[Sphynx]

This is a question from a guy who is less computer savvy, hoping that some of you more savvy folks out there can help, since Microsoft techincal support is no help.

I have windows XP, and run Symmantec Anti-virus. It has worked great. About a month ago, the Windows security center suddenly started telling me that I don't have an anti-virus program protecting my computer. I double checked. Symmantec seems to be working. I have run scans (and found no viruses), so it seems to work. And yet, Windows security center, which used to think I had an anti-virus program, no longer thinks I do.

Should I be concerned? What would you guys recommend I do?

[Herra Tohtori]

Symantec is a very potential source for problems even if it's working, and even if you have thus far managed to avoid any problems caused by it. It is also a resource hog and slows up the Windows startup process to variable extent.

If I were you, I would download some free anti-virus software (like Avast! or AVG) that are less resource-intensive and AFAIK actually equally or more effective against infections than Symantec (and if you don't want to trust Windows firewall, get also some free firewall like Comodo or equivalent), then remove the ethernet cable for a while, remove everything related to Symantec from your PC, restart as prompted (multiple times), then install new AV (and firewall) software, hook up to Internets and see if your Windows security center wants to keep nagging.

Mind you, I have had some bad experience with Symantec - apparently the firewall component was jamming itself down so that it blocked almost all traffic - it made all browsers non-functional, but interestingly there were some things that worked perfectly, like torrents and SSH. And of course I couldn't just terminate the process because it was protected and crap. Only effective way to fix the problem once it started was to restart the PC, which got really annoying real soon.

Of course, I don't have Windows security center activated either, I removed it from the services activated at the startup (along with the Windows server, remote desktop stuff, phone, fax and Windows firewall and other startup-slowdown trash that I really don't need). I found it rather useless anyway for most of the time.

 

So... yeah. I can't really help if you want to keep with Symantec, but I do suggest you to never pay for another year's license for Symantec. Nor any other corporate anti-virus software. You can get very effective and sufficient protection for a home PC for free, using freeware programs.


Or, well, perhaps there is something I can do to help you. Go to Gibson Research Corporation, find the Shields Up! -section, and do some of the security tests they offer there for free. Two that I find extremely good are

-port probe, offering many modes like checking the first odd thousand ports, service ports, specified ports etc.
-firewall tester, which is a small program that you download, start up and starts trying to connect to GRC. If your firewall is worth it's salt, it will intercept the program and ask if it should be allowed, in which case you should answer no (because you want to know if your firewall can stop the program).

These utilities should tell you pretty certainly whether you do have a firewall activated or not. If you have, and if you want to stick with Symantec AV, then you can get rid of the warning prompts by disableing Windows Security Center (Run msconfig, select "Services" -tab, find the Security Center from the list of services, uncheck the box and restart PC.

[Sphynx]

Very helpful advice indeed. Thank you!

[Sphynx]

BTW, can anyone recommend a good registry cleaner/optimizer?

[Herra Tohtori]

For registry cleaner, RegCleaner would be my suggestion. A gem of a program in my honest opinion.

As for optimizer, I can't really help there, as I have a deep mistrust against automated optimizing... but going through the registry and startup sections with RegCleaner usually helps immensely anyway. Especially with startup sequence. It tends to do the same as "optimizers" anyway, but you get a conscious picture of what exactly is going on.

[Kosh]

You could also try Kaspersky, best one I've used so far.

[Nuke]

youre update subscription might have run out. you are probably better off with avg.

For registry cleaner, RegCleaner would be my suggestion. A gem of a program in my honest opinion.

As for optimizer, I can't really help there, as I have a deep mistrust against automated optimizing... but going through the registry and startup sections with RegCleaner usually helps immensely anyway. Especially with startup sequence. It tends to do the same as "optimizers" anyway, but you get a conscious picture of what exactly is going on.

indeed that tool has helped me fix of computer problems. though i have trouble running it on some newer versions of windows, xp media center and xp pro 64 come to mind. works ok on vista 32.

[jr2]

I've cleaned up after NAV and NSW several time, IMHO they are crap.  Not worthless, but almost.    And they trash system performance.  Same for McAffee, but it's not quite as bad on system performance, but the last time I worked with it was years ago, so IDK about now.  I personally use AVG, and since my Router has a built-in firewall, I just use Windows Firewall, works fine.

[karajorma]

that's something of a dangerous attitude if you don't have Vista. Windows Firewall on XP doesn't protect you against outgoing connections so although you've made it harder for someone to hack you if they do manage to get in there's nothing to stop their malware/trojan phoning home and then allowing who knows what into your machine.


@HT have you had any personal experience with Comodo? My subscription to ZAP is running out and I'd rather not pay again if there is a decent freeware alternative.

[Herra Tohtori]

Well... it seems to work fine, stability-wise it's been very good. Haven't had any real problems with it, although some may dislike it's tendency to ask a lot of questions, sometimes even about programs that you have supposedly added into group of accepted programs. Also, the interface is not perhaps the most user-friendly or comprehensive, but it does appear to do it's work at least as far as the aforementioned Gibson Research Center's LeakTest 1.0 could tell.

