Re: A new 'Beta' test from Panda
'BoaterDave' wrote, in part:
| That since having had my identity stolen some two years ago (on-line
| Paypay/ebay) I have switched ISP, installed a router and connect
wirelessly.
| I use a Security Suite and the other software I mentioned and am now also
| reasonably adept with HiJackThis. I never stray to 'bad' sites either when
| on the web.
_____
'Trust' on line, hmm. For newsgroups, technical newsgroups that have a
connection to computer security and vulnerability, well, I judge on
does a mature individual seem to be behind the posts?
is advice given in post agree with facts I know to be true?
history in newsgroups (a Usenet newsgroup archive will contain almost
every Usenet newsgroup message posted in the last 25 years, searchable by
author)
'peer group' effect - bad advice is usually pointed out very quickly
the less I know about a subject, the more skeptical I am of advice (no
matter what the medium)
does the poster take responsibility for postings?
You seem to properly take Internet security seriously. As for 'Papal, I get
enough 'pishing' Papal emails that I just ignore them all; same goes for any
email that purports to be from my bank. If any institution REALLY needs
important information from me they will just have to use a different medium.
I've never suffered from 'identity theft', though my brother had his credit
card information during hotel registration; that information was used to
open an ISP account, and then to open an Internet gambling account. The
credit card issuer had software that tracked usage patterns, flagged the
Internet gambling account and immediately contacted him. That proactive
security is becoming more common and more sophisticated; for example, it is
impossible here to purchase gasoline more that three times in a few hours
using the same credit card.
Finally, sorry for the all the USA specific remarks - I hadn't picked up on
your spelling B^)
Phil Weldon
"BoaterDave" <BoaterDave@nospam.invalid> wrote in message
news:%23Vg5NDK0HHA.1188@TK2MSFTNGP04.phx.gbl...
| Phil - I take in what you say, but would add ...............
|
| That since having had my identity stolen some two years ago (on-line
| Paypay/ebay) I have switched ISP, installed a router and connect
wirelessly.
| I use a Security Suite and the other software I mentioned and am now also
| reasonably adept with HiJackThis. I never stray to 'bad' sites either when
| on the web.
|
| About an hour ago, my doorbell rang. Outside was a policeman. He was
invited
| indoors.
| He questioned my wife and me about our next door neighbour - a young man
| aged about 30 or so. He had evidently been taken into hospital (for
reasons
| not disclosed to us) and had later dischared himself - he had subsequently
| disappeared without trace.
|
| All we really knew about him was that his name was Dan, that he'd fairly
| recently dropped out of horticultural college and didn't see eye-to-eye
with
| his parents who live somewhere in Wales. He was a rather disturbed young
guy
| who kept himself very much to himself and didn't really want to
communicate.
| He's lived alongside us for the best part of 12 months and that's really
all
| we knew about him. We felt rather embarrased.
|
| How much do you know about your neighbour(s) ............. and those you
| 'trust' on-line?
|
| FWIW
|
| David
|
|
*************************************************************************************
| "Phil Weldon" <not.disclosed@example.com> wrote in message
| news:xduqi.12613$zA4.4994@newsread3.news.pas.earthlink.net...
| > 'BoaterDave' wrote:
| > | I'm actually using the McAfee Internet Security Suite supplied (at
extra
| > | cost!) with my AOL (UK) subscription
| > | + Windows Defender, AVG Anti-Spyware 7.5 and Ad-Aware 2007 - all up to
| > date
| > | on Windows XP Home, SP2 and all updates.
| > |
| > | I was referring in my comment to those on another newsgroup who seem
| > adamant
| > | that they can identify me regardless of my selected 'nick' for posting
| > | purposes. If my IP doesn't give me away, I was wondering what other
| > 'spy'
| > | might be being used to identify me.
| > _____
| >
| > And I gave you methods!
| > I guess another method would be
| > get the IP address from a recently posted newsgroup message
| > launch an attack on that IP address through the Internet
| > exploit a vulnerability to take control of your system
| > rifle through your files
| > export information over the Internet to the hacker.
| >
| > But simple precautions can block this chain at several points.
| > router with NAT
| > hardware firewall
| > software firewall
| > antivirus and antimalware programs installed, up-to-date, and always
| > active
| > secure physical location
| > up-to-date security patches installed on operating system and
| > applications
| >
| >
| > Or someone could just enter the physical location of your system and
make
| > changes.
