Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Unknown download activity in background - how to determine what it is?

38 views
Skip to first unread message

Doc

unread,
Jul 28, 2007, 3:51:49 AM7/28/07
to
I'm using WinXP Media Center, the last few days I've noticed that
there's some kind of d/l actitivity showing even when I'm doing
nothing online even with the Windows firewall up as well as
ZoneAlarm. I'm on 56k dialup. How do I determine what this is? I
don't have Windows update on automatic. I ran AdAware with the latest
definitions but it's still doing it.

Thanks.

Vanguard

unread,
Jul 28, 2007, 3:58:44 AM7/28/07
to
"Doc" wrote in message
news:1185609109.1...@w3g2000hsg.googlegroups.com...

Use a software firewall that shows you the current connections and level
of traffic. Comodo has a good firewall for free.

John

unread,
Jul 28, 2007, 4:35:33 AM7/28/07
to
Vanguard wrote:

> Use a software firewall that shows you the current connections and level
> of traffic. Comodo has a good firewall for free.
>
>

I'm not sure that will show the poster what they want to know. It will
only confirm what they already know surely.

John.

Vanguard

unread,
Jul 28, 2007, 4:48:09 AM7/28/07
to
"John" wrote in message news:46aaffc3$0$31730$db0f...@news.zen.co.uk...

Mine shows which which process (by applications) is using what port and
to where it connects and on what port along with how many bytes came in
or went out. Seems what the OP wants to know.

I'm using the Comodo firewall (free) right now. As I recall when using
the Sygate Pro firewall, it also had decent logging.

John

unread,
Jul 28, 2007, 5:24:09 AM7/28/07
to
Vanguard wrote:

> Mine shows which which process (by applications) is using what port and
> to where it connects and on what port along with how many bytes came in
> or went out. Seems what the OP wants to know.
>
> I'm using the Comodo firewall (free) right now. As I recall when using
> the Sygate Pro firewall, it also had decent logging.
>
>

That's nice to know, thanks.

John.

John John

unread,
Jul 28, 2007, 9:41:23 AM7/28/07
to
Surely Zone Alarm should tell you that, doesn't it? Reset all your ZA
rules to allow nothing and start reapplying the rules as asked when
applications want to establish connections.

John

BoaterDave

unread,
Jul 28, 2007, 9:55:02 AM7/28/07
to
Hi Doc

I've been led to believe that, just like one should only ever have a single
active antivirus programme, one should only have a single software firewall
operative. In other words, disable MS Windows firewall if you are using Zone
Alarm.

HTH

David

______________________________________________________________________________________________
"Doc" <docsa...@yahoo.com> wrote in message
news:1185609109.1...@w3g2000hsg.googlegroups.com...

JW

unread,
Jul 28, 2007, 10:48:33 AM7/28/07
to
Could it be Media Center updating your EPG?
If you go to task manager you should be able to see what programs are
consuming CPU power when the downloading occurs.
"BoaterDave" <Boate...@nospam.invalid> wrote in message
news:O4neV7R0...@TK2MSFTNGP05.phx.gbl...

Cyberiade.it Anonymous Remailer

unread,
Jul 28, 2007, 11:47:52 AM7/28/07
to

That is good to know. It seems to be a good firewall, especially for
freeware. I just installed it and it's working great, AFAICT.

Here is the manufacturer's link:

http://www.personalfirewall.comodo.com/

Ckyp

Andy Walker

unread,
Jul 28, 2007, 11:56:18 AM7/28/07
to
Cyberiade.it Anonymous Remailer wrote:

>>>> Use a software firewall that shows you the current connections and
>>>> level of traffic. Comodo has a good firewall for free.

Or, you could simply run some simple DOS commands to determine what
program(s) are using external connections.

c:\netstat -nab > netstat.txt
c:\more netstat.txt

Look for established connections using foreign addresses other than
127.x.x.x. You should be able to determine what port and what process
is communicating, as well as the external IP address.

To check the external IP address go to http://www.dnsstuff.com and
enter it into the "IP Information" box.

Message has been deleted

Vanguard

unread,
Jul 28, 2007, 4:52:43 PM7/28/07
to
"Andy Walker" wrote in message news:46ab6529...@news.webtv.com...

>
> Or, you could simply run some simple DOS commands to determine what
> program(s) are using external connections.
>
> c:\netstat -nab > netstat.txt
> c:\more netstat.txt
>
> Look for established connections using foreign addresses other than
> 127.x.x.x. You should be able to determine what port and what process
> is communicating, as well as the external IP address.
>
> To check the external IP address go to http://www.dnsstuff.com and
> enter it into the "IP Information" box.


I couldn't remember the 'netstat' command. I kept thinking 'net' but
that doesn't list the current port usage. Thanks for the reminder. One
of these, it'll find some better brain cells to stick to.


