A new 'Beta' test from Panda

[cquirke (MVP Windows shell/user)]

Re: Calling on a Guru to explain if I'm mistaken!

On Sun, 12 Aug 2007 09:58:03 -0700, MrSlartybartfast

>Yes, creating an image of a hard drive which has malware would include the
>malware in the image. When copying this image back to the hard drive, the
>malware would also be copied back resulting in net gain of zero.

This is why "just backup!" (as glibly stated) is as useless as "just
don't get viruses!" or "if you get infected, clean the virus!" etc.

All of these approaches work, but have complexity within them that
make for YMMV results. The complexity is similar across all three
contexts how one scopes out the bad guys. The mechanics of meeting
that inescapable challenge vary between the three "solutions".

>When I reinstall Windows, I reinstall off the original DVD which has
>no malware, unless you call Windows itself malware

This is using time as the great X-axis, i.e. the OS code base is as
old as possible, therefore excludes the malware. And so, the PC is
known to be clean.

But it also lacks every code patch needed to keep it that way, in the
face of direct exploits a la Lovesan or Sasser etc. and to patch
those, you'd have to expose this unpatched PC to the Internet.

It's also bereft of any applications and data. Presumably once can do
the same with applications and drivers as with the OS install
known-good baseline code from CDs and then patch these online, or
re-download apps and drivers from the 'net.

There's also no data, and another cruch comes here, because you
probably don't want a data set that's certain to be too old to be
infected you want your most recent backup, which is the one most
likely to be malware-tainted. How to scope data from malware?

Even though MS pushes "just" wipe and rebuild as the malware panacea,
they undermine these poiunts of failure:
- they generally don't ship replacement code on CDs or DVDs
- they don't attempt to separate data, code and incoming material

The first has improved, what with XP SP2 being released as a CD, and
with XP SP2 defaulting to firewall on.

There's little or no progess on the second, though still no clearly
visible distinction between data and code, still no type discipline so
malware can sprawl across file types and spoof the user and OS into
trusting these, incoming material is still hidden in mail stores and
mixed with "documents" etc.

In Vista, just what is backed up and what is not is even more opaque,
as there's little or no scoping by location at all.

>If the malware is on drive D:\ then it possibly could be reactivated on to
>drive C:\. You normally need to access the files on D:\ to reactivate the
>malware.

For values of "you" that includes the OS as a player. Even with a
wipe-and-rebuild that ensures no registry pointers to code on D:,
there can still be code autorun from D: via Desktop.ini, \Autorun.inf,
or the exploitation of any internal surfaces.

Such surfaces may present themselves to the material:
- when you do nothing at all, e.g. indexers, thumbnailers etc.
- when you "list" files in "folders"
- when a file name is displayed

>No antivirus is perfect either, antivirus programs can often miss finding
>some malware. I tend to find antivirus programs clunky and annoying and
>prefer not to use them.

I use them, as I think most users do. If you "don't need" an av, then
clearly you have solved the "don't get viruses" problem, and the
contexts of "clean the virus" and "rebuild and restore data" don't
arise. If they do arise, you were wong in thinking "don't get
viruses" was solved, and maybe you should rethink "I don't need an av"
(while I do agree that av will miss things).

Your nice freshly-built PC has no av, or an av installed from CD that
has an update status far worse than whatever was in effect when you
were infected. To update the av, you have to take this clean,
unpatched, un-protected-by-av system online...

>On my D:\ I compress my files individually which makes it hard for malware
>to emerge.

That helps. It also helps in av can traverse this compression for the
on-demand scans you'd want to do between rebuilding C: and installing
and updating av, and doing anythiing on D: or restoring "data".

>It is a painful process and takes a few hours so I do not do this very often.

I should hope not it's "last resort". If you have no confidence in
the ability to detect or avoid malware, do you do this just when
convenient, or whenever you "think you might be infected", or do you
do it every X days so attackers have "only" X days in which they can
harvest whatever they can grab off your PC?

