Unknown download activity in background - how to determine what it is?

I'm using WinXP Media Center, the last few days I've noticed that
there's some kind of d/l actitivity showing even when I'm doing
nothing online even with the Windows firewall up as well as
ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I
don't have Windows update on automatic. I ran AdAware with the latest
definitions but it's still doing it.

Thanks.

"Doc" wrote in message
ups.com...
I'm using WinXP Media Center, the last few days I've noticed that
there's some kind of d/l actitivity showing even when I'm doing
nothing online even with the Windows firewall up as well as
ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I
don't have Windows update on automatic. I ran AdAware with the latest
definitions but it's still doing it.

Use a software firewall that shows you the current connections and level
of traffic. Comodo has a good firewall for free.

Vanguard wrote:

Use a software firewall that shows you the current connections and level
of traffic. Comodo has a good firewall for free.



I'm not sure that will show the poster what they want to know. It will
only confirm what they already know surely.

John.

"John" wrote in message ...

Vanguard wrote:

Use a software firewall that shows you the current connections and
level of traffic. Comodo has a good firewall for free.

I'm not sure that will show the poster what they want to know. It will
only confirm what they already know surely.

Mine shows which which process (by applications) is using what port and
to where it connects and on what port along with how many bytes came in
or went out. Seems what the OP wants to know.

I'm using the Comodo firewall (free) right now. As I recall when using
the Sygate Pro firewall, it also had decent logging.

Vanguard wrote:

Mine shows which which process (by applications) is using what port and
to where it connects and on what port along with how many bytes came in
or went out. Seems what the OP wants to know.

I'm using the Comodo firewall (free) right now. As I recall when using
the Sygate Pro firewall, it also had decent logging.



That's nice to know, thanks.

John.

Surely Zone Alarm should tell you that, doesn't it? Reset all your ZA
rules to allow nothing and start reapplying the rules as asked when
applications want to establish connections.

John

Doc wrote:

I'm using WinXP Media Center, the last few days I've noticed that
there's some kind of d/l actitivity showing even when I'm doing
nothing online even with the Windows firewall up as well as
ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I
don't have Windows update on automatic. I ran AdAware with the latest
definitions but it's still doing it.

Thanks.

Hi Doc

I've been led to believe that, just like one should only ever have a single
active antivirus programme, one should only have a single software firewall
operative. In other words, disable MS Windows firewall if you are using Zone
Alarm.

HTH

David

__________________________________________________ ____________________________________________
"Doc" wrote in message
ups.com...
I'm using WinXP Media Center, the last few days I've noticed that
there's some kind of d/l actitivity showing even when I'm doing
nothing online even with the Windows firewall up as well as
ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I
don't have Windows update on automatic. I ran AdAware with the latest
definitions but it's still doing it.

Thanks.

Could it be Media Center updating your EPG?
If you go to task manager you should be able to see what programs are
consuming CPU power when the downloading occurs.
"BoaterDave" wrote in message
...
Hi Doc

I've been led to believe that, just like one should only ever have a
single active antivirus programme, one should only have a single software
firewall operative. In other words, disable MS Windows firewall if you are
using Zone Alarm.

HTH

David

__________________________________________________ ____________________________________________
"Doc" wrote in message
ups.com...
I'm using WinXP Media Center, the last few days I've noticed that
there's some kind of d/l actitivity showing even when I'm doing
nothing online even with the Windows firewall up as well as
ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I
don't have Windows update on automatic. I ran AdAware with the latest
definitions but it's still doing it.

Thanks.

Cyberiade.it Anonymous Remailer wrote:

Use a software firewall that shows you the current connections and
level of traffic. Comodo has a good firewall for free.

Or, you could simply run some simple DOS commands to determine what
program(s) are using external connections.

c:\netstat -nab netstat.txt
c:\more netstat.txt

Look for established connections using foreign addresses other than
127.x.x.x. You should be able to determine what port and what process
is communicating, as well as the external IP address.

To check the external IP address go to http://www.dnsstuff.com and
enter it into the "IP Information" box.

