Rich said:
Hi all,
This is my second week "wrestling" with XP and various
security issues. I thought I was finally all set, but
unfortunately I mistakenly installed some networking
components and even though I thought I uninstalled them,
ZoneAlarm is telling me that some site at Microsoft keeps
trying to break into my system and a Generic Host
Processor process is trying to contact a Microsoft site.
It is simply going wild. Can someone tell me what is
going on and how I might stop it? I have already had to
reinstall XP twice and it has cost me almost $400 to have
someone assist me. This is a very, very expensive
operating sytem.
Thanks for your help.
Rich
Can you describe your setup please. eg are you on broadband or dialup
connection?
What are the messages you're getting regarding incoming microsoft sites?
Check the source IP address, if it's 127.0.0.1 (maybe 0.0.0.0) then it's
your own PC attempting to talk to itself so dont worry. I may be wrong but
AFAIK microsoft sites dont attempt to access your pc, it should be the other
way round.
Regarding outgoing traffic from Windows itself, there's usually quite a bit
of it. Windows will be looking for critical updates, time servers etc - if
you do an online search you'll probably find a reference website somewhere.
Generic Host Process, svchost.exe - go look at ZAs forum eg
http://forums.zonelabs.com/zonelabs/board/message?board.id=AllAboutPorts&message.id=682#subjects
After you've installed windows, your first job should be to install good
antivirus software then go to the Windows update site and install every
critical update and service pack available. Keep your PC upto date to avoid
all the explotive trojans flying around at the moment.
Then install your firewall before any other software.
When you first setup your firewall, it's going to scare you half to death
for a while but as you work out which applications to trust and add them to
ZA you'll find those messages start to slow down. Turn off ZA notifications
for incoming hacking attempts which ZA has already blocked, while online
you'll constantly be being "sniffed" to see what backdoor trojans or
vulnerabilities you've got running on your PC.
Outgoing traffic.
For my own system I usually allow all microsoft outgoing traffic. I
disable/uninstall Universal Plug and Play because that causes your machine
to broadcast itself and can be a backdoor to mischief (its a misnomer and
not the same as Plug and Play hardware). The only outgoing connection
attempts I would allow (besides windows ones) are for pieces of software I
recognize so they can attempt to connect to their parent sites for things
like virus data or software updates.
Incoming traffic -
ZA will either tell you that an attempt has been blocked or will ask you if
an application can have permission to act as a Server. Ignore the block
notifications and turn the option off. Server requests are important, only
allow access for applications you recognize and you're expecting eg online
gaming,