>I do find this much easier than trying to live with an antivirus
>program installed. My choice is not for everyone

It might have been a best-fit in the DOS era, when "don't get viruses"
was as easy as "boot C: before A: and don't run .EXE, .COM and .BAT
files". By now, a single resident av poses little or no system
impact, whereas the wipe-and-rebuild process is a PITA.

Frankly, doing a wipe-and-rebuild every now and then on a PC that's
probably clean anyway, will increase the risks of infection.

Do the maths you either get infected so often that the risks of
falling back to unpatched code hardly makes things worse, in which
case whatever you (blindly) do is equally useless, or your approach
works so well that falling back to unpatched code is your single
biggest risk of infection, and to improve things, you should stop
doing that. If you have no ability to tell whether you are or have
ever been infected, you can't distingusish between these states.

>as I said before I have no valuable information stored on
>my PC, I do not own a credit card and do not use internet
>banking. If I have malware then I can live with it.

Most of us want better results than that, and generally attain them.

Why are we reading this advice again?

>The AUMHA forum you linked to as a recommendation for Nanoscan and Totalscan
>does nothing for me, it is hardly a review. Panda Software is well known, so
>this is not one of the fake virus scans which is on the web. Out of
>curiosity I started to run it anyway, I did not continue since I do not yet
>fully understand the software and am not prepared to install the files on my
>PC. You may use this if you wish but it is not for me.

I agree with you there, especially if you suspect the PC is infected.
How do you know the site you reached, is not a malware look-alike that
resident malware has spoofed you to? Is it really a good idea to...
- disable resident av
- run Internet Explorer in admin mode so as to drop protection
- say "yes" to all ActiveX etc. prompts
- allow the site to drop and run code
- stay online while this code "scans" all your files
....as the advice at such sites generally suggests?

>The bots which harvest email addresses off the internet are just that, bots.
> They scour the entire internet, not just microsoft newsgroups. To be safe,
>never use your real name, never give your address, phone number or contact
>details, create temporary email accounts to use to sign up to forums and
>newsgroups,

Bots are unbounded, because:
- they can update themselves
- they facilitate unbounded interaction from external entities

Those external entities may be other bots or humans. In essence, an
active bot dissolves confidence in the distinction between "this
system" and "the Internet" (or more more accurately, "the infosphere",
as local attacks via WiFi may also be facilitated).



>-------------------- ----- ---- --- -- - - - -
Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
>-------------------- ----- ---- --- -- - - - -

 

[BoaterDave]

Re: Calling on a Guru to explain if I'm mistaken!

What a great reply - I just wish I'd known all these things before I
switched to Broadband!

So .............. this is a magic 'signature' by the way, cquirke, viz:-
-------------------- ----- ---- --- -- - - - -
Running Windows-based av to kill active malware is like striking
a match to see if what you are standing in is water or petrol.
-------------------- ----- ---- --- -- - - - -

,What do *you* suggest for checking whether or not a PC is 'clean'?
Can you recommend an 'off-line' programme for checking a computer? (other
than HiJackThis)

Have you tried out BugHunter, a DOS based facility, details here:-
http://bughunter.it-mate.co.uk/

I'd be most interested to learn of your assessment of same.

BD
***************************************************************
<snip>

 

[MrSlartybartfast]

Re: Calling on a Guru to explain if I'm mistaken!

We certainly have differing opinions cquirke and I can respect that. I have
not tried any antivirus software for a few years now so maybe things have
changed. The last time I tried any AV I found it interfered with the
majority of my games and generally was a PITA.

I am not trying to give advice, only giving my own personal account as to
how I keep my machine running as fast as possible. I presume most people
would somehow benefit from AV software, however I am not one of them.

I see many people who use antivirus, disk cleanup software, registry
cleaners, driver cleaners and all sorts of different software for cleaning up
their system to keep it running smoothly. IMO, there is nothing as quick,
simple, cheap, or effective as simply wiping the harddrive and reinstalling
Windows. As you mentioned, installing SP2 off the disc is part of the
reinstallation. I do this not only to clean for viruses but as general
system cleanup. Again this is not the best for everyone, however I find that
my system benchmarks are regularly as good or better than anyone with similar
systems so I must be doing something right.