"Andy Walker" wrote in message ...

Or, you could simply run some simple DOS commands to determine what
program(s) are using external connections.

c:\netstat -nab netstat.txt
c:\more netstat.txt

Look for established connections using foreign addresses other than
127.x.x.x. You should be able to determine what port and what process
is communicating, as well as the external IP address.

To check the external IP address go to http://www.dnsstuff.com and
enter it into the "IP Information" box.


I couldn't remember the 'netstat' command. I kept thinking 'net' but
that doesn't list the current port usage. Thanks for the reminder. One
of these, it'll find some better brain cells to stick to.

"BoaterDave" wrote in message
...
Hi Doc

I've been led to believe that, just like one should only ever have a
single active antivirus programme,
One should only ever have a single *real- time* AV program, if you wish you
can have several *on-demand* AV apps.
one should only have a single software firewall operative. In other
words, disable MS Windows firewall if you are using Zone Alarm.

Uninstalling ZA would be an even better solution. It's Phoney-Baloney ware;
It gives you a false sense of security.
Go to:
http://www.microsoft.com/technet/tec...s/default.aspx
and scroll down to:
Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

Then read this:
("...the typical form of outbound protection in client firewalls is just
security theater.)
http://www.microsoft.com/technet/tec...l/default.aspx

And this:
http://www.samspade.org/d/firewalls.html

Read and impelement this:
http://www.ntsvcfg.de/ntsvcfg_eng.html
http://www.dingens.org/index.html.en

And consider implemening Hardening your OS:
http://www.5starsupport.com/tutorial...ng-windows.htm

Good luck

Kayman wrote:


and scroll down to:
Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

That article itself is baloney. It is true that any malware can
circumvent a firewall's outbound protection but it is also true that a
lot of malware is detected by firewall outbound monitoring. The
outbound monitoring also alerts you when otherwise legitimate software
is trying to call home. Perhaps you like it better when things like
Media player call home without your knowledge, a pesky annoyance that
you should be aware of things like that.

The article states:

"Speaking of host firewalls, why is there so much noise about outbound
filtering? Think for a moment about how ordinary users would interact
with a piece of software that bugged them every time a program on their
computer wanted to communicate with the Internet..." What a pile of
baloney!"

Firewall have rules, it appears no one at Microsoft knows this, which
isn't really surprising to tell you the truth. Microsoft's logic is
that "you don't need seat belts if you have airbags". And you don't
need to know what it is that things like Media Player doing. Baloney
indeed!

John

"John John" wrote in message
...
Kayman wrote:


and scroll down to:
Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

That article itself is baloney. It is true that any malware can
circumvent a firewall's outbound protection but it is also true that a lot
of malware is detected by firewall outbound monitoring. The outbound
monitoring also alerts you when otherwise legitimate software is trying to
call home. Perhaps you like it better when things like Media player call
home without your knowledge, a pesky annoyance that you should be aware of
things like that.

The article states:

"Speaking of host firewalls, why is there so much noise about outbound
filtering? Think for a moment about how ordinary users would interact with
a piece of software that bugged them every time a program on their
computer wanted to communicate with the Internet..." What a pile of
baloney!"

Firewall have rules, it appears no one at Microsoft knows this, which
isn't really surprising to tell you the truth. Microsoft's logic is that
"you don't need seat belts if you have airbags". And you don't need to
know what it is that things like Media Player doing. Baloney indeed!



There is no way a software firewall can guarantee it will stop outbound
traffic on the computer it is running on regardless of the OS. Software
firewalls can be useful for stopping programs communicating outbound through
normal channels. That's it, period. The fact that some firewalls notify you
about malware communicating out is a function of how poorly the malware is
programmed not the firewall. Intel motherboards can communicate though the
onboard NICs at the BIOS level with no OS present. Rootkits can easily
modify all traffic going through any NIC in the computer. Malware running in
Windows can easily corrupt traffic from legitimate programs. Malware can
even create it's own TCP/IP stack and bypass Windows (or other OS')
networking stack altogether. Virtual server software is capable of spoofing
a MAC and getting multiple IP addresses for one NIC from a DHCP server. What
makes you think malware can't do the same type of thing?