Vanguard

unread,
Jul 28, 2007, 4:54:51 PM7/28/07
to
"WaIIy" wrote in message
news:7mvma3p34og81q98n...@4ax.com...
> This might help. It's a very handy program.
> http://www.microsoft.com/technet/sysinternals/ProcessesAndThreads/ProcessExplorer.mspx


More appropriate would be their TCPview.

Kayman

unread,
Jul 28, 2007, 7:05:19 PM7/28/07
to
"BoaterDave" <Boate...@nospam.invalid> wrote in message
news:O4neV7R0...@TK2MSFTNGP05.phx.gbl...
> Hi Doc
>
> I've been led to believe that, just like one should only ever have a
> single active antivirus programme,
One should only ever have a single *real- time* AV program, if you wish you
can have several *on-demand* AV apps.

> one should only have a single software firewall operative. In other
> words, disable MS Windows firewall if you are using Zone Alarm.
>
Uninstalling ZA would be an even better solution. It's Phoney-Baloney ware;
It gives you a false sense of security.
Go to:
http://www.microsoft.com/technet/technetmag/issues/2006/05/SecurityMyths/default.aspx
and scroll down to:
Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

Then read this:
("...the typical form of outbound protection in client firewalls is just
security theater.)
http://www.microsoft.com/technet/technetmag/issues/2007/06/VistaFirewall/default.aspx

And this:
http://www.samspade.org/d/firewalls.html

Read and impelement this:
http://www.ntsvcfg.de/ntsvcfg_eng.html
http://www.dingens.org/index.html.en

And consider implemening Hardening your OS:
http://www.5starsupport.com/tutorial/hardening-windows.htm

Good luck :)


John John

unread,
Jul 28, 2007, 8:40:01 PM7/28/07
to
Kayman wrote:


> and scroll down to:
> Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

That article itself is baloney. It is true that any malware can
circumvent a firewall's outbound protection but it is also true that a
lot of malware is detected by firewall outbound monitoring. The
outbound monitoring also alerts you when otherwise legitimate software
is trying to call home. Perhaps you like it better when things like
Media player call home without your knowledge, a pesky annoyance that
you should be aware of things like that.

The article states:

"Speaking of host firewalls, why is there so much noise about outbound
filtering? Think for a moment about how ordinary users would interact
with a piece of software that bugged them every time a program on their
computer wanted to communicate with the Internet..." What a pile of
baloney!"

Firewall have rules, it appears no one at Microsoft knows this, which
isn't really surprising to tell you the truth. Microsoft's logic is
that "you don't need seat belts if you have airbags". And you don't
need to know what it is that things like Media Player doing. Baloney
indeed!

John

Kerry Brown

unread,
Jul 28, 2007, 9:19:09 PM7/28/07
to
"John John" <aude...@nbnet.nb.ca> wrote in message
news:%23mmjLjX...@TK2MSFTNGP03.phx.gbl...


There is no way a software firewall can guarantee it will stop outbound
traffic on the computer it is running on regardless of the OS. Software
firewalls can be useful for stopping programs communicating outbound through
normal channels. That's it, period. The fact that some firewalls notify you
about malware communicating out is a function of how poorly the malware is
programmed not the firewall. Intel motherboards can communicate though the
onboard NICs at the BIOS level with no OS present. Rootkits can easily
modify all traffic going through any NIC in the computer. Malware running in
Windows can easily corrupt traffic from legitimate programs. Malware can
even create it's own TCP/IP stack and bypass Windows (or other OS')
networking stack altogether. Virtual server software is capable of spoofing
a MAC and getting multiple IP addresses for one NIC from a DHCP server. What
makes you think malware can't do the same type of thing?

--
Kerry Brown
Microsoft MVP - Shell/User
http://www.vistahelp.ca


John John

unread,
Jul 28, 2007, 10:50:43 PM7/28/07
to
Kerry Brown wrote:

All that you say is true and I never said or argued otherwise. But
software firewalls that monitor outbound connections can be useful and
can help to keep some applications in check, just because the Microsoft
firewall can't do it doesn't mean that all others are not good.

John

dobey

unread,
Jul 28, 2007, 11:27:40 PM7/28/07
to

"WaIIy" <eI...@ChangeThisPart.com> wrote in message
news:7mvma3p34og81q98n...@4ax.com...

Any chance it is just Windows update working in the background? I imagine
some of the updates might take a while on 56 kb.


Vanguard

unread,
Jul 28, 2007, 11:36:28 PM7/28/07
to
"dobey" <a...@v.nox> wrote in message
news:e9lJRDZ0...@TK2MSFTNGP03.phx.gbl...

>
> Any chance it is just Windows update working in the background? I
> imagine some of the updates might take a while on 56 kb.