Most people [no reference needed] are not qualified to keep their computer
in top running shape. Wiping the harddrive often fixes problems for people
even if they already have AV software. Troubleshooting a problem can take
hours or even days. A quicker and more guaranteed method is to simply wipe
the harddrive.

I don't know if I have ever had a virus, if I have then I did not notice any
ill effects. However I have tried antivirus software in the past and it was
much hassle. For me it seems that having antivirus software installed is
worse than having a virus. Maybe one day I will actually get a virus but
until then I am happy with the way things are.

--


"cquirke (MVP Windows shell/user)" wrote:

> On Sun, 12 Aug 2007 09:58:03 -0700, MrSlartybartfast
>
> >Yes, creating an image of a hard drive which has malware would include the
> >malware in the image. When copying this image back to the hard drive, the
> >malware would also be copied back resulting in net gain of zero.
>
> This is why "just backup!" (as glibly stated) is as useless as "just
> don't get viruses!" or "if you get infected, clean the virus!" etc.
>
> All of these approaches work, but have complexity within them that
> make for YMMV results. The complexity is similar across all three
> contexts how one scopes out the bad guys. The mechanics of meeting
> that inescapable challenge vary between the three "solutions".
>
> >When I reinstall Windows, I reinstall off the original DVD which has
> >no malware, unless you call Windows itself malware
>
> This is using time as the great X-axis, i.e. the OS code base is as
> old as possible, therefore excludes the malware. And so, the PC is
> known to be clean.
>
> But it also lacks every code patch needed to keep it that way, in the
> face of direct exploits a la Lovesan or Sasser etc. and to patch
> those, you'd have to expose this unpatched PC to the Internet.
>
> It's also bereft of any applications and data. Presumably once can do
> the same with applications and drivers as with the OS install
> known-good baseline code from CDs and then patch these online, or
> re-download apps and drivers from the 'net.
>
> There's also no data, and another cruch comes here, because you
> probably don't want a data set that's certain to be too old to be
> infected you want your most recent backup, which is the one most
> likely to be malware-tainted. How to scope data from malware?
>
> Even though MS pushes "just" wipe and rebuild as the malware panacea,
> they undermine these poiunts of failure:
> - they generally don't ship replacement code on CDs or DVDs
> - they don't attempt to separate data, code and incoming material
>
> The first has improved, what with XP SP2 being released as a CD, and
> with XP SP2 defaulting to firewall on.
>
> There's little or no progess on the second, though still no clearly
> visible distinction between data and code, still no type discipline so
> malware can sprawl across file types and spoof the user and OS into
> trusting these, incoming material is still hidden in mail stores and
> mixed with "documents" etc.
>
> In Vista, just what is backed up and what is not is even more opaque,
> as there's little or no scoping by location at all.
>
> >If the malware is on drive D:\ then it possibly could be reactivated on to
> >drive C:\. You normally need to access the files on D:\ to reactivate the
> >malware.
>
> For values of "you" that includes the OS as a player. Even with a
> wipe-and-rebuild that ensures no registry pointers to code on D:,
> there can still be code autorun from D: via Desktop.ini, \Autorun.inf,
> or the exploitation of any internal surfaces.
>
> Such surfaces may present themselves to the material:
> - when you do nothing at all, e.g. indexers, thumbnailers etc.
> - when you "list" files in "folders"
> - when a file name is displayed
>
> >No antivirus is perfect either, antivirus programs can often miss finding
> >some malware. I tend to find antivirus programs clunky and annoying and
> >prefer not to use them.
>
> I use them, as I think most users do. If you "don't need" an av, then
> clearly you have solved the "don't get viruses" problem, and the
> contexts of "clean the virus" and "rebuild and restore data" don't
> arise. If they do arise, you were wong in thinking "don't get
> viruses" was solved, and maybe you should rethink "I don't need an av"
> (while I do agree that av will miss things).
