Symantec Security checker

[m8E]

I have just used the Symantec Security checker to find out if my computer had any Hacker Exposure and Trojan Horse Vulnerabilities. The check went okay and most of the results came back as good but a few came up which worried me:

TROJAN HORSE VULNERABILITY RESULTS:

1025 Unused Windows Services Block

HACKER EXPOSURE RESULTS:

ICMP Ping

23 Telnet

80 HTTP (Hypertext Transfer Protocol)

Each of these results had at the end of them a red circle with a tick in it which Symantec indicated that these were open ports in my computer and vulnerable to attacks.

Firstly can someone tell me if Symantec's Security Checker is reliable, and secondly, can someone let me know if the seemingly worrying results which the symantec security checker found are actually anything to be worried about and if so how can I deal with them?

Thanx

m8E

[m8E]

Also, when the checker says ports, does it mean actual ports that I can see at the back of my computer or does it mean other ports which I, not being particularly computer knowledgeable, would not know existed unless I opened up my computer to look inside?

[prathapml]

No amount of opening and peeking can show you the ports it refers to.

The ports mentioned here are abstract entities, theoretical ones - that only exist for networking purposes.

[m8E]

Thanks prathapml, and are these ports being open like they are worth worrying about?

[prathapml]

If you are connected to network on which hostile hackers might be a part of (like the Internet), then open ports are a cause of worry.

[phiber0ptik]

Port 80 is the standardport for a webserver, port 23 is the standardport for telnet and port 1025 for RPC (Remote Procedure Call service). If you dont run a webserver on your computer you should stop that service (probably IIS) do the same with the telnetservice, and just leave rpc alone. ( Start -> Run... -> services.msc -> [Enter] ) I suggest you to use a firewall, and run symantecs security scanner again

You can always try to connect to port 80 on your computer with telnet. Start -> Run... -> cmd -> telnet localhost 80 -> [Enter] -> [space] -> [Enter]

This will give you an output message, something like:

"Apache/1.3.31 Server at do.not.attack.this.server Port 80"

(example from me doing the telnetthingy )

This output should say something about Apache or IIS, otherwise it could be a trojan.

PM me if you need help or something

//phiber0ptik

[m8E]

I do have a firewall but the Symantec Security checker still manages to find those four ports I mentioned all open

Also I can see now how port 80 would need to be open in order to actually use the internet so I'm less worried about that particular port being open now, although is port 80 used for anything else other than being connected with the internet?

[prathapml]

1. Port 80 is open for *INCOMING* connections. That's not correct. It should not be open at all, unless you have a HTTP server there.

2. You need no ports to be open, for outgoing connections (as in, browsing, downloading, etc.)

[m8E]

Thanks again prathapml I'm not running any kind of server just an ordinary PC. Does what you've said mean that I should be looking to close all of the 4 ports mentioned as soon as possible? If so could you let me know how to do this?

If I close off the mentioned ports is the closing off process reversable and can I still use the internet as usual i.e browsing, downloading, sending and receiving emails, registering with and logging onto websites?

[prathapml]

Yes to all

And how to close those 4 ports? Symantec Security Center may not really the best there is.... Try to block using that itself, if there's no way to do it, check out ZoneAlarm firewall (the best right now, and free to boot).

[m8E]

I've tried downloading and using ZoneAlarm firewall but somewhere in the process my Norton Firewall showed up and I blocked access to and from the ZoneAlarm website and now I don't know how to undo that because my Norton Firewall doesn't want to let me! So assuming the ZoneAlarm choice is not available in the short term until I can find a way to sort out my little mistake is there another option?

I don't know if I have a Trojan in my computer but if I did have a Trojan in my computer would this open the four ports mentioned to others even through my Norton Firewall?

I'm using Spybot S&D which isn't showing anything bad there, and I'm also using Norton Internet Security and Norton SystemWorks which is not showing up any Trojans in any scans.

prathapml do you think that Symantec/Norton are not as good as others when it comes to internet security and keeping a PC in good running order?

[prathapml]

do you think that Symantec/Norton are not as good as others when it comes to internet security and keeping a PC in good running order?

That's a question you have to answer for yourself - because different people have different views about that.

And your PC seems badly out of condition. (j/k)

All those many anti-viruses, firewalls anti-spywares.... doesn't take one anywhere!

Ensure you have WinXPSP2, uninstall all those junk (which only slow down operations), and take a look at ZoneAlarm SecuritySuite (which has all that is needed and more!).

[m8E]

I have found so far that the extra things to help keep my computer clear are not slowing down my computer, it is only the Norton products which have a noticable slowing effect, but Norton have always been like that no-matter which computer I've installed their products on.

The ZoneAlarm products I am new to, have they been going for long? It seems that you are really quite enthusiastic about what they have to offer prathapml.

WinXPSP2 I have installed which I think has helped to keep my computer running better and have not had as yet any problems with it (unless it has something to do with keeping the four ports open).

[prathapml]

ZoneAlarm firewall has been around since a long time. Then they started expanding the feature list, where recently anti-virus, IM-protection, and so on... was added.

Been using SecuritySuite since quite sometime and I'd say its VERY good. (nothing else is needed for security/protection after installing ZoneAlarm SecuritySuite)

[m8E]

you're not employed by ZoneAlarm are you prathapml?! Just kidding! I've paid for my Norton Firewall and SystemWorks recently but I don't know how to fully utilise them so for now and until the year's subscription is up I will be trying to work out how to do so before buying something different like ZoneAlarm, although I will be keeping my eye on that one. In the meantime I'm still looking how to get those four ports closed off!

I've been to the Microsoft website and found http://www.microsoft.com/athome/security/s...re/default.mspx which is Antispyware from microsoft and it found things which Spybot S&D didn't and I'm thinking of converting! But still my four ports are open....

I did full virus scans, spyware scans, disk cleans and even a defrag all in safe mode but even though some threats were found and consequently removed, my four ports are still open!! Do I have to configure my firewall so that everything is blocked and all ports are closed, and then re-open all the ports one by one to see which are the offenders? (if I can figure out how to do that!)