IDS CPU/Memory usage - dslreports.com

Author	All Replies
Dirtyping join:2001-10-30 West Haverstraw, NY	IDS CPU/Memory usage Hi, It is about time to renew my Blackice subscription especially after letting it lapse a few weeks and ended up with my first ever infection. After one brief session yesterday I somehow picked up fairly new viruses BackDoor-CLH and Downloader-SF I am already protected by a hardware firewall but use Blackice on my workstation for IDS. Just checking to see if there are any better IDS alternatives. I do alot of gaming so I am looking for something that is low CPU and low mem usage. I went with Blackice years ago for the IDS that Zonealarm does not have. Zonealarm back then ate up to much cpu/memory at the time for my tastes. Is Blackice still a good solution for my needs?
	to forum · permalink · · 2004-11-22 02:18:16 ·
B Premium,MVM join:2000-10-28 1 edit	said by Dirtyping : Hi, It is about time to renew my Blackice subscription especially after letting it lapse a few weeks and ended up with my first ever infection. After one brief session yesterday I somehow picked up fairly new viruses BackDoor-CLH and Downloader-SF till a good solution for my needs? IDS's are intended to track and report inbound attempts. But neither of the malware you mention are listed as worms -- they're trojans that YOU downloaded, one way or another. What I'm saying is that it might help to concentrate on that "somehow" in your first paragraph, and determine whether you too casually run things you shouldn't. Double-clicking is never a good way to open something you've just downloaded. If it's supposed to be music, drag it onto your music player. If it's supposed to be video, drag it onto your video player. If it's supposed to be a document, drag it into your word processor. (Or use File, Open in the relevant applications. Or just check the full file name from a Command Prompt.) Do you think BlackIce would have prevented these infections, and if so, how? Do you run an antivirus? -- B -- In a realm outside causality and function
	to forum · permalink · · 2004-11-22 02:38:38 ·
spie34 Hmm Premium join:2004-01-06 Boise, ID	reply to Dirtyping IDS doesn't really do anything for you unless you have some other program installed that will start blocking ips that are logged in IDS.
	to forum · permalink · · 2004-11-22 05:26:24 ·
novaflare The Dragon Was Here Premium join:2002-01-24 Barberton, OH	reply to Dirtyping Most ids programs tend to be cpu intensive hopefully they are "nice" and will release cpu quick and totaly when needed. But they are constantly scanning. Personaly id never run one on my system do to that instead get a old junk computer and install a firewall package like smooth wall or any of the others that offer ids. As a gamer depending on the type of games you play a fire wall like sygate may be much better for you or any fire wall with advanced rules that over ride all other rules. So that yu can set up a allow all poorts and protos for a given ip. That way if you play mmorpgs or other games with patches you dont need to worry about re allowing. After all if your playing the game you trust its server to begin with so you are not lowering your security by allowing all ports and protos fromt he servers ip. Za can be a royal pain when it comes to mmorpgs esp beta mmos. I dont know how many times ive been left cussing my self as i click the play game button on a games launcher then relized oh crap i just patched now im gona have to fight with the game to get out click allow or set it up manualy. (za and sygate before i knew how to use advanced rules in sygate) -- new 3d chat comunity at »planetvirtuel.com my site »spellbound.valshea.com/news.php
	to forum · permalink · · 2004-11-22 07:21:27 ·
Dirtyping join:2001-10-30 West Haverstraw, NY 2 edits	reply to B said by B : ...concentrate on that "somehow"... Do you think BlackIce would have prevented these infections, and if so, how? Do you run an antivirus? -- B I never click on anything I should not or go to suspect websites. It is likely that I opened a piece of email spam accidently instead of the intended message (Outlook can be so slow sometimes when downloading hundreds of messages) or mistyped a website address in IE6. (dam I have been using Mozilla except for the day I got infected) Typically Blackice picks up the bad signatures when downloading email. It also warns me when I visit a site that is using some sort of exploit. Since I am really careful about what I visit and email that I open I typically only run anti-virus as full system scans. It slows down the system too much to have it scanning all the time especially with games like Americas Army. These trojans I got hit with, McAfee does not have much on them so it is difficult to pin down how I was infected. I also have a Zywall 10 hardware firewall for protection. Since I already have a hardware firewall I thought IDS would be better as an extra level on the WIN2K workstation.
	to forum · permalink · · 2004-11-22 11:33:50 ·
Dirtyping join:2001-10-30 West Haverstraw, NY 1 edit	Now that I am wide awake and took a second look at the log it looks like I picked up the new IE flaw which MS has not yet produced a patch for. »secunia.com/advisories/12959 »www.computerworld.com/securityto···,00.html If I had Blackice updated they added the signature on the 11/11 and Mcafee also has it but was not loaded at the time. \Content.IE5\PE6HWLD5\hp2[1].htm,1,Exploit-MhtRedir.gen,4169 C:\bla.exe,1,Downloader-SF,4169 \Content.IE5\31COH7Z9\l[1].exe,1,Downloader-SF,4169 \Content.IE5\O5A30L63\c[1].html\c[1].html,1,Exploit-IframeBO!shellcode,4169 \Content.IE5\ZTFOXNFW\w[1].exe,1,BackDoor-CLH,4169 C:\WINNT\system32\pkshpd.exe,1,BackDoor-CLH,4169 Now I need to figure out what passwords or information may have been compromised.
	to forum · permalink · · 2004-11-22 12:21:51 ·


Friday, 04-Dec 04:14:24	Terms of Use \| Privacy Policy \| Hosting by www.nac.net - DSL,Hosting & Co-lo \| feedback \| contact over 10 years online! © 1999-2009 dslreports.com. page compression OFF