>
> Your nice freshly-built PC has no av, or an av installed from CD that
> has an update status far worse than whatever was in effect when you
> were infected. To update the av, you have to take this clean,
> unpatched, un-protected-by-av system online...
>
> >On my D:\ I compress my files individually which makes it hard for malware
> >to emerge.
>
> That helps. It also helps in av can traverse this compression for the
> on-demand scans you'd want to do between rebuilding C: and installing
> and updating av, and doing anythiing on D: or restoring "data".
>
> >It is a painful process and takes a few hours so I do not do this very often.
>
> I should hope not it's "last resort". If you have no confidence in
> the ability to detect or avoid malware, do you do this just when
> convenient, or whenever you "think you might be infected", or do you
> do it every X days so attackers have "only" X days in which they can
> harvest whatever they can grab off your PC?
>
> >I do find this much easier than trying to live with an antivirus
> >program installed. My choice is not for everyone
>
> It might have been a best-fit in the DOS era, when "don't get viruses"
> was as easy as "boot C: before A: and don't run .EXE, .COM and .BAT
> files". By now, a single resident av poses little or no system
> impact, whereas the wipe-and-rebuild process is a PITA.
>
> Frankly, doing a wipe-and-rebuild every now and then on a PC that's
> probably clean anyway, will increase the risks of infection.
>
> Do the maths you either get infected so often that the risks of
> falling back to unpatched code hardly makes things worse, in which
> case whatever you (blindly) do is equally useless, or your approach
> works so well that falling back to unpatched code is your single
> biggest risk of infection, and to improve things, you should stop
> doing that. If you have no ability to tell whether you are or have
> ever been infected, you can't distingusish between these states.
>
> >as I said before I have no valuable information stored on
> >my PC, I do not own a credit card and do not use internet
> >banking. If I have malware then I can live with it.
>
> Most of us want better results than that, and generally attain them.
>
> Why are we reading this advice again?
>
> >The AUMHA forum you linked to as a recommendation for Nanoscan and Totalscan
> >does nothing for me, it is hardly a review. Panda Software is well known, so
> >this is not one of the fake virus scans which is on the web. Out of
> >curiosity I started to run it anyway, I did not continue since I do not yet
> >fully understand the software and am not prepared to install the files on my
> >PC. You may use this if you wish but it is not for me.
>
> I agree with you there, especially if you suspect the PC is infected.
> How do you know the site you reached, is not a malware look-alike that
> resident malware has spoofed you to? Is it really a good idea to...
> - disable resident av
> - run Internet Explorer in admin mode so as to drop protection
> - say "yes" to all ActiveX etc. prompts
> - allow the site to drop and run code
> - stay online while this code "scans" all your files
> ....as the advice at such sites generally suggests?
>
> >The bots which harvest email addresses off the internet are just that, bots.
> > They scour the entire internet, not just microsoft newsgroups. To be safe,
> >never use your real name, never give your address, phone number or contact
> >details, create temporary email accounts to use to sign up to forums and
> >newsgroups,
>
> Bots are unbounded, because:
> - they can update themselves
> - they facilitate unbounded interaction from external entities
>
> Those external entities may be other bots or humans. In essence, an
> active bot dissolves confidence in the distinction between "this
> system" and "the Internet" (or more more accurately, "the infosphere",
> as local attacks via WiFi may also be facilitated).
>
>
>
> >-------------------- ----- ---- --- -- - - - -
> Running Windows-based av to kill active malware is like striking
> a match to see if what you are standing in is water or petrol.
> >-------------------- ----- ---- --- -- - - - -
>

 

[BoaterDave]

Re: Calling on a Guru to explain if I'm mistaken!

"Wiping the harddrive often fixes problems for people"

I'd agree - but only if the *whole* drive is wiped, not just a partition!

