If this is your first visit, be sure to check out the FAQ by clicking the link above. You may have to register before you can post: click the register link above to proceed. To start viewing messages, select the forum that you want to visit from the selection below. |
|
|
Thread Tools | Display Modes |
#16
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
Andy,
What does the -b parameter do? I couldn't find it, and when I included it, I got the help legend. After looking at the legend, I did this... c:\netstat -na netstat.txt Did you mean to use another pararmeter and if so, what is the command What is this for? c:\more netstat.txt Just trying to learn... thanks in advance, dc "Andy Walker" wrote in message ... Cyberiade.it Anonymous Remailer wrote: Use a software firewall that shows you the current connections and level of traffic. Comodo has a good firewall for free. Or, you could simply run some simple DOS commands to determine what program(s) are using external connections. c:\netstat -nab netstat.txt c:\more netstat.txt Look for established connections using foreign addresses other than 127.x.x.x. You should be able to determine what port and what process is communicating, as well as the external IP address. To check the external IP address go to http://www.dnsstuff.com and enter it into the "IP Information" box. |
Ads |
#17
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
-- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "BoaterDave" wrote in message ... Hi Doc I've been led to believe that, just like one should only ever have a single active antivirus programme, one should only have a single software firewall operative. In other words, disable MS Windows firewall if you are using Zone Alarm. HTH David __________________________________________________ ____________________________________________ "Doc" wrote in message ups.com... I'm using WinXP Media Center, the last few days I've noticed that there's some kind of d/l actitivity showing even when I'm doing nothing online even with the Windows firewall up as well as ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I don't have Windows update on automatic. I ran AdAware with the latest definitions but it's still doing it. Thanks. |
#18
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
"John John" wrote in message
... Kerry Brown wrote: "John John" wrote in message ... Kayman wrote: and scroll down to: Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe. That article itself is baloney. It is true that any malware can circumvent a firewall's outbound protection but it is also true that a lot of malware is detected by firewall outbound monitoring. The outbound monitoring also alerts you when otherwise legitimate software is trying to call home. Perhaps you like it better when things like Media player call home without your knowledge, a pesky annoyance that you should be aware of things like that. The article states: "Speaking of host firewalls, why is there so much noise about outbound filtering? Think for a moment about how ordinary users would interact with a piece of software that bugged them every time a program on their computer wanted to communicate with the Internet..." What a pile of baloney!" Firewall have rules, it appears no one at Microsoft knows this, which isn't really surprising to tell you the truth. Microsoft's logic is that "you don't need seat belts if you have airbags". And you don't need to know what it is that things like Media Player doing. Baloney indeed! There is no way a software firewall can guarantee it will stop outbound traffic on the computer it is running on regardless of the OS. Software firewalls can be useful for stopping programs communicating outbound through normal channels. That's it, period. The fact that some firewalls notify you about malware communicating out is a function of how poorly the malware is programmed not the firewall. Intel motherboards can communicate though the onboard NICs at the BIOS level with no OS present. Rootkits can easily modify all traffic going through any NIC in the computer. Malware running in Windows can easily corrupt traffic from legitimate programs. Malware can even create it's own TCP/IP stack and bypass Windows (or other OS') networking stack altogether. Virtual server software is capable of spoofing a MAC and getting multiple IP addresses for one NIC from a DHCP server. What makes you think malware can't do the same type of thing? All that you say is true and I never said or argued otherwise. But software firewalls that monitor outbound connections can be useful and can help to keep some applications in check, just because the Microsoft firewall can't do it doesn't mean that all others are not good. You said that this: "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe." was baloney. It is not. You are talking about privacy not safety. Software firewalls do nothing to improve your safety. They may actually decrease your safety by giving you a false sense of security. They can as you say be used to protect your privacy. You went on to say this: "Firewall have rules, it appears no one at Microsoft knows this" which is also false. All of the firewalls in Microsoft OS' use rules. Some of them don't monitor outgoing traffic but they all use rules. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca |
#19
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
On Jul 28, 12:51 pm, Doc wrote:
I'm using WinXP Media Center, the last few days I've noticed that there's some kind of d/l actitivity showing even when I'm doing nothing online even with the Windows firewall up as well as ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I don't have Windows update on automatic. I ran AdAware with the latest definitions but it's still doing it. Thanks. A long shot: A couple of months back, I had downloaded and installed a free "flash video player" that was seen on Firefox. The same day, I found that my Internet account had been drained out, because some 2GB was "downloaded" in the matter of a few hours, although I had shut down the program after using it for just a few minutes. I could not locate any downloaded files even in the "Temporary Internet Files" folder to account for that size, and my hard disk space was not decreased. Apparently, the program continued to run in the background even after I shut it off. When I opened the "Local Area Connection Status" by clicking on the double-computer icon in system tray area, I saw that heavy downloading was gong on. I am not absolutely sure that the Flash Video Player was the culprit, but I after I uninstalled the program, the unknown internet activity also stopped. I suggest that you check for something similar on your computer. |
#20
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
Had you intended to comment, Peter?