| >
| > There is a difference between what CAN be done and what is worth
something
| > to someone to actually DO. At the moment, in the USA, a 'national
| > security
| > letter' can get the US government most any information requested. But
are
| > you worth the trouble B^)
| >
| > Phil Weldon
| >
| > "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
| > news:%23RSl$MJ0HHA.3400@TK2MSFTNGP03.phx.gbl...
| > | Hello again Phil - slight misunderstanding I fear!
| > |
| > | I'm actually using the McAfee Internet Security Suite supplied (at
extra
| > | cost!) with my AOL (UK) subscription
| > | + Windows Defender, AVG Anti-Spyware 7.5 and Ad-Aware 2007 - all up to
| > date
| > | on Windows XP Home, SP2 and all updates.
| > |
| > | I was referring in my comment to those on another newsgroup who seem
| > adamant
| > | that they can identify me regardless of my selected 'nick' for posting
| > | purposes. If my IP doesn't give me away, I was wondering what other
| > 'spy'
| > | might be being used to identify me.
| > |
| > | David
| > |
| > |
| >
*************************************************************************************************
| > | "Phil Weldon" <not.disclosed@example.com> wrote in message
| > | news:uRsqi.11417$rR.9799@newsread2.news.pas.earthlink.net...
| > | > 'BoaterDave' wrote:
| > | > | So it seems that they are lying - or I have malware (again!) on my
| > PC!
| > | > | Now I've got to determine which it is!
| > | > _____
| > | >
| > | > No, not lying - 'Beta' is a warning label that the software may not
| > work
| > | > as
| > | > intended. You should not depend on 'Beta' software for critical
| > | > operations
| > | > (and keeping your system free of malware is a critical operation.)
| > And
| > | > even
| > | > antimalware in production can give false alerts. If you are going
to
| > use
| > | > an
| > | > on-line scan, pick one that is NOT 'beta' and that is more thorough
| > than
| > | > 'Nanoscan'. Symantec and other antimalware publishers have more
| > thorough
| > | > on-line scans
| > | >
| > | > As a comparison, the Symantec on-line virus scanner will scan every
| > file
| > | > on
| > | > a system and take 20 minutes or more (fast system with > 100,000
| > files)
| > | > while 'Nanoscan' checks, on the same system in 20 seconds, well, who
| > | > knows?
| > | > ( I would imagine 'Nanoscan' checks memory, the registry, and
whatever
| > | > else
| > | > it can in 20 seconds. Something like 'Nanoscan' might eventually be
| > an
| > | > quick supplement to other malware detectors, but only a minor
| > supplement.
| > | >
| > | > What antimalware protection do you use, and is it up-to-date (an in
| > either
| > | > the very latest definitions or definitions updated within the last
two
| > | > days)?
| > | >
| > | > Phil Weldon
| > | >
| > | >
| > | > Phil Weldon
| > | >
| > | > "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
| > | > news:eXSXPTI0HHA.3940@TK2MSFTNGP05.phx.gbl...
| > | > | So it seems that they are lying - or I have malware (again!) on my
| > PC!
| > | > | Now I've got to determine which it is!
| > | > |
| > | > | Thanks for your coments, Phil.
| > | > |
| > | > | BD
| > | > | ******************************************************
| > | > | "Phil Weldon" <not.disclosed@example.com> wrote in message
| > | > | news:EBrqi.11448$tj6.10470@newsread4.news.pas.earthlink.net...
| > | > | > 'BoaterDave' wrote, in part:
| > | > | > | When posting to a newsgroup on a private server, it seems that
| > | > | > | anyone/everyone can identify me, regardless of user name
| > employed.
| > | > | > Whilst
| > | > | > I
| > | > | > | fully appreciate that an individual has a certain style (which
| > can
| > | > be
| > | > | > | 'fudged' - obfuscated, if you will) if the IP address changes
as
| > you
| > | > say
| > | > | > | (and I believe you!) can you suggest an alternate way they can
| > | > identify
| > | > | > | someone without having installed some form of 'reporting'
| > malware
| > on
| > | > | > one's
| > | > | > | PC?