BD

****************************************************

"MrSlartybartfast" <MrSlartybartfast@discussions.microsoft.com> wrote in
message news:1BCA0526-BB98-46A2-BA23-8B88958A1BCD@microsoft.com...
> We certainly have differing opinions cquirke and I can respect that. I
> have
> not tried any antivirus software for a few years now so maybe things have
> changed. The last time I tried any AV I found it interfered with the
> majority of my games and generally was a PITA.
>
> I am not trying to give advice, only giving my own personal account as to
> how I keep my machine running as fast as possible. I presume most people
> would somehow benefit from AV software, however I am not one of them.
>
> I see many people who use antivirus, disk cleanup software, registry
> cleaners, driver cleaners and all sorts of different software for cleaning
> up
> their system to keep it running smoothly. IMO, there is nothing as quick,
> simple, cheap, or effective as simply wiping the harddrive and
> reinstalling
> Windows. As you mentioned, installing SP2 off the disc is part of the
> reinstallation. I do this not only to clean for viruses but as general
> system cleanup. Again this is not the best for everyone, however I find
> that
> my system benchmarks are regularly as good or better than anyone with
> similar
> systems so I must be doing something right.
>
> Most people [no reference needed] are not qualified to keep their computer
> in top running shape. Wiping the harddrive often fixes problems for
> people
> even if they already have AV software. Troubleshooting a problem can take
> hours or even days. A quicker and more guaranteed method is to simply
> wipe
> the harddrive.
>
> I don't know if I have ever had a virus, if I have then I did not notice
> any
> ill effects. However I have tried antivirus software in the past and it
> was
> much hassle. For me it seems that having antivirus software installed is
> worse than having a virus. Maybe one day I will actually get a virus but
> until then I am happy with the way things are.
<snip>

 

[Robert Moir]

Re: Calling on a Guru to explain if I'm mistaken!

"MrSlartybartfast" <MrSlartybartfast@discussions.microsoft.com> wrote in
message news:1BCA0526-BB98-46A2-BA23-8B88958A1BCD@microsoft.com...

> Most people [no reference needed] are not qualified to keep their computer
> in top running shape. Wiping the harddrive often fixes problems for
> people
> even if they already have AV software. Troubleshooting a problem can take
> hours or even days. A quicker and more guaranteed method is to simply
> wipe
> the harddrive.

Yes but sometimes this can be likened to the doctor removing your arm if you
complain that your elbow hurts and they can't see an immediate and obvious
reason. Now that might well solve the problem of the sore elbow in a very
fast time frame but if it's all the same with you I'm going to go ahead and
stick with my doctor, who in my experience tends to regard such things as
very much a last resort.

Wipe and reload might be a valid response in a large corporate environment,
but even (especially?) there I would say that before doing this you'd want
to understand how the malware defeated your current precautions, otherwise
you're just kicking it out while you give it some fresh bedding.

 

[MrSlartybartfast]

Re: Calling on a Guru to explain if I'm mistaken!

JFTR, I am only a noob kid, I know nothing of corporate environments.
Problems mostly come when I want to play computer games. Antivirus stops
games from installing and running correctly. The only malware I know of are
installed by the games themselves in the form of copyprotection. Antivirus
tries to stop these games from installing and running the copyprotection,
therefore I cannot play. In my situation, running an antivirus program has
far worse effects than any malware I could imagine. On my PC then I am the
Doctor. I say, "Chop off the arm. I seize all your bases while you cure the
sore elbow. You get pwnd".

Just recently the gaming forums are abuzz with problems from the latest game
Bioshock, which the antivirus prevents the copyprotection working correctly,
causing the activation to malfunction, causing the game cannot be played,
causing a waste of $89.95. I dont want that kind of hassles.
--


"Robert Moir" wrote:
> Yes but sometimes this can be likened to the doctor removing your arm if you
> complain that your elbow hurts and they can't see an immediate and obvious
> reason. Now that might well solve the problem of the sore elbow in a very
> fast time frame but if it's all the same with you I'm going to go ahead and
> stick with my doctor, who in my experience tends to regard such things as
> very much a last resort.
>
> Wipe and reload might be a valid response in a large corporate environment,
> but even (especially?) there I would say that before doing this you'd want
> to understand how the malware defeated your current precautions, otherwise
> you're just kicking it out while you give it some fresh bedding.

 

[BoaterDave]

Re: Action Plan!

I notice that you did not answer my question posed here, Li.

