Reply to: Help! ccsvchst.exe is killing my machine!

A firewall that prevents outgoing connections is protecting the beginning of the chain.

ISPs randomly preventing people connecting to the net would break loads of legitimate things and probably not work. Even with deep packet inspection it would be trivial for malware writers to circumvent with encryption or steganography.

Maybe ISPs should concentrate on filtering out this stuff at source. Every PC or hosted server has to connect to the internet somewhere, so first port of call should be firewalled against the scum.

Why should those at the end of the chain have to protect against those at the beginning?

SANS run a (semi) real time survival time chart tracking the time between connecting to the internet and the first attempted connection from a malicous source. Asuming an unpatched system the first attempt will almost certainly result in infection of the target. It generally hovers somwehere around 10 minutes.

SANS Survival Time Chart

Hope That Helps But I See I'm Dyslexic...?

I recall around the end of 2004 I helped a friend with a USB modem internet connection (which had no firewall) reinstall XP. By the time you had connected, mdownloaded and started installing updates, SP2 and anti-virus software it was infected i.e. within minutes of connecting. In the end I had to download XP SP2 and AVG from elsewhere and install offline in order to get the PC well protected enough before connecting.

I remember reading an article a few years ago in one of the computer magazines where they did a test for how true it was that the internet was awash with nasties trying to infect your home computer via an unsecured internet connection.

I think they had the PC connected to an unsecure connection for less that a day before they had all sorts of infections uploaded to it.

Of course, this could have been a stunt, or they could have been using the office network whose IP address is probably well known to the hacker community.

Maybe the story had 'advertisement for Zone Alarm' at the top.

Moral of the story: There's free protection available (usually out of the box) so may as well use it, as long as it doesn't hog too many resources.

I guess it works fine, I've not had a virus since using it (admitedly the paid version though) for years

And if you do get a Mac, don't run Norton on it.

(I don't know if it is still sold, but a few years ago I saws lots of reports that Norton for Mac was a resource hog)

Get a mac

HTHBISID

Yep, although I didn't realise that wasn't in XP too. If you install a game you sometimes get a popup when you try to play online the first time, etc.

I think the Windows 7 firewall does that too. It has outbound rules that by default block programs/services unless you specify otherwise. A warning appears if something attempts to make an outbound call so you can decide whether to add it to the safe list.


I've been using MSE since its release but it isn't good enough on its own to catch everything. I recommend also using Malwarebytes Anti-Malware which is free for manual scans (have to pay to get live monitoring), which is good enough for periodical checking unless you routinely browse dodgy sites. In which case a virtual PC or other sandbox to browse in isolation is probably a good idea.

Zone alarm stops outbound vectors so rogue processes can't dial home with your details. A router firewall only blocks inbound.

By and large a Firewall is a Firewall is a Firewall.

For a home network where you don't need remote access from your office or hotel room you can just rely on your router (assuming it has one, most of them do now) in it's out of the box config. It will block all inbound traffic by default unless it's a response to a request from your network. You can run windows firewall if you really want, but if you have a firewall on your router there really isn't much point.

I use the MS stuff. It's pretty good.

I've not had anything serious but the desktop (still running XP) did pick up a java nagware thing a couple of times, basically due to having a very old java version on it. I cured that by uninstalling java and cleaning it up. My windows 7 machines have all been totally fine.

<deleted>