/ne.dll?rh1dkyd2 using my laptop that has a trial version of Norton on it. My computer did not pass as apparently it did react to the PING requests. Running the test using my old laptop and with F-Secure my computer passes everytime, should I be concerned by this and should I consider changing to another anti-virus programme. It could be interesting if other users/forum members run the test and post results. For my machine all ports were in 'stealth' mode


----------



## Sonnie (Apr 11, 2006)

That link takes me to a Browser Reload Suppressed page. I don't see a test there.


----------



## Sonnie (Apr 11, 2006)

Okay... I found a test link.... it's the same link but I had to go in the backdoor for some reason. Here are my results:


*Attempting connection to your computer. . .*
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
 *Your Internet port 139 does not appear to exist!*
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
 *Unable to connect with NetBIOS to your computer.*
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

"Common Ports" test passed.

"TruStealth Analysis" passed.

"Messenger Spam" passed.

"Broswer Header" looked okay to me.

I really don't know what all that means though. I know both my office and home routers have built in firewalls... I do not use any software type of firewall. As stated in another thread I run AVG Professional on all computers.


----------



## brucek (Apr 11, 2006)

> should I consider changing to another anti-virus programme.


I think the tests are more directed towards the ability of someone to take information from your computer. It's not a test of anti-virus capability.

I have both my compuers behind a hardware firewall built into a router and so I get results much the same as Sonnie. No one gets in my door. 

A router with its own DHCP server is the answer to shield your computer from the internet. I'm sure that the Norton you have running will protect against virus's though.

bruce


----------



## Fincave (Apr 20, 2006)

Once I receive my wlan router which has a built in firewall I will run the test again, was just curious as to why using F-Secure (antivirus + firewall) my computer passed and when using Norton (antivirus + firewall) my computer failed.


----------



## boyce (May 9, 2006)

Base on how your firewall setup, firewall is different than anti-virus program, you can try zonealarm which is free if you don't have a router.


----------



## Fincave (Apr 20, 2006)

Kind of hijacking my own thread, is that possible?:dontknow: How difficult is it to set up the router correctly. I thought of having a go myself as I have set up ADSL connectins for friends easily enough. Reading the instructions http://www.telewell.fi/english/manuals/tw-ea510_versio2_manual.pdf for the router that I should be getting it seems to be a slightly more complicated process, also am not the most patient of people, sometimes. Can have it installed for 50€ and may well do it just to save myself some hassle. Suggestions and ideas most welcome!


----------



## Guest (May 23, 2006)

Off-topic slightly more, but if it's a trial-only version of norton you've got, I wouldn't bother paying for it. Free products like avast (http://www.avast.com/) or AVG (http://www.grisoft.com/doc/1) work fine, and I find avast uses less system resources and causes less software conflicts than Norton :R


----------



## Josuah (Apr 26, 2006)

"Attempting connection to your computer"'s description sounds like a basic attempt at port 80, but that's an incredibly stupid test. If there was a bad web server running on your server, it wouldn't run on port 80.

Port 139 is the Windows SMB port. So this port would be open if you have file sharing turned on in Windows, or are running Samba on other platforms. This by itself can be bad because there are exploits against SMB for Windows, and people don't usually realize that file sharing by itself shares with everyone unless you do port filtering.

NetBIOS is an old network protocol which is used for Windows SMB, and maybe today for compatibility with legacy network applications.

"Messenger Spam" I would guess to be a check against the Windows service that lets administrators pop up messages on remote computers. This is a lot like the UNIX wall command, except there wasn't any authentication required. So spammers used this approach for a while.

Regardless, those tests are **** and really won't tell you much except that your front door is wide open. If you want to know if someone's made a copy of your house keys or climbed in through a window, none of this will help.

For example, I recently discovered a backdoor in explorer.exe on someone's machine, which wrote all keystrokes using a simple substitution cypher into a file on disk, which would then get uploaded for later analysis. Since explorer.exe is the Windows process, you can't get rid of this without blowing away your Windows installation and the processes appear to be valid. cmd.exe was also replaced to hide some of the operation.

But they didn't do a good enough job because the log file was still visible from explorer.exe (it should have been hidden) and they didn't rewrite the system APIs (a tougher job, sure) to prevent discovery of the DLL their explorer.exe was using.


----------