Nothing seen here. BD ****************************** "Peter Foldes" wrote in message ... -- Peter Please Reply to Newsgroup for the benefit of others Requests for assistance by email can not and will not be acknowledged. "BoaterDave" wrote in message ... Hi Doc I've been led to believe that, just like one should only ever have a single active antivirus programme, one should only have a single software firewall operative. In other words, disable MS Windows firewall if you are using Zone Alarm. HTH David __________________________________________________ ____________________________________________ "Doc" wrote in message ups.com... I'm using WinXP Media Center, the last few days I've noticed that there's some kind of d/l actitivity showing even when I'm doing nothing online even with the Windows firewall up as well as ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I don't have Windows update on automatic. I ran AdAware with the latest definitions but it's still doing it. Thanks. |
#21
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Kayman wrote:
"John John" wrote in message It's a pc, apply your own logic (utilise sensible apps.); So take ownership, do some research, do not consult advertisement-driven publications and be responsible - *you* are in charge! If you don't like pc go for available alternatives. Regardless of what you might think I am no slouch at computers and I don't use Adware! Did you know that some of the new Sysinternal (Microsoft) utilities call home without your knowledge? Did you know that these Sysinternal utilities do not tell you that they call home and that they provide no inbuilt mechanism to stop this behaviour? Do you agree that those applications, amongst others, should be calling home without the user's knowledge? Do you agree that users should have no easy method to detect and stop these unwanted connections? By the contents of your posts I would say obviously not! There are many other legitimate applications that call home for no valid reasons, when you install these application they don't always tell you that they will be calling home and they don't always make it easy to find that out or to disable "call home" features. I am sure you didn't know of the Sysinternal utilities calling home and I am sure that you are not in charge of your computer as much as you thing that you are! But then you don't think that users should have a way of being made aware or of stopping those outbound connections so who cares about "being in charge" of their computers? M/S firewall *can't* do (but they could) because it's recognised to be waste of resources and time. And yes, PFW's are IMO of no value whatsoever; I know because I operate without these apps. John John, don't get blinded by all the marketing hype Marketing hype? It appears that you are the one blinded by marketing hype! Microsoft marketing hype! The misinformation published in one of the Microsoft articles provided by another poster makes it clear that Microsoft and its shills are on a mission to discredit all firewalls that monitor outbound connections and to insist that the Microsoft firewall is somehow or other superior to all others. Quite amusing when it's coming from an outfit that until a few years ago didn't even know what a firewall was! As for your comments of "waste of resources" it is laughable to say the least. It this day and age of fast processors and large amounts of RAM this is a non issue. Also, the firewall will be using resources just to do its basic job of keeping intruder out, the little extra needed to monitor outbound connections is negligible. Lets get one thing perfectly clear here, I am not claiming, nor have I ever claimed that outbound connection monitoring was an effective method of dealing with all sorts of malware. I am simply saying that outbound monitoring is a useful tool that can alert you to some not so clever malware trying to call home and that it can alert you that something like your printer software, or Microsoft components might be trying to access the internet for no good reason at all. But then it appears that you think that users shouldn't know that these things are calling home. Neither you, nor Microsoft, nor anyone else will ever convince me that outbound connection monitoring is not a useful feature. Period! John |
#22
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Kerry Brown wrote:
You said that this: "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe." was baloney. I never said that and don't attribute things that I have not said to me! Reread my post! I quoted this from the article: "Speaking of host firewalls, why is there so much noise about outbound filtering? Think for a moment about how ordinary users would interact with a piece of software that bugged them every time a program on their computer wanted to communicate with the Internet..." And I said that (quoted material) was baloney! A firewall monitoring outbound connections will ask you if you want to permanently allow or disallow the connection, you will not be "...bugged them every time a program on their computer wanted to communicate with the Internet...". That is false information in the article, and for some reason or other and for sometime now Microsoft has been trying to discredit *all* firewalls except its own. What is it that Microsoft is hiding? Why are they so adamant that users not be aware of outgoing connections on their computers? John |
#23
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
Which Sysinternals apps call home?