Check the configuration of Automatic Updates. Right-click on the My
Computer desktop icon, select Properties, and look at the Automatic
Updates tab. You should NEVER let Microsoft automatically update your
host. At worst, allow the updates to be download but prompt to actually
install them. Better is to only get prompted when there is an update
and then you do the download and install when you want. Best is to
disable Automatic Updates and only update when you find there is an
update that you want or need. Unfortunately, Microsoft is bent of
forcing their updates on their customers so, for example, the malware
signature updates for Windows Defender are delivered via Windows Updates
rather than having the program check for only its own updates, so you
might want to set Automatic Updates to prompt you but you shouldn't
download until you are ready to then follow with the install. If you
let blindly allow Microsoft change your host's configuration, you will
be yet another user proclaiming that they did not change a thing but now
something suddenly fails to work anymore.

dobey

unread,
Jul 28, 2007, 11:39:02 PM7/28/07
to

"Vanguard" <n...@mail.invalid> wrote in message
news:ODBpkGZ0...@TK2MSFTNGP03.phx.gbl...

This is to the OP of couse...


Kayman

unread,
Jul 29, 2007, 12:22:19 AM7/29/07
to
"John John" <aude...@nbnet.nb.ca> wrote in message
news:evGvOsY0...@TK2MSFTNGP03.phx.gbl...

>>> Firewall have rules, it appears no one at Microsoft knows this, which
>>> isn't really surprising to tell you the truth. Microsoft's logic is
>>> that "you don't need seat belts if you have airbags". And you don't
>>> need to know what it is that things like Media Player doing. Baloney
>>> indeed!
>>>
It's a pc, apply your own logic (utilise sensible apps.); So take
ownership, do some research, do not consult advertisement-driven
publications and be responsible - *you* are in charge! If you don't like pc
go for available alternatives.

>>>
>> There is no way a software firewall can guarantee it will stop outbound
>> traffic on the computer it is running on regardless of the OS. Software
>> firewalls can be useful for stopping programs communicating outbound
>> through normal channels. That's it, period. The fact that some firewalls
>> notify you about malware communicating out is a function of how poorly
>> the malware is programmed not the firewall. Intel motherboards can
>> communicate though the onboard NICs at the BIOS level with no OS present.
>> Rootkits can easily modify all traffic going through any NIC in the
>> computer. Malware running in Windows can easily corrupt traffic from
>> legitimate programs. Malware can even create it's own TCP/IP stack and
>> bypass Windows (or other OS') networking stack altogether. Virtual server
>> software is capable of spoofing a MAC and getting multiple IP addresses
>> for one NIC from a DHCP server. What makes you think malware can't do the
>> same type of thing?
>
> All that you say is true and I never said or argued otherwise. But
> software firewalls that monitor outbound connections can be useful and can
> help to keep some applications in check,
>
Outbound filtering is useless, the PFW pop-ups just give a warm feeling for
being in control but it's too late already - it's an illusion to belive
otherwise.

> just because the Microsoft firewall can't do it doesn't mean that all
> others are not good.
>
M/S firewall *can't* do (but they could) because it's recognised to be waste
of resources and time. And yes, PFW's are IMO of no value whatsoever; I
know because I operate without these apps.
John John, don't get blinded by all the marketing hype :)

Peter Foldes

unread,
Jul 29, 2007, 1:14:06 AM7/29/07
to

--
Peter

Please Reply to Newsgroup for the benefit of others
Requests for assistance by email can not and will not be acknowledged.

"BoaterDave" <Boate...@nospam.invalid> wrote in message news:O4neV7R0...@TK2MSFTNGP05.phx.gbl...

Kerry Brown

unread,
Jul 29, 2007, 1:44:07 AM7/29/07
to
"John John" <aude...@nbnet.nb.ca> wrote in message
news:evGvOsY0...@TK2MSFTNGP03.phx.gbl...


You said that this: "Myth: Host-Based Firewalls Must Filter Outbound Traffic
to be Safe." was baloney. It is not. You are talking about privacy not
safety. Software firewalls do nothing to improve your safety. They may
actually decrease your safety by giving you a false sense of security. They
can as you say be used to protect your privacy. You went on to say this:
"Firewall have rules, it appears no one at Microsoft knows this" which is
also false. All of the firewalls in Microsoft OS' use rules. Some of them
don't monitor outgoing traffic but they all use rules.

witan

unread,
Jul 29, 2007, 3:50:26 AM7/29/07
to

A long shot: A couple of months back, I had downloaded and installed a
free "flash video player" that was seen on Firefox. The same day, I
found that my Internet account had been drained out, because some 2GB
was "downloaded" in the matter of a few hours, although I had shut
down the program after using it for just a few minutes. I could not
locate any downloaded files even in the "Temporary Internet Files"
folder to account for that size, and my hard disk space was not
decreased. Apparently, the program continued to run in the background
even after I shut it off. When I opened the "Local Area Connection
Status" by clicking on the double-computer icon in system tray area, I
saw that heavy downloading was gong on. I am not absolutely sure that
the Flash Video Player was the culprit, but I after I uninstalled the
program, the unknown internet activity also stopped.
I suggest that you check for something similar on your computer.