| > | > | > _____
| > | > | >
| > | > | > In the USA be George W. Bush, Alberto Gonzales, or Dick Cheney,
| > bribe
| > | > the
| > | > | > ISP, or actually get a court order B^)
| > | > | >
| > | > | > Phil Weldon
| > | > | >
| > | > | > "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
| > | > | > news:e8TIJCI0HHA.1188@TK2MSFTNGP04.phx.gbl...
| > | > | > | Phew! Thanks for all that, Phil! I really appreciate the time
| > and
| > | > | > trouble
| > | > | > | you have taken to respond so comprehensively.
| > | > | > |
| > | > | > | Dare I ask you for further comment? <g> I will anyway!
| > | > | > |
| > | > | > | When posting to a newsgroup on a private server, it seems that
| > | > | > | anyone/everyone can identify me, regardless of user name
| > employed.
| > | > | > Whilst
| > | > | > I
| > | > | > | fully appreciate that an individual has a certain style (which
| > can
| > | > be
| > | > | > | 'fudged' - obfuscated, if you will) if the IP address changes
as
| > you
| > | > say
| > | > | > | (and I believe you!) can you suggest an alternate way they can
| > | > identify
| > | > | > | someone without having installed some form of 'reporting'
| > malware
| > on
| > | > | > one's
| > | > | > | PC?
| > | > | > |
| > | > | > | I'd value your advice. TIA.
| > | > | > |
| > | > | > | David
| > | > | > |
| > | > | > |
| > | > | >
| > | >
| >
******************************************************************************************************
| > | > | > | "Phil Weldon" <not.disclosed@example.com> wrote in message
| > | > | > | news:Wwqqi.12398$Od7.11531@newsread1.news.pas.earthlink.net...
| > | > | > | > 'BoaterDave' wrote, in part:
| > | > | > | > | **Indeed - your memory serves you well (this time!)
However,
| > | > that
| > | > | > does
| > | > | > | > *not*
| > | > | > | > | explain why posts from you here invariably have different
IP
| > | > | > addresses
| > | > | > | > when
| > | > | > | > | the day changes. You cannot, surely, be suggesting that
when
| > | > folk
| > | > | > visit
| > | > | > | > | /this/ group and see the name of Peter Foldes that it
isn't
| > | > really
| > | > | > you?
| > | > | > | > | People tend to see a name they trust and follow the advice
| > | > given -
| > | > | > how
| > | > | > | > easy
| > | > | > | > | it would be to mislead vulnerable folk in such a scenario.
| > So
| > I
| > | > ask
| > | > | > you
| > | > | > | > once
| > | > | > | > | again, politely., the reason for the constant change in
your
| > IP
| > | > | > address.
| > | > | > | > _____
| > | > | > | >
| > | > | > | > In the main, for DSL, an IP address is assigned dynamically
to
| > a
| > | > | > customer.
| > | > | > | > Each time a system (or for some setups the modem) connects
to
| > the
| > | > ISP,
| > | > | > the
| > | > | > | > ISP assigns a new IP address from the block allocated to the
| > ISP.
| > | > A
| > | > | > | > static
| > | > | > | > IP address costs extra. If, for example, you were to
examine
| > the
| > | > | > headers
| > | > | > | > for my posts to this newsgroup, you would usually see a
| > different
| > | > IP
| > | > | > | > address
| > | > | > | > on posts from different days. Each IP address would be
picked
| > | > more
| > | > or
| > | > | > | > less
| > | > | > | > at random from the block assigned to the ISP. With a large
IP
| > | > like
| > | > | > mine,
| > | > | > | > that would be from a address space of millions. If you look
| > at
| > my
| > | > | > posts
| > | > | > | > with time stamps more than a few days apart the IP address
is
| > | > | > different.
| > | > | > | > The IP address associated with your post is from the block
| > | > assigned
| > | > to
| > | > | > AOL
| > | > | > | > (172.192.0.0 - 172.216.255.255), an IP address space of just
| > over
| > | > | > | > 1,500,000.
| > | > | > | > My current IP address is as I make this post is
| > 208.187.80.135.
| > | > If
| > | > I
| > | > | > | > disconnect my DSL modem, and post again, the IP address in
| > that
| > | > second
| > | > | > | > post
| > | > | > | > will be different. So newsgroup identities are exactly as
you
| > | > | > thought.