-- Gary S. Terhune MS-MVP Shell/User www.grystmill.com "John John" wrote in message ... Kayman wrote: "John John" wrote in message It's a pc, apply your own logic (utilise sensible apps.); So take ownership, do some research, do not consult advertisement-driven publications and be responsible - *you* are in charge! If you don't like pc go for available alternatives. Regardless of what you might think I am no slouch at computers and I don't use Adware! Did you know that some of the new Sysinternal (Microsoft) utilities call home without your knowledge? Did you know that these Sysinternal utilities do not tell you that they call home and that they provide no inbuilt mechanism to stop this behaviour? Do you agree that those applications, amongst others, should be calling home without the user's knowledge? Do you agree that users should have no easy method to detect and stop these unwanted connections? By the contents of your posts I would say obviously not! There are many other legitimate applications that call home for no valid reasons, when you install these application they don't always tell you that they will be calling home and they don't always make it easy to find that out or to disable "call home" features. I am sure you didn't know of the Sysinternal utilities calling home and I am sure that you are not in charge of your computer as much as you thing that you are! But then you don't think that users should have a way of being made aware or of stopping those outbound connections so who cares about "being in charge" of their computers? M/S firewall *can't* do (but they could) because it's recognised to be waste of resources and time. And yes, PFW's are IMO of no value whatsoever; I know because I operate without these apps. John John, don't get blinded by all the marketing hype Marketing hype? It appears that you are the one blinded by marketing hype! Microsoft marketing hype! The misinformation published in one of the Microsoft articles provided by another poster makes it clear that Microsoft and its shills are on a mission to discredit all firewalls that monitor outbound connections and to insist that the Microsoft firewall is somehow or other superior to all others. Quite amusing when it's coming from an outfit that until a few years ago didn't even know what a firewall was! As for your comments of "waste of resources" it is laughable to say the least. It this day and age of fast processors and large amounts of RAM this is a non issue. Also, the firewall will be using resources just to do its basic job of keeping intruder out, the little extra needed to monitor outbound connections is negligible. Lets get one thing perfectly clear here, I am not claiming, nor have I ever claimed that outbound connection monitoring was an effective method of dealing with all sorts of malware. I am simply saying that outbound monitoring is a useful tool that can alert you to some not so clever malware trying to call home and that it can alert you that something like your printer software, or Microsoft components might be trying to access the internet for no good reason at all. But then it appears that you think that users shouldn't know that these things are calling home. Neither you, nor Microsoft, nor anyone else will ever convince me that outbound connection monitoring is not a useful feature. Period! John |
#24
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
"John John" wrote in message
... Kerry Brown wrote: You said that this: "Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe." was baloney. I never said that and don't attribute things that I have not said to me! Reread my post! I quoted this from the article: "Speaking of host firewalls, why is there so much noise about outbound filtering? Think for a moment about how ordinary users would interact with a piece of software that bugged them every time a program on their computer wanted to communicate with the Internet..." And I said that (quoted material) was baloney! A firewall monitoring outbound connections will ask you if you want to permanently allow or disallow the connection, you will not be "...bugged them every time a program on their computer wanted to communicate with the Internet...". That is false information in the article, and for some reason or other and for sometime now Microsoft has been