BoaterDave

unread,
Jul 29, 2007, 4:06:44 AM7/29/07
to
Had you intended to comment, Peter?

Nothing seen here.

BD

******************************
"Peter Foldes" <ok...@hotmail.com> wrote in message
news:eSIyH9Z...@TK2MSFTNGP05.phx.gbl...

John John

unread,
Jul 29, 2007, 8:11:12 AM7/29/07
to
Kayman wrote:

> "John John" <aude...@nbnet.nb.ca> wrote in message

> It's a pc, apply your own logic (utilise sensible apps.); So take

> ownership, do some research, do not consult advertisement-driven
> publications and be responsible - *you* are in charge! If you don't like
> pc go for available alternatives.

Regardless of what you might think I am no slouch at computers and I
don't use Adware! Did you know that some of the new Sysinternal
(Microsoft) utilities call home without your knowledge? Did you know
that these Sysinternal utilities do not tell you that they call home and
that they provide no inbuilt mechanism to stop this behaviour? Do you
agree that those applications, amongst others, should be calling home
without the user's knowledge? Do you agree that users should have no
easy method to detect and stop these unwanted connections? By the
contents of your posts I would say obviously not! There are many other
legitimate applications that call home for no valid reasons, when you
install these application they don't always tell you that they will be
calling home and they don't always make it easy to find that out or to
disable "call home" features. I am sure you didn't know of the
Sysinternal utilities calling home and I am sure that you are not in
charge of your computer as much as you thing that you are! But then you
don't think that users should have a way of being made aware or of
stopping those outbound connections so who cares about "being in charge"
of their computers?


> M/S firewall *can't* do (but they could) because it's recognised to be
> waste of resources and time. And yes, PFW's are IMO of no value
> whatsoever; I know because I operate without these apps.
> John John, don't get blinded by all the marketing hype :)

Marketing hype? It appears that you are the one blinded by marketing
hype! Microsoft marketing hype! The misinformation published in one of
the Microsoft articles provided by another poster makes it clear that
Microsoft and its shills are on a mission to discredit all firewalls
that monitor outbound connections and to insist that the Microsoft
firewall is somehow or other superior to all others. Quite amusing when
it's coming from an outfit that until a few years ago didn't even know
what a firewall was! As for your comments of "waste of resources" it is
laughable to say the least. It this day and age of fast processors and
large amounts of RAM this is a non issue. Also, the firewall will be
using resources just to do its basic job of keeping intruder out, the
little extra needed to monitor outbound connections is negligible.

Lets get one thing perfectly clear here, I am not claiming, nor have I
ever claimed that outbound connection monitoring was an effective method
of dealing with all sorts of malware. I am simply saying that outbound
monitoring is a useful tool that can alert you to some not so clever
malware trying to call home and that it can alert you that something
like your printer software, or Microsoft components might be trying to
access the internet for no good reason at all. But then it appears that
you think that users shouldn't know that these things are calling home.
Neither you, nor Microsoft, nor anyone else will ever convince me that
outbound connection monitoring is not a useful feature. Period!

John

John John

unread,
Jul 29, 2007, 8:30:38 AM7/29/07
to
Kerry Brown wrote:

> You said that this: "Myth: Host-Based Firewalls Must Filter Outbound
> Traffic to be Safe." was baloney.

I never said that and don't attribute things that I have not said to me!
Reread my post!

I quoted this from the article:

"Speaking of host firewalls, why is there so much noise about outbound
filtering? Think for a moment about how ordinary users would interact
with a piece of software that bugged them every time a program on their
computer wanted to communicate with the Internet..."

And I said that (quoted material) was baloney! A firewall monitoring
outbound connections will ask you if you want to permanently allow or
disallow the connection, you will not be "...bugged them every time a
program on their computer wanted to communicate with the Internet...".
That is false information in the article, and for some reason or other
and for sometime now Microsoft has been trying to discredit *all*
firewalls except its own. What is it that Microsoft is hiding? Why are
they so adamant that users not be aware of outgoing connections on their
computers?

John

Gary S. Terhune

unread,
Jul 29, 2007, 11:46:48 AM7/29/07
to
Which Sysinternals apps call home?

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"John John" <aude...@nbnet.nb.ca> wrote in message

news:OovEbld0...@TK2MSFTNGP04.phx.gbl...

