How do I know my firewall is catching everything?

[Imzadi]

I downloaded one of the free ZoneAlarm firewalls as so many people on another forum recommended it. It is an earlier version: 4.5, since I only have Win ME & I can't find out if the newer versions (6.X) are for Win XP only.

I have it set to alert me when a threat happens & it does go off now & then. But how do I know it's catching every invasion? Can anyone know their firewall is?

I got DSL only a couple of months ago. I was having problems so I called Verizon. With my knowledge & permission, they had me access a webpage where they could then "share" my computer with me. I saw them move my mouse arrow around to point to certain things & even change webpages right in front of me on screen. They could see everything happening on my computer. When I asked them if hackers could do this too, they said YES, but they wouldn't be moving my mouse. They WOULD be able to see me typing in my credit card number on webpages.

That scared me so much. That's when I downloaded ZoneAlarm. But I have BARELY made any web purchases since - maybe 2 in the last 2 months. I used to do MAJOR shopping online - like a couple times a WEEK! Getting great web deals & the convenience of shopping online was a major passion & joy for me. Now I'm too scared & bummed to enter my credit card. Since it's actually a debit card, not credit card - I'm not protected in the same way as for non-authorized credit card purchases. A hacker could wipe out all my rent money before I realized it & my bank wouldn't do much about it.

If I got a separate card for on-line shopping, I'd still have to transfer funds from my bank account to that card, since I never know what I'll be getting until I see a deal. A hacker would still see BOTH accounts & the passwords I type in.

Am I being overly paranoid, or what other steps should I take?
I miss shopping online!

 

[rgf207]

Ok well first of all, Verizon "technicians" dont always know what they are talking about. If you are careful you will be ok. It is great to have a firewall but that wont do much help if you are not careful about where you go. The verizon Techs were using a remote administrator application to access your system which is ok for them to do. Just watch what you download and dont click on those "phishing" email scams because a lot of those will attach a trojan or keylogger which will log your keystrokes. Your best chances for protection are having a virus scanner with viruses definations updated all the time and a firewall. You should run a full sytem scan every week for viruses and keep your windows up to date.

I do computer stuff for a living and I run across a lot of people with tons of spyware, adaware and viruses on their systems because they are not careful and they just click on everything and anything without knowing what it is. I do all of my shopping online but I know where to do it. I will not order from any site that is not secure.

All you have to do is be safe and aware of where you are and what sites you are going to.

 

[Imzadi]

I will not order from any site that is not secure.

Thanks, I routinely run a virus check right from the TrendMicro site as well as a few other places, & do an Adaware & Spybot scan. Been really lucky so far. And I scrupulously clear my cookies before ever placing an order. Once in a while I do find cookies for "keystroke logger" or other funny names that involve "keystroke something or another" and make sure I delete them all.

I do most of my online shopping at reputable sites like Staples, JCPenney, etc. & always make sure I am on a secure ordering page with the icon of the lock on the bottom or the https .

However, maybe my concern is about how DSL works or can get compromised. Doesn't the "secure" mode only mean when the info is being SENT? I mean, when I'm typing in my CC#, it is visible in the window, so I can check the number is typed correctly before submitting my order.

I guess I'm worried that's when hackers could be watching & scribbling down my info. They'd get my full billing info as well as my CC# AS I'm typing it. CAN they be watching on the same webpages as me? Wouldn't hackers be waiting for shoppers at Staples, etc? If they see me surfing non-secure pages there or other stores, it's a good bet I might be ordering.

 

[rgf207]

When a site is secure, that means that the data is transmitted using 128bit encryption which is extremely difficult to crack. When you are typing the data, there is nothing being transmitted unless you have a trojan or Keylogger.

You dont really have to clean your cookies everytime. They really dont contain any malicous software. Cookies are just small bits of data that are stored locally on your system which websites use to track and collect certain data. Basically every site uses cookies. The Disboards uses them. If you keep your virus definitions updated and run a scan and spybot often you should be fine. Also if there are incomming connections and your computer has not already been compromised, your firewall should block them and alert you.

Does this help you? Let me know if you have any questions

 

[jfulcer]

Ok, a few suggestions and comments:

If you were running your system without firewall and without virus protection for a long time via the internet there is a good chance that your system may be compromised already.

1) You need to make sure your Windows has been updated through their Windows Update site. Turn on 'Automatic Updates' and all of the really critical ones will be downloaded automatically.

2) You should have ALWAYS ON virus software. Not one that you run 'when you remember'. This is one of the very few things that I've purchased that I think is really worth the money. It's $60-80 that is worth it's weight in gold.

3) Never, ever, ever enter your password or login information because an email told you to do so.

4) DON'T USE INTERNET EXPLORER ANYMORE. Go to www.getfirefox.com and get the Firefox browser. Much more secure, faster, and it won't let sites just drop software on your machine.

5) If you have cookies that talk about 'keylogging' something or other, I would be VERY worried. Have you run a recent spybot and adaware? Do it now. No, stop reading this thread, close everything, and run it now. We'll wait for you to come back. I would recommend getting and running a copy of a piece of software called Hack this. You report back what your computer is telling you on a forum board, and people help you get rid of nasties if you have them. Post that are are not sure if you have a keylogger. (Get HijackThis. Please read the directions on how to install and run it properly. After you install HijackThis this please go to this website and post your own thread with a copy of your log. They will tell you what to remove. Also while there, read this thread and follow the instructions this will really help keep the nasties away.)

 

[Imzadi]

Thanks rgf207 & Jeff! You are both very helpful

Jeff, I did run Adaware & Spybot a couple of days ago. Nothing. No keystroke logger thingies since.

However I Do do all my surfing in IE, since getting rid of AOL. Eeps! I will download Firefox and get a virus software to have always on. And I'll check out the HiJackThis site.

Another friend mentioned getting a hardware router with a firewall in it, over the downloaded firewall I have and the free wireless router I got from Verizon. Will this really help or would I be throwing away money, thinking I'm more secure.

 

[jfulcer]

Another friend mentioned getting a hardware router with a firewall in it, over the downloaded firewall I have and the free wireless router I got from Verizon. Will this really help or would I be throwing away money, thinking I'm more secure.

Most routers have enough capabilities to block most things that even the free one should work ok. If you can post a model name and number of your router, we can help you get it configured more securely. You need one that can block ports. You really should only need ports 80 (web surfing) and 443 (secure web surfing) on your machine open for normal surfing. IMing would use another one, but they all use different ones so I couldn't help with that.

I myself just use the port blocking on my router and a software firewall. It's been good enough for me.

 

[Imzadi]

Verizon gave me a wireless Westell Versalink model 327W.
I don't think it has a firewall in it.

Don't worry about IM stuff. I really don't IM.
I was too busy shopping or typing here at DIS.

 

[jfulcer]

Verizon gave me a wireless Westell Versalink model 327W.
I don't think it has a firewall in it.

Don't worry about IM stuff. I really don't IM.
I was too busy shopping or typing here at DIS.

That modem does have a port blocking on it (firewall). Here is the manual (which you should have) http://www.westell.com/content/sales/327W.pdf Just running through this, you need to read around page 57. Since it's also a wireless router, you also should be thinking about securing that too.

I'd read the manual first and then if you can't figure it out, call Verizon. They may have someone that can help you get it setup better. I wish I could be more help but it's hard without being there. Don't worry about it being too complicated. Take your time, read up and you should be able to do it. If you can't, see if you have a geek friend that can help.