Yes, my internet is on "plain telephone wire" I presume. I just plug my computer in the phone jack in the wall. If somebody tries calling, then they get a busy signal :-)
So you are on 56K then, not ISDN?
IAfter reading what you said, I don't believe my ISP (netzero) does any filtering "down stream" to my computer.
filtering for sure, but there should be some form of router up there providing some rudimentary port defense ( but I suppose they might just be cheap and be using some bare bridge type of device ). Testing with and without firewall should provide an answer. For a comparison, an example of running really bare would be on broadband, where you have the cable modem sitting near the computer, and rather than inserting a router between them you jack the computer NIC straight into the modem ethernet port. This is as bad as it gets since the IP is usually static at the modem and assuming no software firewall on the PC, you should get probed rather quickly and compromised soon thereafter all at Mbits speed ( hence the firewall added in WinXPsp2 ). I guess it is possible that NetZero has developed the same scenario by using something upstream that just mirrors all ports to your system, but they should have learned something by now and at least used routers with some kind of protection against DDoS and the like.
IThe reason why is because I have run the GRC test multiple times, and the PC Flank test from another website, with and without my firewall activated. When my firewall was acitivated it said my computer was secure and the ports were either closed or stealthed. When I retook the test without my firewall, everything was open and I completely failed the GRC test!
Well that is surprising to me. And I guess that is your answer. NetZero apparently provides your system with the ability to use any ports and be attacked via the same. Consequently, a software firewall would seem to be critical now. The one test control I would perform would be to try one or two non-firefox browsers ( Opera and MSIE with no plugins or widgets and no extras like "Sync" or whatever ). Reboot first, and immediately launch the Shields Up
page. Don't visit any other sites or pages first to rule out some flash ad or something that might open a port somehow. Get results from all three the same way ( reboot, etc ) with and without firewall for a total of 6 different passes and then we can come to some conclusions about your default security status from NetZero ( but yes, it is not looking good so far ). I'm not sure if you can disable the firewall before reboot, but it is possible that the firewall software itself is using some port even, when disabled, for back-channel communication.
II use Tiny Personal Firewall. Upon installation it prompts the user whether or not to share NetBIOS access. Every time I've installed it, I always check "NO. Don't share my files."
I then have proceeded to taket the GRC test. Results are always the same: "File Sharing: unable to connetc to NetBIOS on my computer. My computer is well hardened against internet attacks." Or something to that effect.
That is the correct message, no NetBIOS. I can't think of a good reason for it ( maybe that photo sharing option that comes with every camera or webcam? ) and it dates back to DOS, maybe even before Netware. Windows has it for backward compatibility I guess, and this is fine as long as it can easily be disabled. I think in Win9x it is a service so that registry needs to be deleted if I remember correctly. Also, I believe it comes back from time to time piggybacking on some INF file that gets launched when you Add/Remove a network adapter or use that "Windows Setup" tab in Add/Remove ( the one that reinstalls everything "checked", instead of only the things you "just" checked at that moment ). But yes, it should be disabled. Your status is correct.
Next up, I do the simple port scan then the advanced port scan. The results are always the same, "All ports tested are stealthed." A curious thing though is that ports zero and 1 are merely closed, not stealthed. So in that regard my computer is visible, it always fails the "True Stealth" test. Because I have a couple ports that are closed instead of stealthed. No big deal I figure.
Like I said above, if possible do a more controlled test with 3 browsers and firewall on and off. A quick Google finds this thread
with users of Comodo firewall, and one possible reason is that ICS ( Internet Connection Sharing ) changes those ports to "closed" when ICS is disabled. If ICS isn't present in WinME, then perhaps something similar is doing the same. From what I read, it is most likely not a problem, but since we cannot rule out something in Sea Monkey yet ( hence the multiple browser experiment ), it is still too soon to know why they are not "Stealth".
Anyways, sometimes, randomly while surfing the web I'll get a pop-up screen telling me that "Somebody at address xxx.x.x.xxx wants to Connect to SeaMonkey using port x.xx...x Permit or Deny." I always choose deny. Sometimes I also get pinged. I've looked at the internet address in my logs to see who pinged me. I then do a google search of that specific IP address and it's always from China.
So, if my ISP was protecting me before sending me data, then in theory I shouldn't get random people trying to connect to my ports or ping me, correct?
Yes, it is starting to look like NetZero is not blocking any ports. If your software firewall is catching pings they certainly are not preventing anything from swimming downstream to you. For all practical purposes there is no hardware firewall present. Does your software firewall show attempts on any port or just those not in "Stealth"? I'm not sure what is an appropriate or unusual level of pinging for you. I believe it directly correlates to the bank of IP addresses your ISP and you reside in. The bad guys will go for the low hanging fruit and they would know where that fruit is. It could be that NetZero IP's gets more or less than say another ISP so it simply comes with the territory. Or, there might be more war dialing port scanners in operation this week rather than last. Who knows.
The only reason I think I never got hacked before I started using Tiny Firewall two years ago, is that Windows ME by default has file sharing turned off... contrary to Windows 98 which is on by default.
Yep, that makes sense.
I still don't understand what file sharing has to do with having "open" and "closed" ports though, because back then I wasn't using a firewall at all but I still never had any visible signs of computer hijacking or mysterious glitches.
Open ports are a prerequisite for file sharing. When you have a router or software firewall you will almost always need to edit the configuration temporarily to use something like a torrent. As far as not
getting hijacked, that is the result most people on dial-up report, including myself when I used it. The biggest security risk was never from remote invaders, but actually from executing an infected file or malware installer locally. The payload may be present already and is easily installed or it simply phones home knowing your exact defenses and comes back through whatever ports are open, with a payload ready to go.
Another thing is, if Netzero actually did filter or block or whatever the data going "downstream" to their customers, I wonder why they'd bundle the Norton Antivirus software free with their Netzero software.
I think we are now understanding why they bundle AV in there, their customers have the ( low speed ) equivalent of a naked broadband
and without some protection they will get compromised. A better question is why not include a firewall instead or in addition to it ( note, you said they include NAV not NIS ). Realtime AV, as I often state, is completely optional as long as the computer user is careful because IMHO the bad outweighs the good, but YMMV. Without a proper router though, a software firewall is clearly essential.EDIT: modem
, not router
Edited by CharlotteTheHarlot, 22 February 2013 - 05:23 AM.