Kerry Brown

unread,
Jul 29, 2007, 11:50:12 AM7/29/07
to
"John John" <aude...@nbnet.nb.ca> wrote in message
news:OZyzRwd0...@TK2MSFTNGP05.phx.gbl...


That may have been what you intended to say but here is the the relevant
snippet from your post:

--------------------------------------
"> and scroll down to:


> Myth: Host-Based Firewalls Must Filter Outbound Traffic to be Safe.

That article itself is baloney. It is true that any malware can


circumvent a firewall's outbound protection but it is also true that a
lot of malware is detected by firewall outbound monitoring. The
outbound monitoring also alerts you when otherwise legitimate software
is trying to call home. Perhaps you like it better when things like
Media player call home without your knowledge, a pesky annoyance that
you should be aware of things like that."

-----------------------------------------

It sure sounds to me like you are calling the whole article baloney.

I don't presume to speak for Microsoft but personally I'm not hiding
anything. Software firewalls are a useful part of a layered security setup.
They can't be relied upon to protect you from malicious outbound traffic.
Anybody who says they can and tries to sell this to you is deceiving you.
They are selling snake oil. Software firewalls became popular because the
current versions of Windows at the time didn't have any firewall. When XP
came out with a firewall the vendors realized that they had to give people a
reason to keep buying their product. This is when they started pushing the
outbound monitoring features. Software firewalls can, and most do, give you
a level of protection against inbound attacks from unsolicited traffic. That
is all they are good for as a defense against malware. Even that can't be
relied on if something does get inside the security perimeter. Once your
security has been breached you can no longer trust anything running on the
computer. Monitoring outbound traffic does have it's uses. One is as you say
to stop legitimate programs from making outbound connections that you don't
want. I don't know why Microsoft didn't include outbound monitoring in the
XP firewall. Personally I don't care as I believe it to be of limited use
anyway. Outbound monitoring is included in the Vista firewall and many other
Microsoft products like ISA server.

This is obviously something I'm passionate about :-) Don't take it as
personal attack. Whenever I see a post espousing the usefulness of software
firewalls I am compelled to point out the fallacy of this approach to
security.

Message has been deleted

dc

unread,
Jul 29, 2007, 12:55:01 AM7/29/07
to
Andy,

What does the -b parameter do?
I couldn't find it, and when I included it, I got the help legend.
After looking at the legend, I did this...
c:\netstat -na > netstat.txt
Did you mean to use another pararmeter
and if so, what is the command
What is this for? c:\more netstat.txt
Just trying to learn...

thanks in advance,
dc


"Andy Walker" <awa...@nspank.invalid> wrote in message
news:46ab6529...@news.webtv.com...

Andy Walker

unread,
Jul 29, 2007, 4:18:51 PM7/29/07
to
dc wrote:

>Andy,
>
>What does the -b parameter do?

Here is the help description from netstat:

-b Displays the executable involved in creating each connection or
listening port. In some cases well-known executables host
multiple independent components, and in these cases the
sequence of components involved in creating the connection
or listening port is displayed. In this case the executable
name is in [] at the bottom, on top is the component it called,
and so forth until TCP/IP was reached. Note that this option
can be time-consuming and will fail unless you have sufficient

You can use an alternative method through the use of the -o switch.

-o Displays the owning process ID associated with each connection.

In order to determine the process name you can run task manger
(ctrl-alt-del), select view/select columns and add Process Identifier.
This will allow you to match the process ID output from the netstat
command with a process name.

>I couldn't find it, and when I included it, I got the help legend.

Older versions of the netstat command did not include the -b switch.

>After looking at the legend, I did this...
>c:\netstat -na > netstat.txt
>Did you mean to use another pararmeter
>and if so, what is the command

See the -o info above.

>What is this for? c:\more netstat.txt

It is the "more" command used to read the file "netstat.txt" created
when you used the ">" pipe command. Using more allows you to see the
entire file one page at a time. You could also use a text reader like
notepad or to stay in the DOS window try "edit netstat.txt".

John John

unread,
Jul 29, 2007, 6:50:27 PM7/29/07
to
Click on the help menu and you will find out.

John

John John

unread,
Jul 29, 2007, 7:18:45 PM7/29/07
to
Straight Talk wrote:

>>Did you know that these Sysinternal utilities
>>do not tell you that they call home and that they provide no inbuilt
>>mechanism to stop this behaviour?
>
>

> Wrong.

If you know how to internally stop the Sysinternal Help utilities from
calling home please post your findings here. I would also like to hear
your advice and solutions as to port monitoring and outbound traffic
in general on Windows operating systems. Should users follow your
advice and ignore all outbound traffic? Should outbound traffic be
allowed to outside networks or should it be limited to the local network?