| > | > | > | >
| > | > | > | > There is no way to identify a newsgroup poster from the IP
| > address
| > | > in
| > | > | > the
| > | > | > | > post headers, even if the headers are completely legitimate
| > | > without
| > | > | > the
| > | > | > | > cooperation of the ISP because you need the records the ISP
| > keeps
| > | > to
| > | > | > match
| > | > | > | > an IP address with the customer AT THE TIME THE POST WAS
MADE.
| > | > Even
| > | > | > if
| > | > | > | > the
| > | > | > | > customers IP address is static, though you might assume the
| > | > identity
| > | > | > of
| > | > | > | > the
| > | > | > | > poster, you'd still need the account records. This should
| > take
| > a
| > | > | > court
| > | > | > | > order or a 'national security letter' these days.
| > | > | > | >
| > | > | > | > Some naive trolls who use different sock puppet posting
names
| > are
| > | > | > exposed
| > | > | > | > when [they post from a small ISP (because the pool of ISP
| > | > addresses
| > | > is
| > | > | > | > small) or when they post from a static IP address] AND the
| > style
| > | > is
| > | > | > | > suspiciously similar. But that is just exposure of sock
| > puppets,
| > | > NOT
| > | > | > | > actually matching a real identity to a post.
| > | > | > | >
| > | > | > | > As for your original question, which I think is about Panda
| > | > nanoscan
| > | > | > (ALL
| > | > | > | > the information for a newsgroup post should be in the BODY
of
| > the
| > | > | > | > message -
| > | > | > | > the 'Subject' line should be a short phrase to indicate the
| > | > content
| > | > of
| > | > | > the
| > | > | > | > message). My thoughts on Panda nanoscan: there is no
| > compelling
| > | > | > reason
| > | > | > | > to
| > | > | > | > try it. On the down side it is 'Beta' (may have bugs, is
not
| > | > ready
| > | > | > for
| > | > | > | > release, is at present for Panda's benefit, not the user's
| > | > benefit),
| > | > | > it
| > | > | > | > can't be very thorough in 20 seconds, requires installing
| > active-x
| > | > | > | > controls,
| > | > | > | > really gives no assurance that the scanned system is clean,
| > and
| > | > | > requires
| > | > | > | > an
| > | > | > | > active connection to the internet. On the up side, it is
very
| > | > quick.
| > | > | > | >
| > | > | > | > Phil Weldon
| > | > | > | >
| > | > | > | >
| > | > | > | >
| > | > | > | > "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
| > | > | > | > news:uj8F0CF0HHA.5644@TK2MSFTNGP05.phx.gbl...
| > | > | > | > | In-line responses
| > | > | > | > |
| > | > | > | > | "Peter Foldes" <okf22@hotmail.com> wrote in message
| > | > | > | > | news:OCx$NTE0HHA.1184@TK2MSFTNGP04.phx.gbl...
| > | > | > | > | Sorry Dave . But I cannot comment on your request since I
am
| > not
| > | > | > | > familiar
| > | > | > | > at
| > | > | > | > | all with the Panda software. Maybe someone will come along
| > soon
| > | > that
| > | > | > can
| > | > | > | > | comment on your question.
| > | > | > | > |
| > | > | > | > | **Thanks for your straight-forward reply, Peter. I'll wait
| > | > | > patiently!
| > | > | >
| > | > | > | > |
| > | > | > | > | As far as IP addresses go you do know that they can be
| > spoofed
| > | > and
| > | >| > some
| > | > | > | > | people do it .
| > | > | > | > | You have been in a similar situation yourself when you had
| > your
| > | > ID
| > | > | > | > stolen
| > | > | > | > in
| > | > | > | > | the past so you know what kind of situation it can create
| > | > | > | > |
| > | > | > | > | **Indeed - your memory serves you well (this time!)
However,
| > | > that
| > | > | > does
| > | > | > | > *not*
| > | > | > | > | explain why posts from you here invariably have different
IP
| > | > | > addresses
| > | > | > | > when
| > | > | > | > | the day changes. You cannot, surely, be suggesting that
when
| > | > folk
| > | > | > visit
| > | > | > | > | /this/ group and see the name of Peter Foldes that it
isn't
| > | > really
| > | > | > you?
| > | > | > | > | People tend to see a name they trust and follow the advice
| > | > given -
| > | > | > how
| > | > | > | > easy
| > | > | > | > | it would be to mislead vulnerable folk in such a scenario.
| > So
| > I
| > | > ask
| > | > | > you
| > | > | > | > once
| > | > | > | > | again, politely., the reason for the constant change in
your
| > IP
| > | > | > address.
