Jump to content

Just Wondering

Members
  • Content Count

    98
  • Joined

  • Last visited

About Just Wondering

  • Rank
    Candidate
  1. Hi I noticed after a browsing session that in 'KIS13 > Reports', a number of malicious URLs had been detected but no indication appeared in the browser or anywhere else during the browsing session. However, when clicking on the highlighted malicious URLs link, it goes through to 'detailed report > detected threats' but the section is blank i.e. no list of detected threats / malicious URLs. Therefore, I'm wondering: 1. should detected URLs be present there - if they are not, fine but if they are, what could be wrong? 2. in 'detailed report > web anti-virus', that is blank as well (apart from an entry re 'task started') - so should something be in there or not as well? anyone any ideas please?
  2. Hi I noticed earlier after a browsing session that in 'KIS13 > Reports', a number of malicious URLs had been detected but no indication appeared during the browsing session. However, when clicking on the highlighted malicious URLs link, it goes through to 'detailed report > detected threats' but the section is blank i.e. no list of detected threats / malicious URLs. Therefore, I'm wondering: 1. should detected URLs be present there - if they are not, fine but if they are, what could be wrong? 2. in 'detailed report > web anti-virus', that is blank as well (apart from an entry re 'task started') - so should something be in there or not as well? anyone any ideas please? Cheers.
  3. Thanks Teranom Baz: I guess it depends upon what you mean by increase your security. If you mean that it won't e.g. strengthen a PC's ability to resist, detect or expunge malware, it could be a fair statement to say security won't be increased. However, what about some benefit of invisibility. RE: "any host must accept an echo-request and issue an echo-reply in return. This has been characterized as a security risk" (on the Wiki link provided by Teranom and if I'm reading it correctly). If this ping return is denied, then presumably the targetted PC would appear invisible to that request i.e. appear as though it's not there; presumably this suggests security by stealth, much as an insect might freeze on the spot or camouflage itself - physical security in terms of e.g. strength is not increased but overall its threat of being detected and devoured is lessened - arguably, its security is increased. Therefore, does not disabling reply to a ping increase security by decreasing risk of being discovered on the internet, even if it doesn't affect Kasp's functioning/security abilities? Furthermore, how would creating a packet rule, regarding ping(s), be carried out, e.g. go to settings > etc? Regards
  4. Hi For the uninitiated like me, just wondering: What is a 'ping'? And as the question above asks, why would you want to block it - what's the advantage/disadvantage? Cheers
  5. Hi If I understand the context of this thread correctly (that the potential for attack exists prior to the K icon appearing in red, as is evidenced in some posts'), I wonder if it just theoretical. I too disable the internet connection (by disabling/enabling local area connection, in the network and sharing Center) prior to shutdown and only re-enable after startup (with red K). However, two vulnerabilities may still exist for users' of our method: First, our method is a software disconnection, which presumably has the potential to be controlled by malware, un-beknown to the user . Presumably, a hard wired disconnecting switch would be more secure, as used by a previous poster who switches off their router to disconnect (sorry, couln't find the poster or #); however, my router doesn't have a switch so I rely on this software method (I don't want to keep un-plugging the ethernet cable or turning the router on/off at the mains - could do of course). Second, what about when e.g. Windows shutsdown and re-starts during some updates requiring re-start. As far as I know, windows needs to be connected to finish off the update procedure. I disconnected once prior to shutdown (when it asks if you want to re-start now or later) and when re-started came back as an update failure (but which completed successfully when left connected). Therefore, the computer is internet enabled/connected during the windows update re-start process. Therefore, the machine could be vulnerable prior to the red K appearing, could it not?
  6. Ah ha, thank you for your reply. I had a look and see a wireless network connection with a red X as part of it, so this makes sense thanks. However, as for the items I've listed under 'open ports' although you suggest they are not cause for concern, what bemuses me is how they can appear as 'open', when the connection is disabled; curious.