John

Kayman

unread,
Jul 29, 2007, 7:28:26 PM7/29/07
to
>> "John John" <aude...@nbnet.nb.ca> wrote in message
>
>> It's a pc, apply your own logic (utilise sensible apps.); So take
>> ownership, do some research, do not consult advertisement-driven
>> publications and be responsible - *you* are in charge! If you don't like
>> pc go for available alternatives.
>
> Regardless of what you might think I am no slouch at computers and I don't
> use Adware!
>
Never thought you were incompetent. I just provided useful information for
you kind consideration.
>
> (Did you know that some of the new Sysinternal Microsoft) utilities call
> home without your knowledge?
Really.

>
> Did you know that these Sysinternal utilities do not tell you that they
> call home and that they provide no inbuilt mechanism to stop this
> behaviour?
>
Really.

>
> Do you agree that those applications, amongst others, should be calling
> home without the user's knowledge?
The ones I use don't call. If I'd feel comfortable with an apps. I wouldn't
mind.

>
> Do you agree that users should have no easy method to detect and stop
> these unwanted connections?
Define unwanted; Only install apps. you are comfortable with.

>
> By the contents of your posts I would say obviously not!
Far from it, that's what you're assuming, that's it. Read on the line, not
in between.

>
> There are many other legitimate applications that call home for no valid
> reasons, when you install these application they don't always tell you
> that they will be calling home and they don't always make it easy to find
> that out or to disable "call home" features.
I know, but then again I don't download junk - not even legitimate junk. But
wouldn't mind a 'home call' from an apps. I am comfortable with.
>
> I am sure you didn't know of the Sysinternal utilities calling home...
>
Which Sysinternals apps. call home?
>
> ...and I am sure that you are not in charge of your computer as much as
> you thing that you are!
Assumptions.

>
> But then you don't think that users should have a way of being made aware
> or of stopping those outbound connections so who cares about "being in
> charge" of their computers?
>
Naw, you don't know what I am thinking, never mind about that.

>
>> M/S firewall *can't* do (but they could) because it's recognised to be
>> waste of resources and time. And yes, PFW's are IMO of no value
>> whatsoever; I know because I operate without these apps.
>> John John, don't get blinded by all the marketing hype :)
>
> Marketing hype? It appears that you are the one blinded by marketing
> hype! Microsoft marketing hype!
>
If you are not comfortable with this apps. then uninstall and go for an
alternative.

>
> The misinformation published in one of the Microsoft articles provided by
> another poster makes it > clear that Microsoft and its shills are on a
> mission to discredit all firewalls...
It explains how things are in reality. The write-ups are educational and
non-binding. The authors have considerable credentials. Where are yours?
And where are the representatives with their credentials of PFW's refuting
the published arguments? Are you one of them?
>
> ...that monitor outbound connections and to insist that the Microsoft
> firewall is somehow or other superior to all others.
They don't claim superiority, just reality.

>
> Quite amusing when it's coming from an outfit that until a few years ago
> didn't even know what a firewall was!
>
You do underestimate M/S. (Or is it sarcasm?).

> As for your comments of "waste of resources" it is laughable to say the
> least. It this day and age of fast processors and large amounts of RAM
> this is a non issue.
A waste of resources in terms of manpower, spending time on an useless
(outbound filtering)feature. (Sorry for confusion).

>
> Also, the firewall will be using resources just to do its basic job of
> keeping intruder out, the little extra needed to monitor outbound
> connections is negligible.
> Lets get one thing perfectly clear here, I am not claiming, nor have I
> ever claimed that outbound connection monitoring was an effective method
> of dealing with all sorts of malware. I am simply saying that outbound
> monitoring is a useful tool that can alert you to some not so clever
> malware trying to call home and that it can alert you that something like
> your printer software, or Microsoft components might be trying to access
> the internet for no good reason at all. But then it appears that you
> think that users shouldn't know that these things are calling home.
> Neither you, nor Microsoft, nor anyone else will ever convince me that
> outbound connection monitoring is not a useful feature. Period!
>
Alright then; Good luck :)

Uncle Grumpy

unread,
Jul 29, 2007, 8:21:03 PM7/29/07
to
John John <aude...@nbnet.nb.ca> wrote:

>Should users follow your
>advice and ignore all outbound traffic? Should outbound traffic be
>allowed to outside networks or should it be limited to the local network?

While you're waiting for your answer, you might visit this site and
follow its directions:

http://zapatopi.net/afdb/

Gary S. Terhune

unread,
Jul 29, 2007, 9:51:18 PM7/29/07
to
What "help menu"? Hey, I just asked a question and I really want to know the
answer. Which Sysinternal apps call home? I presume you know of at least
some, or you wouldn't have made that statement.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"John John" <aude...@nbnet.nb.ca> wrote in message

news:e0VXoKj0...@TK2MSFTNGP05.phx.gbl...

