Sygate

[Johnny]

You know when you've got sygate and it says 'stop all active responses',
does that mean that it gets your computer to stop responding to the threat
in a way that renders it vulnerable? Will that mean it's safe to go online?
If not, surely the only alternative is to use the 'Block all' option, in
which case, can one not go online at all until the threat is no longer being
indicated?
Thanks,
Johnny

 

[Conor]

You know when you've got sygate and it says 'stop all active responses',
does that mean that it gets your computer to stop responding to the threat
in a way that renders it vulnerable?

Where did you find that option?

Will that mean it's safe to go online?

Oh dear...you're one of "those". DO NOT go on the Internet.

 

[Johnny]

Where did you find that option?

Right-click in the Log viewer. (Gaw, you're not one of "those"?)

Oh dear...you're one of "those".

What, new to Sygate? Yep.

DO NOT go on the Internet.

Well it would help if the application explained these things for those of us
who don't know the exact mechanism by which threats access a PC and are
blocked. What about Outlook Express? Is it safe to use that?
Basically, I'm at a loss as to the best thing to do when a threat is
detected (turn off PC? How does one make it go away?).

One would assume that any firewall worth its salts would simply stop
anything threatening from accessing the PC.

Johnny

 

[Beauregard T. Shagnasty]

Well it would help if the application explained these things for
those of us who don't know the exact mechanism by which threats
access a PC and are blocked.

My thoughts are that "all things computer" require some basic level of
knowledge, for which a large portion is common sense. Simply knowing
that threats exist is Step One.

What about Outlook Express? Is it safe to use that?

For some value of "safe", yes. Do not read HTML email, set it to Plain
Text only. Set it to "Restricted Zone." Do not open attachments (even
those you were expecting) without first saving and scanning. Do not
use the Preview Pane. Make sure you have the latest version (3yrs old)
and the latest patches.

It should be easy for you to upgrade to a modern email client, with
little learning curve. After all, email clients all do the same thing,
and all operate nearly identically. They all have a pane of "folders",
a list of messages, and a pane or window to view the messages. They
all have a "Tools > Options..." to make settings.

Try Thunderbird. Upon first install, it will offer to import all of
your OE settings, folders, and mail.
http://www.mozilla.org/products/thunderbird/

Basically, I'm at a loss as to the best thing to do when a threat
is detected (turn off PC? How does one make it go away?).

Turning off PC is probably too late. What kind of threat do you mean?
An inbound firewall alert? Those are normal. Turn off alerting and
forget about them - the firewall is doing its job.

One would assume that any firewall worth its salts would simply
stop anything threatening from accessing the PC.

That is probably correct, though we won't know if a bad guy finds a
way around it somewhere in the future.

 

[Johnny]

Turning off PC is probably too late. What kind of threat do you mean?
An inbound firewall alert? Those are normal. Turn off alerting and
forget about them - the firewall is doing its job.

I don't know how to turn of alerting other than by Blocking All; the kind of
threat I am talking about is an Outbound one that says, for example, 'threat
level: Major' in the Log Viewer, while the diamond-shaped light is flashing
on the icon. By 'forget about them', I don't know what you mean, as if you
can't go online it's impossible to forget about them!
I must say that I can't see how an Inbound threat is, as you put it,
'normal' and something to forget about, while an Outbound threat is, as my
firewall puts it, 'major'. Surely an Outbound one is one from my own PC??
This is confusing, to say the least! From what I can see, my last 'ajor
threat' was just my own AVG trying to update itself!
It's rather worrying if, as you put it, it's probably too late when you
turn off the PC - I have had a number of alerts that have gone on for a few
minutes before I have taken any action. I have not been surfing the 'net at
the time, but being on broadband I thought that I am always connected to the
'net, so am always vulnerable....

Thanks for your help,

Johnny

 

[Beauregard T. Shagnasty]

I don't know how to turn of alerting other than by Blocking All;

As I don't use Sygate, I can't tell you the exact place to turn off
alerting and logging for Inbound threats.

the kind of threat I am talking about is an Outbound one that says,
for example, 'threat level: Major' in the Log Viewer, while the
diamond-shaped light is flashing on the icon. By 'forget about
them', I don't know what you mean, as if you can't go online it's
impossible to forget about them!

I'm trying to get you to realize that there will be hundreds of
'pings' from infected computers looking for new victims. As long as
your firewall is blocking them, you are safe. You do not need to
worry. I'm on cable, and - if alerting was on - would see about ~600
pings per hour. I do not wish to have to manually clear an alert every
few seconds, or clean up a huge log file every day.