  7. Hi In Windows Vista > Network & Sharing Center > Manage Network Connections, I use the ‘Local Area Connection’ to enable/disable my internet connection. When disabled, the Network & Sharing Center shows ‘Not Connected’. I can check the connection is disabled by e.g. trying to update e.g. Windows Vista and/or KIS13; when checking this, both basically say update cannot occur due to no internet connection. These both suggest that there is no internet connection present, as would be expected. However, this is what I find odd. With the ethernet cable connected but the Local Area Connection disabled (and e.g. KIS13 not being able to update) I notice this in KIS13 ‘Network Monitor’. Under the Network Activity tab – this is all blank, as presumably would be expected. However, under the ‘Open Ports’ tab I see this: Kaspersky Internet Security; open: 2 Host Process for Windows Services; open 17 Windows Start-Up Application; open 2 System; open: 2 Services and Controller app; open: 2 Local Security Authority Process; open 2 If I stay on this tab and enable the internet connection (via the Local Area Connection), these numbers fluctuate up and down, then drop back down to these values above when disabling the internet connection again. Therefore, the question is: do these open ports seem appropriate given first, e.g. KIS13 says it’s not connected and second, the connection should supposedly be disabled using the local connection? I also find something else odd. In Vista 'Network and Sharing Center', as soon as I enable the internet connection (using the local area connection), the network shows that it is identifying the network, which turns out to be ‘public’ (as set by me) (No 1 in the screenshot). However, what’s odd is that as soon as the network is identified, a second identifying network appears just below the first entry (No 2 in the screenshot) - appearing for approx 5 seconds. Then as soon as this No 2 is identified as ‘public’, it disappears and is not seen again – just leaving the entry as in No 1. Therefore, does this seem appropriate and could this second invisible entry be related to the open ports even when allegedly disabled? Anyone any ideas please?
  8. To answer my own question, what you say is basically what I thought as well. In addition, your point about other programs being out there as well seems to moot my question; I hadn't thought about the other programs that we won't find out about, so no point in asking about lantern. However, it would be nice to know Kasp's position on customer privacy (re detection) and whether they will add detection signatures (if that's the correct term) to whatever programs etc they find. I did chuckle concerning the post that I might have something to hide (and said program would find that I haven't and I wouldn't even know they new) but I do find it concerning that a security company might allow agencies to snoop unchecked. Allowing snooping pursuant to a court order is quite different from allowing it carte-blanche, which is what security suites seem to be doing.
  9. Oh well, this news piece was written 11 years ago and seems contradictory. Stating that 'what is necessary to realize is that with the appearance of the official ‘Lantern,' virus writers won't wait long to release numerous clones... and that the original trojan could end up in the hands of hackers...', seems to acknowledge the existence of the program; however, stating that 'at this time, Kaspersky Lab has not received any confirmation about Magic Lantern's existence or the FBI's intention to develop such a program... [therefore, viewing] these rumors as they are - just rumors without any basis in fact', seems to contradict said existence. However, what's been happening in the intervening years. Googling magic lantern suggests that the FBI have now admitted its existence, so I wonder if KIS13 detects it or not. If it does, good, if not, why not? How do we find out?
  10. Hi Does anyone know if KIS13 detects Magic Lantern. I seem to recall a few months ago reading an article in the Kasp virus list or encyclopedia I think it was, about lantern but can't recall whether Kasp stated they detect it or not. Anyone know?
  11. Hi Thank you for your timely and informative response; much appreciated. Cheers.
  12. Hi I assume this is not nescessarily a KIS13 issue but I am hoping someone will enlighten me. In network activity, when connecting to a website using a single tab in IE9 (not having multiple tabs open), multiple connections occur (example in screenshot). The number of connections fluctuates up and down depending on activity (I've seen around 15 on occassion), such as surfing around in the website - all entries dissappear if the page is left alone for a short time; in addition, the protocol direction always shows outbound. Therefore, some questions: 1. Is it normal to have so many connections open using one tab on one website? 2. What does 'outbound' in protocol direction refer to? I wondered if it is the direction of data transfer out of my PC, therefore, I tried downloading a large object expecting it to show inbound but it just stayed on outbound. cheers
  13. Hi I've wondered also about the compatability of defender with KIS13 and chose to disable it completely in Services. However, given posts here indicating that defender is not compatable yet no longer appears on the list, I am still confused. Does defender not appearing on the list mean that Kasp are stating as fact that it is not a problem? Moreover, how would one know if a conflict was occurring between KIS13 and defender? Issues could be occurring that are not visible or apparent to the non-expert computer user, thereby giving a false sense of security - literally as well as figuratively. Personally, I will leave it disabled till Kasp state it's not an issue. Cheers.
×
×
  • Create New...

Important Information

We use cookies to make your experience of our websites better. By using and further navigating this website you accept this. Detailed information about the use of cookies on this website is available by clicking on more information.