John John

unread,
Jul 29, 2007, 10:36:10 PM7/29/07
to
Preocess Explorer and Autoruns are two that do.

dobey

unread,
Jul 30, 2007, 3:30:16 AM7/30/07
to

"Uncle Grumpy" <uncle...@ameritech.net> wrote in message
news:9jbqa39h9nca6fn5k...@4ax.com...

No MS-MVP leaves home without one...


Message has been deleted

John John

unread,
Jul 30, 2007, 8:43:12 AM7/30/07
to
Straight Talk wrote:

> On Sun, 29 Jul 2007 20:18:45 -0300, John John <aude...@nbnet.nb.ca>
> wrote:
>
>
>>If you know how to internally stop the Sysinternal Help utilities from
>>calling home please post your findings here.
>
>
> It's not the app itself "phoning home".

Yes it is. If you use the help utility it calls an Akamai server. I
know why it's doing it and I am not saying that it is necessarily good
or bad. The example was used to demonstrate that there *are* things
making outbound connections without users being aware. If the
applications that we think of as "tame" are doing it you can be sure
that other not so tame applications may also be doing it.


Clearing the
> CodeBaseSearchPath key in the registry (Internet Settings) probably
> does the job. But maybe it's not such a good idea after all.
>
> Anyway, if you had taken the time to packet sniff the "phoning home"
> instead of letting your PFW drive you paranoid, you would probably
> have realized that it's no big deal and that this big scary MS thingy
> isn't really spying on you.

Once again, I know what it is doing and I am not saying that anyone is
spying, that is not the point. The point is that Microsoft and many
others are consistently saying that monitoring outbound connection is a
useless firewall feature for *any* reason. I disagree with that. All
good firewalls have outbound connection monitoring available, the
Microsoft XP firewall doesn't. When users made mention of this, or if
they asked why it wasn't available, the response from Microsoft and its
fans was to embark on a campaign of discrediting all firewalls that do
outbound monitoring and to claim the feature as absolutely useless.
When that tactic failed they then decided that anyone who even suggests
that the firewall should do outbound monitoring should be immediately
clobbered, it may keep some people quiet but it won't keep me quiet.
Microsoft customers spoke and asked a valid question. Instead of
Microsoft saying something as simple as: "We have received requests for
this feature and are investigating the possibility of including it in a
future update", they decided that it was best to kill the messengers
and to proclaim their firewall as superior to all others.


>>I would also like to hear your advice and solutions as to port monitoring
>>and outbound traffic in general on Windows operating systems.
>
>

> App's like CurrPorts and WireShark come to mind.

Brilliant. Give that to novice users. Instead of having the firewall
do what firewalls usually do have the users dig about and find utilities
on their own to do the job! And for your information you don't have to
go out of the Microsoft stable to find port monitoring tools.


>>Should users follow your advice and ignore all outbound traffic?
>
>

> Users should think twice before installing all kinds of stuff. And
> they should not let PFW's drive them paranoid. Problem is, neither the
> PFW nor the user understands what's happening. I've seen users freak
> out about app's "phoning home" to IP address 127.0.0.1

More BS. There are all kinds of computer users and computer users do
all kinds of things. Good firewalls know what is going on and most
seasoned users know what the loopback address is. The simple fact that
the extra ability to detect outbound connections can be a useful
firewall feature is something that guys like you are insisting on
denying. You are on a campaign to discredit this as a useful feature,
but you offer no simple, easy way or alternative for users to even have
basic outbound connection monitoring.

> However, there won't be much inter netting without allowing outbound
> traffic.

No there won't be. But that doesn't mean that everything installed on a
computer should be calling out and it doesn't mean that firewalls that
help identifying those "call home" utilities are bad, useless firewalls!
If that is the case then why would Microsoft include such a useless
feature in its newest flagship operating system? And then insist that
it is useless for XP users?

John

John John

unread,
Jul 30, 2007, 10:45:21 AM7/30/07
to
Kerry Brown wrote:

To tell you the truth, Kerry, when a published article from a supposedly
authoritative source contains even only one such blatant outright lie as
the one in the above mentioned article, it casts doubts on the whole
article, one cannot rely on anything said in the article because it is
extremely prejudiced and tarnished by some of the false information it
contains. Serious publishers, researchers or technical writers would
automatically correct the false information or pull such flawed
articles. You won't see companies like Intel publishing seriously
tarnished articles like the one above.

As for "espousing the usefulness of software firewalls", if they are so
useless why did Microsoft include one in XP SP2? I whole heartedly
agree with you that some firewall vendors are making exaggerated claims
in an attempt to sell their products and that some of the firewalls
offered by some companies are crappy products, Microsoft too at times
makes exaggerated claims to sell its products. But long before Windows
XP and Windows 2000 even came out, many users were using firewalls,
several *very* good, free personal firewalls were available and were
being used to protect computers from outside attacks.