I found it better (for myself) than Sunbelt Kerio personal firewall, though (which is AFAIK in features about equal to Comodo, at least as far as normal PC user is concerned). Tried both after I gave up ZoneAlarm's free version (being frustrated in it's inability to allow IRC traffic[!]), and ended up with Comodo. Installed the Kerio one on my sister's laptop, though, based on the careful customer analysis (I asked her if she wanted a firewall that asks a lot of questions all the time or one that only keeps offering chance to upgrade to payed-for version every time at startup and asks a bit less questions all the time).



...And I have to say I wouldn't trust Windows Firewall any further than I can throw Bill Gates (and considering all the people in dark suits looking like walking wardrobes around him, I'd say it's a pretty short way). Be it Vista or XP. Especially if you (likely) have need to forward ports on your router and set the router firewall to allow traffic through them from the Internets, which makes the software firewall effectively the last best line of defense for your computer.

[jr2]

that's something of a dangerous attitude if you don't have Vista. Windows Firewall on XP doesn't protect you against outgoing connections so although you've made it harder for someone to hack you if they do manage to get in there's nothing to stop their malware/trojan phoning home and then allowing who knows what into your machine.

Heh... Okey-dokey... since you mentioned it:  (long post, sorry)

File Sharing:

   Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
   Your Internet port 139 does not appear to exist!
One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
   Unable to connect with NetBIOS to your computer.
All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

Common Ports:

                               

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Code: [Select]

Port
Service
Status Security Implications

0
<nil>
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

21
FTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

22
SSH
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

23
Telnet
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

25
SMTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

79
Finger
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

80
HTTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

110
POP3
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

113
IDENT
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

119
NNTP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

135
RPC
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

139
Net
BIOS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

143
IMAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

389
LDAP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

443
HTTPS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

445
MSFT
DS
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1002
ms-ils
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1024
DCOM
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1025
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1026
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1027
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1028
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1029
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1030
Host
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

1720
H.323
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

5000
UPnP
Stealth There is NO EVIDENCE WHATSOEVER that a port (or even any computer) exists at this IP address!

All Service Ports:

Your system has achieved a perfect "TruStealth" rating. Not a single packet — solicited or otherwise — was received from your system as a result of our security probing tests. Your system ignored and refused to reply to repeated Pings (ICMP Echo Requests). From the standpoint of the passing probes of any hacker, this machine does not exist on the Internet. Some questionable personal security systems expose their users by attempting to "counter-probe the prober", thus revealing themselves. But your system wisely remained silent in every way. Very nice.

Code: [Select]


Why the first 1056 Ports?

Internet ports are numbered from 1 through 65535, but the first 1023 ports are special. By tradition, and some enforcement, ports 1 through 1023 are generally reserved for the acceptance of incoming connections by services running on the receiving system. Internet services "listen" on various standard low-numbered ports so that clients wishing to have access to those services know where they may be found. Web servers traditionally listen on port 80, eMail servers listen on ports 25 and 110, FTP servers listen on port 21 and Telnet servers listen on port 23. And the list goes on. Here's the official Internet Assigned Numbers Authority (IANA) port assignment list.

Although it is possible to have higher-numbered ports listening for incoming connections, our scan of the entire "service port range" will detect all standard services running and listening on the standard service ports.

Due to the insecure behavior of Microsoft's Windows operating systems, we have added an additional 33 ports to these first 1023 ports, bringing the total to 1056. Windows has a tendency to establish globally available listening services on the first few ports in the "client port" range which begins just past 1023. If you are not running a personal firewall, or you are allowing ShieldsUP! probes into your network, you may discover one or more additional open ports at, or just above, 1024.

Windows Messenger Spam:  No pop-ups appeared...

Web Browser Header, Secure:

Code: [Select]

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Connection: keep-alive
Host: www.grc.com
Referer: https://www.grc.com/x/ne.dll?rh1dkyd2
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Cookie: temp=ekg2aywmcfzup; perm=qa5tp1bnzyx1k
Content-Length: 32
Content-Type: application/x-www-form-urlencoded
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
X-navid: 6cc-2040d676
X-browser-timestamp: 597834
FirstParty: https://www.grc.com
ThirdParty: https://www.grctech.com
Secure: https://www.grc.com
Nonsecure: http://www.grc.com
Session: xa5zxfrgoab3a
Web Browser Header, Non-Secure:

Code: [Select]

Accept: text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Host: www.grc.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.9) Gecko/20071025 Firefox/2.0.0.9
Cookie: temp=nsx2xd0uo0tag; perm=p2xwetn1n04vb
Content-Length: 29
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
X-navid: 6cc-2040d676
X-browser-timestamp: 717785
FirstParty: http://www.grc.com
ThirdParty: http://www.grctech.com
Secure: https://www.grc.com
Nonsecure: http://www.grc.com
Session: ewo5yfrf2gtlh
Personal Firewall test, found in Free Stuff:

Firewall Penetrated!



Yes, Windows Firewall doesn't manage outgoing connections by programs, I know.  But, none of the free Firewalls appear to be able to be configured to allow a program easily enough, or I never hear the end of their Allow/Deny prompts (Vista, anyone?)... I'll have to check out some free Firewalls again, see if there's anything that works.  Last I checked, I didn't like any of them.