I've also noticed (assuming that you are located in the USA) that some of
your posts appear to be made in the niddle of the night/very early morning.
Are you quite sure that there is not more than one of you?

BD
***********************************************************
"BoaterDave" <BoaterDave@nospam.invalid> wrote in message
news:ebzGbbG3HHA.5796@TK2MSFTNGP05.phx.gbl...
> Hi Li
>
> So sorry to hear about the loss of your parents.
>
> Perhaps you will explain, though, why you have come here to harrass me.
>
> My understanding is that Dave H. runs the server(s) at Dogagent.com.
> Surely he is not beholden to you. Perhaps you are responding on Dave's
> behalf - are you? Can he not fend for himself? I didn't ask for a
> newsgroup of my own, neither do I want one. It was provided simply so that
> you might try to malign and bait me, a skill which you have obviously
> developed over many years. Perhaps, even, to incapacitate my PC as was
> done last year.
>
> I have been called many things, Li - but cruel is one I cannot recall
> having been attributed to me. I love people and animals and do my very
> best to help others every day. I sleep peacefully in my bed each night,
> knowing that 'the bad guys' will, eventually, be caught. How well do you
> sleep, Li?
>
> David
>
> ************************************************************************************
> "Troll_Lady" <TL@DogAgent.com> wrote in message
> news:uNqlPg02HHA.536@TK2MSFTNGP06.phx.gbl...
>> for myself only....
>> i lost my Mom in early 2006. she was an active member and owner of
>> support.cancer on Annexcafe. she slapped me all the time.
>>
>> your comment, that she should have slapped me harder was uncalled for and
>> downright rude.
>> you are not a nice man, BD. not at all. in fact, you are cruel.
>>
>> i lost my Dad in late 2006, do you have some comments about him, as well?
>>
>> you want your own group? go to Usenet and search around for someone to
>> give
>> you an alt.boater.dave group.
>> search your Usenet group list for admin.
>>
>> you will not get one on either AnnexCafe nor DogAgent.
>> those are my homes away from home. you are not welcome in either of my
>> homes.
>>
>>
>> "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
>> news:On6DHQq2HHA.5316@TK2MSFTNGP04.phx.gbl...
>> Hello Dave
>>
>> Taking your last sentence of your post first, you said in your message
>> here
>> on 29 July at 1849 - "You are the intruder/virus/Trojan, with your
>> "Crusading", attacking good people". I therefore consider that there *is*
>> a
>> place for me here! <g>
>>
>> I will willingly make a public apology if necessary, but I cannot do so
>> until I have been told exactly what it is for which you wish me to
>> apologise. Perhaps you could start by explaining how *you* can tell the
>> good
>> guys from the bad here on the Internet, especially those posting in
>> newsgroups. Then, perhaps, tell me which good guys I have maligned and,
>> of
>> course, exactly how you *know* that they are good guys. Are you
>> *absolutely*
>> sure - or just pre-supposing?
>>
>> Should you prefer to take the subject matter of my quest (to identify the
>> bad guys) away from the public gaze here, and you are in no way
>> affiliated
>> with Cybercrime and malware propergation, perhaps you will re-open a
>> 'boater.dave' group on your server which is NOT moderated by anyone at
>> all.
>> Debate and discussion could then continue in private. Some folk from
>> /this/
>> group might even come over and join in any discussion which transpires,
>> especially when I advertise any such new group here on the Microsoft
>> groups.
>>
>> The ball is in your court.
>>
>> David
>
> <snip>
>

 

[BoaterDave]

This is the 'Properties' information I can see in this message from Fitz.

I've now posted elswhere using Xnews and my IP address is clearly evident.