I must say that I can't see how an Inbound threat is, as you put
it, 'normal' and something to forget about,

In this day, continuous Inbound pings are .. normal.

while an Outbound threat is, as my firewall puts it, 'major'.

Well, if your PC is attempting to call OUT and you weren't expecting
it, that is major, eh?

Surely an Outbound one is one from my own PC?? This is confusing,
to say the least! From what I can see, my last 'ajor threat' was
just my own AVG trying to update itself!

Then you either click "Permit" and allow it, or set the firewall to
always allow that particular application so you don't have to see an
alert. You "set a rule". Do this only for trusted applications.

A point: there are many malicious apps that will attempt to fire up
Internet Explorer to connect with a web page or server. I have my
firewall set to Ask Every Time for IE.

It's rather worrying if, as you put it, it's probably too late when
you turn off the PC - I have had a number of alerts that have gone
on for a few minutes before I have taken any action.

By "gone on for a few minutes" do you mean the Alert remained on the
screen until you clicked a button? You're not seeing a "continuous"
alert, just a single alert at a point in time that you must react to
after it occurs, even if you don't get to it for minutes, or hours.

I have not been surfing the 'net at the time, but being on
broadband I thought that I am always connected to the 'net, so am
always vulnerable....

That is true. My cable connection is on all the time, 24/7. So is the
firewall (and the router).

 

[Johnny]

Thankyou, once more. But I have to say I remain confused, what with Conor
saying "Oh dear...you're one of "those". DO NOT go on the Internet." and you
saying "Those are normal. Turn off alerting and
forget about them - the firewall is doing its job." I can't see any
indication in anything in the firewall as to whether or not these alerts are
being automatically blocked.

Johnny

 

[Beauregard T. Shagnasty]

Thankyou, once more. But I have to say I remain confused, what with
Conor saying "Oh dear...you're one of "those". DO NOT go on the
Internet."

I believe the implication was that you are a newbie and should be kept
off the internet until you learn. I could be wrong.

At least you are here attempting to learn. That's a good sign.

and you saying "Those are normal. Turn off alerting and forget
about them - the firewall is doing its job." I can't see any
indication in anything in the firewall as to whether or not these
alerts are being automatically blocked.

When you turn off alerting, you will not see them.

The firewall, however, is still blocking the intrusions, which is its
job. I'm saying that there is no reason to show the alerts, other than
idle curiosity, for 600 different pings every hour. There are millions
of our (clueless) brethren on the net whose compromised computers are
looking for more victims. If it was only one or two a day, then maybe
we could take action and notify them.

Really, as long as your firewall is on, you do not have to worry.

Please consider not top-posting, and trimming the quoted material.
Thanks for your consideration.
http://oakroadsystems.com/genl/unice.htm#upside

 

[Casey]

Hi Johnny. Sygate is one of the very best firewalls. You made
a good choice in selecting it. I have used it for about three
years. The links listed below will help you to become acquainted
with Sygate. Sygate's job is to control connections and attempted
connections (incoming and outgoing) to/from your computer to
internet. Also, it REPORTS and LOGS its findings. With your
computer online, it is subjected to all kinds of attacks. The
popup Sygate window (lower right on screen) is just a report
of what Sygate has detected or blocked. Don't be alarmed!
(assuming a properly setup firewall)

This reporting window can be disabled at Tools/Options/General.
Uncheck "Hide Notification Messages" Do you really want to do
that. I would be alarmed if I were not getting these "notices".

Sygate has four logs (security, system, traffic, and packet).
The are enabled at Tools/Options/Log. If I want to find out
what is happening when I am on line, I look at the traffic log.
It lists every connection or attempted connection to internet.
The logs are a good trouble shooting aid. If you disable
the logs, you will be missing a lot of valuable information.
Good luck, Casey

Unofficial Help:
http://bellsouthpwp.net/i/k/ikpe/SygateBasics.html

Sygate Forums:
http://forums.sygate.com/vb/

Users Guide and Quick Start Guide:
http://smb.sygate.com/support/documents/pspf/default.htm

Compare SPF Pro and SPF Free (See what's inside each one)
http://smb.sygate.com/products/spf/comparison_spf.htm

d/l
http://soho.sygate.com/free/default.php

 

[Johnny]

Thankyou very much for you help.
J