Author Topic: PeeCee security question.... (Read 2654 times)

Al · « **on:** April 13, 2003, 06:48:00 PM »

For you dark side users, I have a problem for you.

I know there are other forums out there for PC's, but since I am most comfortable here, I will try here first.

This is regarding my in-laws Compaq Preesario 5714 running Win98 2nd ed.

I made a check of their ports on GRC.com beecause they just got DSL and found out that this computer has a mojor security problem. GRC states that it can make contact with this unit via port 139 (NetBIOS). It shows that port is wide open. GRC suggests that I unbind anything of the NetBIOS from TCP/IP, so I went to the network CP and am not able to uncheck that option (option greyed out).

I see that there is something called ICM Server that was running, but I shut that down, still can't get the option to be available.

What else can I do to get this option opened up? Or close off the port?

Also, would a firewall take care of this open port? I am thinking of installing ZoneAlarm.

TIA
Al

[ 04-13-2003, 07:50 PM: Message edited by: Al ]

Bernie · « **Reply #1 on:** April 13, 2003, 07:08:00 PM »

Hi Al I'm using Zone Alarm on my Athlon 1.2 Ghz Running XP Pro. Works great. Makes me feel very safe.
http://www.zonelabs.com/store/content/home.jsp
Look for the free trial
ZoneAlarm® free download

[ 04-13-2003, 08:09 PM: Message edited by: Bernie ]

tacit · « **Reply #2 on:** April 13, 2003, 07:31:00 PM »

I strongly, strongly suggest you buy a router.

Just closing the NetBIOS port will not secure that PC. Windows 98 has many major security holes; gaining access to a Win98 system on a broadband line is often about as challenging as going big-game hunting at a zoo.

A router will act as a hardware firewall, elimination almost all of your security problems (save those you create yourself, like infecting the computer with a virus).

Furthermore, make sure you run Windows Update regularly. Install all critical updates, and install the optional Critical Update Notification as well (which will alert you whenever Microsoft distributes a new security fix).

Diana · « **Reply #3 on:** April 13, 2003, 07:34:00 PM »

Hi Al,

Yes, what Bernie said. Zone Alarm is great...the free version is all they'll need.

But, when you have time, read the instructions at GRC again. He has a whole section devoted to unbinding the NetBios and windows file/printer sharing from the TCP/IP protocol. It takes more than just unchecking a box. Many years ago, I printed out Steve Gibson's instructions and they were several pages long. I promise though, if you start at the beginning, follow it step by step, it isn't hard. Once you've done it, it will make sense too. On Win98, unbinding EVERYTHING from the TCP/IP protocol doesn't prevent file/printer sharing if you bind those services to another protocol. If they don't have multiple machines they need to share, then close them up tight. They'll be much, much safer for it.

Oh...and do like yesterday...it doesn't take long for the scanners to find such wonderful opportunities.

I get to be paranoid about this one...I've been there.

And then install Zone Alarm anyway..

see ya,

Bernie · « **Reply #4 on:** April 13, 2003, 09:32:00 PM »

I thought you had a Router Al ? Hmm.

Bernie · « **Reply #5 on:** April 13, 2003, 09:39:00 PM »

If it's not on fire, it's a software issue.
LOL u makum me laughum! Diana

kbeartx · « **Reply #6 on:** April 13, 2003, 09:49:00 PM »

quote:
Originally posted by tacit:
I strongly, strongly suggest you buy a router.

A router will act as a hardware firewall, elimination almost all of your security problems (save those you create yourself, like infecting the computer with a virus).

Last I looked, it was possible to buy a router for as little as $30 (with rebates). Even if you don't need the routing functionality at this time (with only a single computer), it seems like pretty inexpensive peace o' mind for the hardware firewall, IMO.

I use a LinkSys router to share my RoadRunner cable internet, and when I tested my G3 and my AMD at GRC, it reported them both in 'full stealth mode'.

- kbeartx

[ 04-13-2003, 11:01 PM: Message edited by: kbeartx ]

Al · « **Reply #7 on:** April 13, 2003, 11:20:00 PM »

Hey thanks everyone....

This evening I installed the free version of ZoneAlarm and now GRC says that their Compaq is in full stealth mode.... Still, I will have to go back their next week for Easter, at that time I will try to unbind the NetBIOS from TCP/IP again. This week, I will go back to GRC and reread the instructions for that process and take that knowledge back over there.

Tacit, I agree with you that the best thing they should do is get a router. Thou, with the trouble they have had in the past and there lack of computer knowledge I am not certain they will go for that, but, I will give it a try and ask them to get one. Also, next week, I will go back to MS and see what updates they have not installed and do it for them.

Diane, yup, they had file sharing and printer sharing tied to TCP/IP as well, I shut those down and got a better report at GRC, but still port 139 was wide open and needs to be delt with.

Bernie, yes, I do have a router for MY Macs. But, my in-laws PC is a different story....

Hmmm, rereading my initial post I see that their keyboard has a bad time with the letter "E"... Wad up wit dat!?!

Dreambird · « **Reply #8 on:** April 14, 2003, 01:00:00 AM »

Al... I use ZoneAlarm, the free version on my Win98se as well, and find that it makes all the ports on the GRC site come up in Stealth Mode.

Definately don't have file and printer sharing on unless they need it for something.

My Win98se isn't exactly a "factory" installation either though... I've removed about 99% of IE from using a third party utility "98Lite".

News:

Author Topic: PeeCee security question.... (Read 2654 times)