trying to discredit *all* firewalls except its own. What is it that Microsoft is hiding? Why are they so adamant that users not be aware of outgoing connections on their computers? That may have been what you intended to say but here is the the relevant snippet from your post: -------------------------------------- " and scroll down to: Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe. That article itself is baloney. It is true that any malware can circumvent a firewall's outbound protection but it is also true that a lot of malware is detected by firewall outbound monitoring. The outbound monitoring also alerts you when otherwise legitimate software is trying to call home. Perhaps you like it better when things like Media player call home without your knowledge, a pesky annoyance that you should be aware of things like that." ----------------------------------------- It sure sounds to me like you are calling the whole article baloney. I don't presume to speak for Microsoft but personally I'm not hiding anything. Software firewalls are a useful part of a layered security setup. They can't be relied upon to protect you from malicious outbound traffic. Anybody who says they can and tries to sell this to you is deceiving you. They are selling snake oil. Software firewalls became popular because the current versions of Windows at the time didn't have any firewall. When XP came out with a firewall the vendors realized that they had to give people a reason to keep buying their product. This is when they started pushing the outbound monitoring features. Software firewalls can, and most do, give you a level of protection against inbound attacks from unsolicited traffic. That is all they are good for as a defense against malware. Even that can't be relied on if something does get inside the security perimeter. Once your security has been breached you can no longer trust anything running on the computer. Monitoring outbound traffic does have it's uses. One is as you say to stop legitimate programs from making outbound connections that you don't want. I don't know why Microsoft didn't include outbound monitoring in the XP firewall. Personally I don't care as I believe it to be of limited use anyway. Outbound monitoring is included in the Vista firewall and many other Microsoft products like ISA server. This is obviously something I'm passionate about :-) Don't take it as personal attack. Whenever I see a post espousing the usefulness of software firewalls I am compelled to point out the fallacy of this approach to security. -- Kerry Brown Microsoft MVP - Shell/User http://www.vistahelp.ca |
#25
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
dc wrote:
Andy, What does the -b parameter do? Here is the help description from netstat: -b Displays the executable involved in creating each connection or listening port. In some cases well-known executables host multiple independent components, and in these cases the sequence of components involved in creating the connection or listening port is displayed. In this case the executable name is in [] at the bottom, on top is the component it called, and so forth until TCP/IP was reached. Note that this option can be time-consuming and will fail unless you have sufficient You can use an alternative method through the use of the -o switch. -o Displays the owning process ID associated with each connection. In order to determine the process name you can run task manger (ctrl-alt-del), select view/select columns and add Process Identifier. This will allow you to match the process ID output from the netstat command with a process name. I couldn't find it, and when I included it, I got the help legend. Older versions of the netstat command did not include the -b switch. After looking at the legend, I did this... c:\netstat -na netstat.txt Did you mean to use another pararmeter and if so, what is the command See the -o info above. What is this for? c:\more netstat.txt It is the "more" command used to read the file "netstat.txt" created when you used the "" pipe command. Using more allows you to see the entire file one page at a time. You could also use a text reader like notepad or to stay in the DOS window try "edit netstat.txt". |
#26
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Click on the help menu and you will find out.