| > | > | > | > |
| > | > | > | > | BD
| > | > | > | > |
| > | > | > | > |
| > | > | > | >
| > | > | >
| > | >
| >
______________________________________________________________________________________
| > | > | > | > |
| > | > | > | > | "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
| > | > | > | > | news:%23%23FF5pA0HHA.484@TK2MSFTNGP06.phx.gbl...
| > | > | > | > | > Hello Peter! Thank you for the reminder.
| > | > | > | > | >
| > | > | > | > | > It would, though, have been even more helpful had you
also
| > | > given
| > | > | > your
| > | > | > | > view
| > | > | > | > | > on the new facility from Panda as I'd requested.
| > | > | > | > | >
| > | > | > | > | > Whilst I'm here I noted that your IP address is
currently
| > | > | > | > 64.228.81.234
| > | > | > | > | > Having checked your other posts on this group since 31
| > May,
| > | > each
| > | > | > IP
| > | > | > | > | > address
| > | > | > | > | > is different (save for on 5 July when 3 replies were
made
| > on
| > | > the
| > | > | > same
| > | > | > | > | > day).
| > | > | > | > | > The previous training given by you - to me - suggested
| > that
| > an
| > | > IP
| > | > | > | > address
| > | > | > | > | > may be used to identify a particular poster. Others
| > posting
| > | > here
| > | > | > *do*
| > | > | > | > | > maintain the same IP address. Will you, please, explain
| > why
| > | > yours
| > | > | > | > changes?
| > | > | > | > | >
| > | > | > | > | > An additional query. On a separate newsgroup, on a
private
| > | > server,
| > | > | > the
| > | > | > | > IP
| > | > | > | > | > address of a poster is shown as 127.0.0.1, viz:-
| > | > | > | > | >
| > | > | > | > | > X-Trace: dogagent.com 1185373384 26976 127.0.0.1 (25 Jul
| > 2007
| > | > | > 14:23:04
| > | > | > | > | > GMT)
| > | > | > | > | >
| > | > | > | > | > I'd be grateful if you, or anyone else knowledgeable on
| > such
| > | > | > matters,
| > | > | > | > | > would
| > | > | > | > | > comment on this. Thank you.
| > | > | > | > | >
| > | > | > | > | > David
| > | > | > | > | >
| > | > | > | > | > ***************************************
| > | > | > | > | >
| > | > | > | > | >
| > | > | > | > | > "Peter Foldes" <okf22@hotmail.com> wrote in message
| > | > | > | > | > news:%23e7LSG$zHHA.5152@TK2MSFTNGP02.phx.gbl...
| > | > | > | > | > multiposted not crossposted. Even worse
| > | > | > | > | >
| > | > | > | > | >
| > | > | > | > | >
http://www.blakjak.demon.co.uk/mul_crss.htm
| > | > | > | > | > --
| > | > | > | > | > Peter
| > | > | > | > | >
| > | > | > | > | > Please Reply to Newsgroup for the benefit of others
| > | > | > | > | > Requests for assistance by email can not and will not be
| > | > | > acknowledged.
| > | > | > | > | >
| > | > | > | > | > "BoaterDave" <BoaterDave@nospam.invalid> wrote in
message
| > | > | > | > | > news:uRDXih8zHHA.4004@TK2MSFTNGP05.phx.gbl...
| > | > | > | > | >> Forgive the cross-post but, on reflection, I felt this
| > might
| > | > be
| > | > a
| > | > | > | > more
| > | > | > | > | >> appropriate place to ask this question!
| > | > | > | > | >>
| > | > | > | > | >> Hi - just wondering is any of the gurus here have tried
| > it
| > | > and
| > | > | > might
| > | > | > | > wish
| > | > | > | > | >> to
| > | > | > | > | >> comment: See:
http://www.nanoscan.com/
| > | > | > | > | >>
| > | > | > | > | >> David
| > | > | > | > | >>
| > | > | > | > | >>
| > | > | > | > | >
| > | > | > | > | >
| > | > | > | > |
| > | > | > | > |
| > | > | > | >
| > | > | > | >
| > | > | > |
| > | > | > |
| > | > | >
| > | > | >
| > | > |
| > | > |
| > | >
| > | >
| > |
| > |
| > |
| >
| >
|
|