Can/will anyone please explain to me why I cannot determin *his* IP address?
TIA

BD


Date: Wed, 8 Aug 2007 19:06:17 -0400
MIME-Version: 1.0
Content-Type: text/plain
format=flowed
charset="iso-8859-1"
reply-type=response
Content-Transfer-Encoding: 7bit
X-Priority: 3
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Windows Mail 6.0.6000.16480
X-MIMEOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
Lines: 23
Message-ID: <46ba4c75$0$12241$4c368faf@roadrunner.com>
Organization: Road Runner High Speed Online http://www.rr.com
X-Complaints-To: abuse@rr.com
Path:
TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!news-out.cwix.com!newsfeed.cwix.com!newscon02.news.prodigy.net!prodigy.net!nx01.iad01.newshosting.com!newshosting.com!post02.iad01!roadrunner.com!not-for-mail
Xref: TK2MSFTNGP01.phx.gbl microsoft.public.security.virus:79308

*****************************************************************
"BoaterDave" <BoaterDave@nospam.invalid> wrote in message
news:O6vZYWm2HHA.3760@TK2MSFTNGP03.phx.gbl...
> Thanks for responding again, Fitz.
>
> If I right-click on a post in any newsgroup or email message, I see a
> pop-up menu at the bottom of which is 'Properties'. If I left-click on
> 'Properties' I get a pop-up window showing General and Details. If I click
> on Details there is loads of information. If you do this on a message from
> me you will see, 3 lines up from the bottom the following:
> NNTP-Posting-Host: AC8FC59C.ipt.aol.com 172.143.197.156 - That is my me!
> When I carry out the same exercise on a message from you, I *cannot*
> identify you. Your explanation may be valid - but I've never come across
> this before.
>
> I had no idea about any of this a couple of years ago. I'd never even
> considered why anyone would even wish to identify someone who might make a
> post in a newsgroup, Microsoft or any other. Now somewhat wiser, I believe
> that there are 'facilities' which can scan IP addresses and identify
> vulnerable/unprotected PC's (but have no idea how they work!). Scouring
> the Microsoft newsgroups may well be how the 'bad guys' find new additions
> for their Botnets - and thus be able to spread spyware and viruses
> undetected. Perhaps that answers your last point!
>
> Another poster here has no Reverse DNS evident from his IP address. Whilst
> I am willing to be shown that my understanding of matters is incorrect,
> no-one has offered an explanation yet. I fear that, if one is unprotected,
> these newsgroups pose a real threat to many Internet users. Just my view!
>
>
>
> David
>
> ************************************************************************************
>
> "---Fitz---" <---fitz---@invalid.com> wrote in message
> news:46ba4c75$0$12241$4c368faf@roadrunner.com...
>>I have not a clue why you can't see my IP address. It would depend on
>>your newsgroup client and how it's configured, whether proxies are being
>>used by the sender, how the sender's ISP is set up as well as a host of
>>other things...probably including firewalls, routers and other things.
>>I'm doing nothing special to conceal my IP and I wouldn't know how to do
>>it nor would I care. I'm on Time Warner cable, behind a Vonage router and
>>behind a Belkin router. My IP is dynamic which means it changes on
>>occasion. I'm not on dialup or my IP would change every time I dialed in.
>>
>> At any rate, your question is not virus related so it's probably better
>> suited to a newsgroup concerning security rather than virus.
>>
>> "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
>> news:%23j5seNf2HHA.536@TK2MSFTNGP06.phx.gbl...
>>> OK - a question for you Fitz - I'm always willing to learn.
>>>
>>> I have no problem seeing IP addresses in the messages of others here.
>>> I'm puzzled.
>>> Will you please explain why I cannot see any IP address listed in the
>>> 'Properties' of your posts here? TIA
>>>
>>> David
>>
>
>

 

[Tom Willett]

Get rid of your IP address fixation and move on. This isn't your personal
little chat room.