John Gary S. Terhune wrote: Which Sysinternals apps call home? |
#27
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Straight Talk wrote:
Did you know that these Sysinternal utilities do not tell you that they call home and that they provide no inbuilt mechanism to stop this behaviour? Wrong. If you know how to internally stop the Sysinternal Help utilities from calling home please post your findings here. I would also like to hear your advice and solutions as to port monitoring and outbound traffic in general on Windows operating systems. Should users follow your advice and ignore all outbound traffic? Should outbound traffic be allowed to outside networks or should it be limited to the local network? John |
#28
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
"John John" wrote in message
It's a pc, apply your own logic (utilise sensible apps.); So take ownership, do some research, do not consult advertisement-driven publications and be responsible - *you* are in charge! If you don't like pc go for available alternatives. Regardless of what you might think I am no slouch at computers and I don't use Adware! Never thought you were incompetent. I just provided useful information for you kind consideration. (Did you know that some of the new Sysinternal Microsoft) utilities call home without your knowledge? Really. Did you know that these Sysinternal utilities do not tell you that they call home and that they provide no inbuilt mechanism to stop this behaviour? Really. Do you agree that those applications, amongst others, should be calling home without the user's knowledge? The ones I use don't call. If I'd feel comfortable with an apps. I wouldn't mind. Do you agree that users should have no easy method to detect and stop these unwanted connections? Define unwanted; Only install apps. you are comfortable with. By the contents of your posts I would say obviously not! Far from it, that's what you're assuming, that's it. Read on the line, not in between. There are many other legitimate applications that call home for no valid reasons, when you install these application they don't always tell you that they will be calling home and they don't always make it easy to find that out or to disable "call home" features. I know, but then again I don't download junk - not even legitimate junk. But wouldn't mind a 'home call' from an apps. I am comfortable with. I am sure you didn't know of the Sysinternal utilities calling home... Which Sysinternals apps. call home? ...and I am sure that you are not in charge of your computer as much as you thing that you are! Assumptions. But then you don't think that users should have a way of being made aware or of stopping those outbound connections so who cares about "being in charge" of their computers? Naw, you don't know what I am thinking, never mind about that. M/S firewall *can't* do (but they could) because it's recognised to be waste of resources and time. And yes, PFW's are IMO of no value whatsoever; I know because I operate without these apps. John John, don't get blinded by all the marketing hype Marketing hype? It appears that you are the one blinded by marketing hype! Microsoft marketing hype! If you are not comfortable with this apps. then uninstall and go for an alternative. The misinformation published in one of the Microsoft articles provided by another poster makes it clear that Microsoft and its shills are on a mission to discredit all firewalls... It explains how things are in reality. The write-ups are educational and non-binding. The authors have considerable credentials. Where are yours? And where are the representatives with their credentials of PFW's refuting the published arguments? Are you one of them? ...that monitor outbound connections and to insist that the Microsoft firewall is somehow or other superior to all others. They don't claim superiority, just reality. Quite amusing when it's coming from an outfit that until a few years ago didn't even know what a firewall was! You do underestimate M/S. (Or is it sarcasm?). As for your comments of "waste of resources" it is laughable to say the least. It this day and age of fast processors and large amounts of RAM this is a non issue. A waste of resources in terms of manpower, spending time on an useless (outbound filtering)feature. (Sorry for confusion). Also, the firewall will be using resources just to do its basic job of keeping intruder out, the little extra needed to monitor outbound connections is negligible. Lets get one thing perfectly clear here, I am not claiming, nor have I ever claimed that outbound connection monitoring was an effective method of dealing with all sorts of malware. I am simply saying that outbound monitoring is a useful tool that can alert you to some not so clever malware trying to call home and that it can alert you that something like your printer software, or Microsoft components might be trying to access the internet for no good reason at all. But then it appears that you think that users shouldn't know that these things are calling home. Neither you, nor Microsoft, nor anyone else will ever convince me that outbound connection monitoring is not a useful feature. Period! Alright then; Good luck |
#29
|
|||
|
|||
Unknown download activity in background - how to determine what it is?
What "help menu"? Hey, I just asked a question and I really want to know the
answer. Which Sysinternal apps call home? I presume you know of at least some, or you wouldn't have made that statement. -- Gary S. Terhune MS-MVP Shell/User www.grystmill.com "John John" wrote in message ... Click on the help menu and you will find out. John Gary S. Terhune wrote: Which Sysinternals apps call home? |
#30
|
|||
|
|||
Unknown download activity in background - how to determine whatit is?
Preocess Explorer and Autoruns are two that do.
John Gary S. Terhune wrote: What "help menu"? Hey, I just asked a question and I really want to know the answer. Which Sysinternal apps call home? I presume you know of at least some, or you wouldn't have made that statement. |
Thread Tools | |
Display Modes | |
|
|