Results 1 to 11 of 11
  1. #1
    2 Star Lounger
    Join Date
    Sep 2004
    Location
    Whitehaven, Cumbria, United Kingdom
    Posts
    135
    Thanks
    0
    Thanked 0 Times in 0 Posts

    NIS Security alert

    Grateful for some advice pse: Since installing latest version of Ad-Aware SE personal (1.05), on three of the four times I've run the programme I have received a NIS High Risk Security Alert. Specifically - 'Attempt to connect to local computer using Back Orifice Trojan horse detected' - I only (or so far have only) ever see this alert when running Ad-Aware. I click on the NIS 'ok' button and everything seems to be A-OK. I'd appreciate any comments re whether this is a genuine High Risk alert or whether something in Ad-Aware prog is triggering a spurious one. If it's genuine, why only when I'm running Ad-Aware?
    Thanks in advance.
    Keith

  2. #2
    Platinum Lounger
    Join Date
    Jan 2001
    Posts
    3,788
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: NIS Security alert

    I just ran a full scan using the same version of Ad-Aware and NIS 2005 and I did not receive a security alert. The log file for NIS did show that it blocked Ad-Aware from scanning any files belonging to NIS and its components. This is what I would expect as NIS includes protection against other programs trying to scan/delete/modify these files.

  3. #3
    Gold Lounger Rebel's Avatar
    Join Date
    Jul 2001
    Location
    Canada
    Posts
    3,024
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: NIS Security alert

    I think it's probably just a coincidence that this alert pops up when using AdAware. NIS is simply informing you that there was an attempt to connect to your computer. Your firewall is blocking these attempts but is informing you as well (as evidenced by the message and the continued normal operation when you click 'OK'). I'm not familiar with the exact steps in NIS but there is probably a setting that allows you to change this behaviour. You can block pages silently (no alerts) or you can blockl them and have an alert pop up.

    Just found this while searching - "Personal Firewall > Configure > Custom Level > uncheck Alert when unused ports accessed".
    John
    A Child's Mind, Once Stretched by Imagination...
    Never Regains Its Original Dimensions

  4. #4
    2 Star Lounger
    Join Date
    Sep 2004
    Location
    Whitehaven, Cumbria, United Kingdom
    Posts
    135
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: NIS Security alert

    John/Tony: Many thanks responses. Was a bit concerned that I'd somehow 'hooked in' with a virus when I downloaded the Ad-Aware update. I rest somewhat easier now. Again thanks.
    Keith

  5. #5
    Administrator
    Join Date
    Mar 2001
    Location
    St Louis, Missouri, USA
    Posts
    23,594
    Thanks
    5
    Thanked 1,059 Times in 928 Posts

    Re: NIS Security alert

    As long as you initiated the d/l from the Lavasoft site even though they take you to a mirror. If you got it from somewhere else on the internet I'd be concerned.

    Joe
    Joe

  6. #6
    2 Star Lounger
    Join Date
    Sep 2004
    Location
    Whitehaven, Cumbria, United Kingdom
    Posts
    135
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: NIS Security alert

    Got the d/l from lavasoft.nu so should be okay. Thanks for input Joe.
    Keith

  7. #7
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: NIS Security alert

    Although AdAware is great, it works better in concert with other anti-spyware programs. AdAware along with SpyBot S&D is quite effective. To ensure you have the latest scanner versions, download and install SpyBot Search and Destroy V1.3 from here. Before scanning, use the program
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  8. #8
    2 Star Lounger
    Join Date
    Sep 2004
    Location
    Whitehaven, Cumbria, United Kingdom
    Posts
    135
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: NIS Security alert

    Gents; Thanks all for all the inputs. I've now d/l Spybot S & D 1.3 to use in conjunction with Ad-Aware. However, having run Spybot it has found 5 Data Source Object Exploit items (which Ad-Aware has never found) - unfortunately, I'm not that sure what to do about them as the 5 seem to be microsoft's?? I've attached a print of what Spybot says. The product descriptions (not shown) says that they're Microsoft, the product is IE and they are all 'security hole threats. The description log says 'there's a security hole in IE allowing websites to execute code without asking you first. you can find more info at 'security.greymagic.com' - I've checked that out and bottom line seems to be that it will require a Microsoft patch to rectify situation?? I get the impression from the website that this is a well aired/known about problem?
    Thing is - what should I do about these 5 DSO items? Should I 'kill' them or leave them alone? As they appear to be Registry changes (something about which I know little, if not nothing!) I don't want to do anything that might screw up my system. Help appreciated please. Perhaps I should add that I have IE version 6.
    Keith

  9. #9
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: NIS Security alert

    They are typical and will likely show up again - some report it as a bug in SpyBot. From the SpyBot forum here: http://forums.net-integration.net/index.ph...4389&hl=exploit

    The DSO Exploit was a problem in the way Windows handled the "My Computer Zone". Microsoft released a patch for this long ago. So if you have an updated Windows, you shouldn't be affected by this exploit. The reason Spybot flags it is simple. Before Microsoft came out with this patch, a security firm came out with a workaround "tweak" of the registry to restrict this Zone. Spybot looks for the implementation of that "tweak". If the tweak is not found, it flags the DSO Exploit object. Normally this shouldn't be a problem, you'd just let Spybot fix it and it implements the workaround, end of topic. The problem with 1.3 is that the workaround is not done properly during fix. Hence why Spybot flags it again. This has been fixed in the code and was tested for a while with version 1.3.1 beta.

    Solution for now: Just ignore it. It isn't a problem if your windows is patched. When the next version of Spybot - S&D comes out, it will fix this problem.

    More info on this:
    http://forums.net-integration.net/in...howtopic=23930
    http://forums.net-integration.net/in...howtopic=17159
    http://forums.net-integration.net/in...howtopic=23663
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

  10. #10
    2 Star Lounger
    Join Date
    Sep 2004
    Location
    Whitehaven, Cumbria, United Kingdom
    Posts
    135
    Thanks
    0
    Thanked 0 Times in 0 Posts

    Re: NIS Security alert

    Bill. Thank you for the clear explanation and the links - I've checked them all out and now fully understand what it's all about. I've included 'net-integration' into my favorites!
    Cheers! Keith

  11. #11
    4 Star Lounger
    Join Date
    Oct 2001
    Location
    Bellevue, Nebraska, USA
    Posts
    569
    Thanks
    0
    Thanked 1 Time in 1 Post

    Re: NIS Security alert

    No problem - came straight from the admin at the official SpyBot forum so I trust it is correct - and that the fix will be out soon.
    Bill (AFE7Ret)
    Freedom is NOT Free!
    Heat is the bane of all electronics!

    ─────────────────────

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •