Is NETBUI being used and is it a problem

  • Thread starter Thread starter BVanDusen
  • Start date Start date
B

BVanDusen

I'm being told not to use Microsoft Antispyware because it uses NETBUI and
that opens us up to bad things. Does anyone have any comments on this?

thanks
bvd
 
Someone is utterly confused.

This is completely wrong.

I could go into more detail, but the technicalties are both confusing, and easy to get wrong, and I don't want to mislead anyone.

See if you can get a clearer picture of the risk that the originator of this comment feels that using the product opens you to. Netbeui is the wrong name to attach to that risk, but perhaps there's some underlying specific that we can more accurately address.


--
FAQ for Microsoft Antispyware:
http://www.geocities.com/marfer_mvp/FAQ_MSantispy.htm


I'm being told not to use Microsoft Antispyware because it uses NETBUI and that opens us up to bad things. Does anyone have any comments on this?

thanks
bvd
 
Bill,

We had a virus problem on one of the PCs on our network. It seems it was
sending out mass quantities of "packets" and using up all of our network
resources. Our ISP said it was using windows networking to do that and
that Microsoft Antispyware sets up networking when installed on a PC,
therefore opening the door to the bad guys. ???

thanks
bvd
 
Bill,

I hope I don't sound like I'm trolling. I feel like I'm being BS'd by
our network administrator and don't have the knowledge about how the
antispyware interacts with the other things happening on a PC in order to
know for sure.

thanks
bvd
 
Sorry - I've been out of town for a bit, and wanted to take some care with this answer.

Microsoft Antispyware doesn't modify the network settings on a machine it is installed on. It does inquire about those settings in order to understand proxys or firewalls, but it doesn't change them.

Cleaning spyware may also disable software firewalls (on individual machines) and we've seen some instances of machines which, after cleaning of spyware, evidence symptoms of worm infections which might include the kind of traffic you mention.

So some incident of this sort could be at the root of your report--but it's hard to tell at this distance.

A network behind a firewall, and with controls in place to ensure that there are no ongoing worm infections in place shouldn't have allowed for such an infection--but this protection isn't easy to manage--all that is needed is for an infected laptop to be plugged in.

So--Netbui should not be involved here unless it is already used on your machines. Netbios--which is different, might be involved, again, if you are using it (and most people are.)--but these acronyms are incidental to the real issue which is what caused the machine to start spouting traffic.

In the end, the root cause is spyware in place which had this result.

I'm not real satisfied with this response--it might be accurate to lay the blame on Microsoft Antispyware, if, in fact, it was cleaning of spyware which caused the machine to be left in a state which had the results you mention.

The root causes, though, are the spyware in place, and the worm or virus which also needed to exist to cause the machine to malfunction.

And there's considerable speculation on my part in this answer--since the details are sketchy about both the networking enviroment involved, and the actual incident.
--


Bill,

I hope I don't sound like I'm trolling. I feel like I'm being BS'd by our network administrator and don't have the knowledge about how the antispyware interacts with the other things happening on a PC in order to know for sure.

thanks
bvd
 
Bill,

Our network is a creaking Novell NetWare 4.11. We are connected to the
outside world via T1 to an ISP. We do have a firewall in place, but thats
all I know about that. After the initial blitz was stopped we kept
getting Download.Trojan on various machines. Our ISP recommended we scan
each machine in safe mode for virus's so thats what was done over the
weekend.

From what you've said I don't see any reason not to use Microsoft
AntiSpyware and will continue to do so.

thanks
bvd
 
Terrific--I'd recommend that as well.

The recommendation to scan in safe mode is a good one--I'd scan with
Microsoft Antispyware in that mode as well.

Many messages here about repeated infections or infection attempts appear to
reflect an unknown and uncleaned spyware or virus left in place, rather than
new intrusions from the outside world.

If you have specific machines which get repeated problems, sometimes a
different tool will be useful to try to get a second opinion.

Trend Micro's online scanner: http://housecall.trendmicro.com detects and
cleans both viruses and spyware, and can be a good check to see whether your
current tools are doing the job.
 
Bill,

Thanks for your help. I really appreciate your taking the time to answer
my posts.

bvd
 
Back
Top