Microsoft invented nothing new with its firewall. Companies like Kerio
and Sygate made good free firewalls long before Microsoft decided that
it could no longer ship its operating systems without basic firewall
protection, some companies still make good free firewalls. That there
are shoddy products out there is a fact, but outbound traffic detection
has *always* been one of the tasks that any good firewall does and there
is no reason to label all firewalls that do this as *useless* products
and there are even fewer reasons to label such a feature as a *useless*
feature. Firewalls do not only deal with malware, they deal with *all*
traffic, inbound and outbound, and with *all* applications. If the
firewall doesn't do outbound monitoring then novice users are left on
their own to try and detect these things, with outbound connection
monitoring even advanced experienced users are sometimes surprised to
find out that certain applications are trying to establish outbound
connections.

Sure, there are all kinds of malware that can circumvent this
monitoring, things like rootkits and what not can easily get around
firewalls. That is beside the point, firewalls are not and were never
meant to be used as virus or rootkit detectors, you need special tools
to detect and deal with those insidious pests. Anti virus software
cannot detect all or some of those pests and that is what they are
supposed to do. Should we tar all AV software as useless because they
can't detect rootkits? Strange that most persons would say no but that
they would then insist that firewalls that monitor outbound traffic are
devilishly bad because they can't detect those same rootkits or pests.

I understand that you are passionate on this subject and I don't take
your posts and comments as personal attacks. I hope that you don't take
mine as personal attacks against you or anyone else. I too am
passionate on the issue and I don't like it when good products are all
tarred at the same time with a wide brush. I am also passionate when I
read posts saying that outbound traffic monitoring is completely useless
or that it is completely unnecessary because users should not be
concerned about outbound traffic on their computers, the logic being
that only sloppy uninformed users have applications that call home, or
that you should not be concerned about legitimate applications that
might be calling home even if they have absolutely no valid reason to do
so. I am somewhat vindicated by the fact that Microsoft thought that
this feature was useful enough to be included it in its Vista firewall.

John

Gary S. Terhune

unread,
Jul 30, 2007, 11:42:04 AM7/30/07
to
Thank you. Strangely enough, when I tried Help on those two apps, the pages
all failed to load. Go figure.

--
Gary S. Terhune
MS-MVP Shell/User
www.grystmill.com

"John John" <aude...@nbnet.nb.ca> wrote in message

news:%23j7WwIl...@TK2MSFTNGP03.phx.gbl...

John John

unread,
Jul 30, 2007, 12:16:55 PM7/30/07
to
The Autoruns 8.52 that I have here wants to connect to 207.46.197.16,
port 80 or 142.176.121.13, port 80 or others in these ranges. Same
kind of thing with the newer versions of Process Explorer.
Message has been deleted

John John

unread,
Jul 30, 2007, 1:02:49 PM7/30/07
to
Straight Talk wrote:
> On Mon, 30 Jul 2007 09:43:12 -0300, John John <aude...@nbnet.nb.ca>

> wrote:
>
>
>>Straight Talk wrote:
>>
>>>On Sun, 29 Jul 2007 20:18:45 -0300, John John <aude...@nbnet.nb.ca>
>>>wrote:
>>>
>>>
>>>
>>>>If you know how to internally stop the Sysinternal Help utilities from
>>>>calling home please post your findings here.
>>>
>>>
>>>It's not the app itself "phoning home".
>>
>>Yes it is.
>
>
> No. It's windows.

You don't know what you are talking about, why don't you monitor one of
the apps and find out what is going on. It isn't Windows doing the
calling it's the application itself. Being that you are so smart and
that I know nothing you should at least do a few tests before you post
about things you pretend to know of.

John

Message has been deleted
Message has been deleted

John John

unread,
Jul 30, 2007, 3:37:59 PM7/30/07
to
Straight Talk wrote:

> On Mon, 30 Jul 2007 14:02:49 -0300, John John <aude...@nbnet.nb.ca>
> wrote:
>
>
>>You don't know what you are talking about, why don't you monitor one of
>>the apps and find out what is going on.
>
>

> That's what I did.

You did no such thing with the newer Sysinternal apps mentioned
elsewhere, if you had you would have seen that the utilities establish
outbound connections if you use the help files. Why and for what
reasons you now chose to post lies is something that only you know.
Being that you now insist on lying my discussion with you is over.

John


Message has been deleted

dc

unread,
Aug 2, 2007, 12:00:32 AM8/2/07
to

"Andy Walker" <awa...@nspank.invalid> wrote in message
news:46acf1f3....@news.webtv.com...


Thank you Andy,
Appreciate your taking the time

dc


0 new messages