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca

Kerry Brown wrote:

"John John" wrote in message
...

Kayman wrote:


and scroll down to:
Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.


That article itself is baloney. It is true that any malware can
circumvent a firewall's outbound protection but it is also true that a
lot of malware is detected by firewall outbound monitoring. The
outbound monitoring also alerts you when otherwise legitimate software
is trying to call home. Perhaps you like it better when things like
Media player call home without your knowledge, a pesky annoyance that
you should be aware of things like that.

The article states:

"Speaking of host firewalls, why is there so much noise about outbound
filtering? Think for a moment about how ordinary users would interact
with a piece of software that bugged them every time a program on
their computer wanted to communicate with the Internet..." What a
pile of baloney!"

Firewall have rules, it appears no one at Microsoft knows this, which
isn't really surprising to tell you the truth. Microsoft's logic is
that "you don't need seat belts if you have airbags". And you don't
need to know what it is that things like Media Player doing. Baloney
indeed!



There is no way a software firewall can guarantee it will stop outbound
traffic on the computer it is running on regardless of the OS. Software
firewalls can be useful for stopping programs communicating outbound
through normal channels. That's it, period. The fact that some firewalls
notify you about malware communicating out is a function of how poorly
the malware is programmed not the firewall. Intel motherboards can
communicate though the onboard NICs at the BIOS level with no OS
present. Rootkits can easily modify all traffic going through any NIC in
the computer. Malware running in Windows can easily corrupt traffic from
legitimate programs. Malware can even create it's own TCP/IP stack and
bypass Windows (or other OS') networking stack altogether. Virtual
server software is capable of spoofing a MAC and getting multiple IP
addresses for one NIC from a DHCP server. What makes you think malware
can't do the same type of thing?

All that you say is true and I never said or argued otherwise. But
software firewalls that monitor outbound connections can be useful and
can help to keep some applications in check, just because the Microsoft
firewall can't do it doesn't mean that all others are not good.

John

"John John" wrote in message
...
Firewall have rules, it appears no one at Microsoft knows this, which
isn't really surprising to tell you the truth. Microsoft's logic is
that "you don't need seat belts if you have airbags". And you don't
need to know what it is that things like Media Player doing. Baloney
indeed!

It's a pc, apply your own logic (utilise sensible apps.); So take
ownership, do some research, do not consult advertisement-driven
publications and be responsible - *you* are in charge! If you don't like pc
go for available alternatives.

There is no way a software firewall can guarantee it will stop outbound
traffic on the computer it is running on regardless of the OS. Software
firewalls can be useful for stopping programs communicating outbound
through normal channels. That's it, period. The fact that some firewalls
notify you about malware communicating out is a function of how poorly
the malware is programmed not the firewall. Intel motherboards can
communicate though the onboard NICs at the BIOS level with no OS present.
Rootkits can easily modify all traffic going through any NIC in the
computer. Malware running in Windows can easily corrupt traffic from
legitimate programs. Malware can even create it's own TCP/IP stack and
bypass Windows (or other OS') networking stack altogether. Virtual server
software is capable of spoofing a MAC and getting multiple IP addresses
for one NIC from a DHCP server. What makes you think malware can't do the
same type of thing?

All that you say is true and I never said or argued otherwise. But
software firewalls that monitor outbound connections can be useful and can
help to keep some applications in check,

Outbound filtering is useless, the PFW pop-ups just give a warm feeling for
being in control but it's too late already - it's an illusion to belive
otherwise.
just because the Microsoft firewall can't do it doesn't mean that all
others are not good.

M/S firewall *can't* do (but they could) because it's recognised to be waste
of resources and time. And yes, PFW's are IMO of no value whatsoever; I
know because I operate without these apps.
John John, don't get blinded by all the marketing hype