"BoaterDave" <BoaterDave@nospam.invalid> wrote in message
news:O0m7aqI7HHA.4736@TK2MSFTNGP06.phx.gbl...
> This is the 'Properties' information I can see in this message from Fitz.
>
> I've now posted elswhere using Xnews and my IP address is clearly evident.
>
> Can/will anyone please explain to me why I cannot determin *his* IP
> address? TIA
>
> BD
>
>
> Date: Wed, 8 Aug 2007 19:06:17 -0400
> MIME-Version: 1.0
> Content-Type: text/plain
> format=flowed
> charset="iso-8859-1"
> reply-type=response
> Content-Transfer-Encoding: 7bit
> X-Priority: 3
> X-MSMail-Priority: Normal
> X-Newsreader: Microsoft Windows Mail 6.0.6000.16480
> X-MIMEOLE: Produced By Microsoft MimeOLE V6.0.6000.16480
> Lines: 23
> Message-ID: <46ba4c75$0$12241$4c368faf@roadrunner.com>
> Organization: Road Runner High Speed Online http://www.rr.com
> X-Complaints-To: abuse@rr.com
> Path:
> TK2MSFTNGP01.phx.gbl!TK2MSFTFEEDS02.phx.gbl!news-out.cwix.com!newsfeed.cwix.com!newscon02.news.prodigy.net!prodigy.net!nx01.iad01.newshosting.com!newshosting.com!post02.iad01!roadrunner.com!not-for-mail
> Xref: TK2MSFTNGP01.phx.gbl microsoft.public.security.virus:79308
>
> *****************************************************************
> "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
> news:O6vZYWm2HHA.3760@TK2MSFTNGP03.phx.gbl...
>> Thanks for responding again, Fitz.
>>
>> If I right-click on a post in any newsgroup or email message, I see a
>> pop-up menu at the bottom of which is 'Properties'. If I left-click on
>> 'Properties' I get a pop-up window showing General and Details. If I
>> click on Details there is loads of information. If you do this on a
>> message from me you will see, 3 lines up from the bottom the following:
>> NNTP-Posting-Host: AC8FC59C.ipt.aol.com 172.143.197.156 - That is my me!
>> When I carry out the same exercise on a message from you, I *cannot*
>> identify you. Your explanation may be valid - but I've never come across
>> this before.
>>
>> I had no idea about any of this a couple of years ago. I'd never even
>> considered why anyone would even wish to identify someone who might make
>> a post in a newsgroup, Microsoft or any other. Now somewhat wiser, I
>> believe that there are 'facilities' which can scan IP addresses and
>> identify vulnerable/unprotected PC's (but have no idea how they work!).
>> Scouring the Microsoft newsgroups may well be how the 'bad guys' find new
>> additions for their Botnets - and thus be able to spread spyware and
>> viruses undetected. Perhaps that answers your last point!
>>
>> Another poster here has no Reverse DNS evident from his IP address.
>> Whilst I am willing to be shown that my understanding of matters is
>> incorrect, no-one has offered an explanation yet. I fear that, if one is
>> unprotected, these newsgroups pose a real threat to many Internet users.
>> Just my view!
>>
>>
>> David
>>
>> ************************************************************************************
>>
>> "---Fitz---" <---fitz---@invalid.com> wrote in message
>> news:46ba4c75$0$12241$4c368faf@roadrunner.com...
>>>I have not a clue why you can't see my IP address. It would depend on
>>>your newsgroup client and how it's configured, whether proxies are being
>>>used by the sender, how the sender's ISP is set up as well as a host of
>>>other things...probably including firewalls, routers and other things.
>>>I'm doing nothing special to conceal my IP and I wouldn't know how to do
>>>it nor would I care. I'm on Time Warner cable, behind a Vonage router
>>>and behind a Belkin router. My IP is dynamic which means it changes on
>>>occasion. I'm not on dialup or my IP would change every time I dialed
>>>in.
>>>
>>> At any rate, your question is not virus related so it's probably better
>>> suited to a newsgroup concerning security rather than virus.
>>>
>>> "BoaterDave" <BoaterDave@nospam.invalid> wrote in message
>>> news:%23j5seNf2HHA.536@TK2MSFTNGP06.phx.gbl...
>>>> OK - a question for you Fitz - I'm always willing to learn.
>>>>
>>>> I have no problem seeing IP addresses in the messages of others here.
>>>> I'm puzzled.
>>>> Will you please explain why I cannot see any IP address listed in the
>>>> 'Properties' of your posts here? TIA
>>>>
>>>> David
>>>
>>
>>
>
>