EDIT: Mouse Trap (Metafile Image Code Execution):

This System has no MICE.

You can relax.  The Metafile Image Code Execution feature designed into all versions of Windows since NT4, has either been removed or suppressed by subsequent updates or patches.  This system will no longer execute potentially hostile code contained within specifically crafted Windows metafile images.

EDIT2: Socket To Me:

Full Raw Sockets are Available

The system is allowing the currently logged on user to have full access to Internet raw sockets.  Applications running under this user's system privileges can easily abuse the Berkeley Sockets system for the generation of malicious Internet traffic.

  Got me... but, 5 seconds later, after using Socket Lock:

Raw Sockets are NOT Available

The system is denying the currently logged on user all access to Internet raw sockets.  Applications running under this user's system privileges will NOT be allowed to abuse the Berkeley Sockets system for the generation of malicious Internet traffic.

So, I fixed that one.

What are you guys getting for results on these tests?

[Jeff Vader]

@HT have you had any personal experience with Comodo? My subscription to ZAP is running out and I'd rather not pay again if there is a decent freeware alternative.

Comodo gets another vote from me. I've used it since, what, June or July and it has always worked great. The installation program even offers to shut down Windows Firewall if it's on during the installation.

2.4 did ask a lot of questions, even some bizarre ones. For example, if I fiddled around with Winamp, then switched to Firefox and clicked a link, Comodo would inform me that Winamp has tried to use Firefox for some dastardly deeds. But the new 3.0 hasn't done that anymore. Just asks for decisions when a new program wants to get on the Internets.

Anyways, I trust Comodo fully and recommend it to anyone who either doesn't have a decent firewall or is currently using some high-priced, unstable commercial solution.

In addition, someone mentioned registry cleaning software. Here's another option: Wise Registry Cleaner. Quite simple. You can remove unnecessary registry entries with two clicks (if you don't count starting the program and shutting it down).

[colecampbell666]

So when my Norton subscription runs out, I'd be well advised to go with AVG and Comodo? Or are there any better programs?

[karajorma]

I've heard conflicting reports about NOD32 for both virus and firewall version. The anti-virus especially.

That said we've had at least a couple of slowdown problems with BtRL that turned out to due to NOD32 intercepting every single call the game made to a VP file (resulting in a load time of 10-15 minutes).

AVG on the other hand does work pretty well and has very rarely given me any problems.

[perihelion]

@Karajorma,
I know enough about computers that most of my family comes to me for advice, but I am no expert by any stretch of the imagination, so be gentle.  Are you saying that having a properly configured hardware firewall (such as that built into a router) is not adequate protection?  I recently switched to NOD32 antivirus, but unlike a lot of others out there it does not come with a software firewall.  The two computers in question use win2K and winXP respectively, and the Windows Firewall is disabled in the XP computer.  Again, is there a point of having a software firewall on top of a hardware one?

[fsphiladelphia]

FWIF, I have been using AVG exclusively on my desktop and laptop for years, no problems.  It updates itself and runs system scans while I'm asleep, and takes up almost no resources.  I also use their anti-spyware program so I don't need to run something like Spybot which takes up more resources than AVG, also.

I just uninstalled like 3 AV programs my parents were running (haha, parents + computers = hilarious), and installed AVG, because the various programs were constantly providing popups of their own telling him the subscription was going to run out, the software needed to be updated, other programs they were marketing, etc.

AVG works plain and simple, and without any of the above.  I don't know why these companies insist on making inferior products that hog more resources.  Well, I do know why ($), but I'm not going to use the programs, anyhow.

[TrashMan]

I've heard conflicting reports about NOD32 for both virus and firewall version. The anti-virus especially.

That said we've had at least a couple of slowdown problems with BtRL that turned out to due to NOD32 intercepting every single call the game made to a VP file (resulting in a load time of 10-15 minutes).

AVG on the other hand does work pretty well and has very rarely given me any problems.

Strange. I have NOD32 and it hasn't conflicted with anything yet or slowed down FS...

[Jeff Vader]

AVG has indeed appeared to be a trustworthy little AV program. Back when I had F-Secure Internet Security I was constantly getting violent since

a) it often froze up during a complete system check
2) it always froze up during a single file check or didn't even start
d) it kept hogging so much resources that I bet no viruses could have even operated on my computer due to lack of memory and processor time.

I switched to Antivir after that and kinda liked it, though on several occasions it had problems connecting to the update server. Then, when I reinstalled XP, Antivir wouldn't work properly anymore. It kept clogging the system so that none of the other programs, like Firefox, could start up anymore. After that, I discovered AVG and it has been a reliable companion. Installs easily, uses little resources, manages to update itself without complications and does everything I need (scans files that are opened and has a manual scan option. And it doesn't even throw any pop-up windows concerning registration. A good AV program, I say.

[karajorma]

Strange. I have NOD32 and it hasn't conflicted with anything yet or slowed down FS...

Conflicting reports = reports that conflict with each other's opinion NOT reports that it conflicts.