locked
Stealthing Ports in Onecare Beta 2 - It isnt happening RRS feed

  • Question

  • I recently reinstalled One Care on my PC in the hope that it will satisfy my need for a simple yet efficient firewall, antivirus
    solution for my parents who are not particularly computer savy.

     

    I was hoping that the performance of Beta 2.0 would be a serious improvement over 1.5 which was the last one
    I tested.  I must admit I do like a lot about this suite.  Its fast, resource savvy, and it looks bloody good and has
    nice features (The circle idea is great - somebody at MS was thinking).

     

    However I have a real issue with the TCP/UDP ports not been stealthed.  Windows Vista built in firewall is stealthed, why the hell isnt Onecare.  How do I know this?  I sent the PC off to Gibsons Research (https://www.grc.com/x/ne.dll?bh0bkyd2) and tested the common ports.  And yep at least half popped up as closed rather than stealthed.

     

    So what did I do wrong, or is this the way it is with OneCare at the moment.  If its the first how do I fix it?  If its the latter OneCare will be placed back on the shelf until they (MS) start paying attention to what everybody has been patiently telling them.

     

    Does somebody know how to fix this, and has anybody found a review on the new antivirus engine, if it has one ie.. is it improved, got a better hit rate etc etc..., has it managed to get into the top ten yet ?, and yes I have found that its been recertified, which is a good sign.

     

    Thanks in advance and no I dont hate MS, I just want the majority of opinion to be positive about a product that is meant to keep your computer safe and secure, and not scorned by a lot of security professionals as not been up to par.

     

     

    Friday, October 26, 2007 5:57 AM

Answers

  • I just ran the ports test while directly connected to the Internet (no router in between me and the Internet) and it reports stealthed for all ports except 2, which I already know are open - both secure ports which I have open explicitly.

     

    I suspect you may have tested your router. You need to connect the PC directly to the cable/DSL modem and then set the firewall to restricted - you'll be 100% stealthed unless you explicitly allowed some ports to be open.

     

    I can't tell you if recent tests have put OneCare in the top 10, but since pretty much all testing tends to be rather subjective, the true test is daily use. OneCare isn't perfect, but it does a very fine job at protecting you from malicious activity.

     

    -steve

     

    Friday, October 26, 2007 1:55 PM
    Moderator

All replies

  • I just ran the ports test while directly connected to the Internet (no router in between me and the Internet) and it reports stealthed for all ports except 2, which I already know are open - both secure ports which I have open explicitly.

     

    I suspect you may have tested your router. You need to connect the PC directly to the cable/DSL modem and then set the firewall to restricted - you'll be 100% stealthed unless you explicitly allowed some ports to be open.

     

    I can't tell you if recent tests have put OneCare in the top 10, but since pretty much all testing tends to be rather subjective, the true test is daily use. OneCare isn't perfect, but it does a very fine job at protecting you from malicious activity.

     

    -steve

     

    Friday, October 26, 2007 1:55 PM
    Moderator
  • I'm sorry, but the final OneCare vs. 2 allows at least 8 ports to be open according to Gibson Research.  I've been told by your representative over the phone that OC was designed this way. I was also told that if a hacker tried to enter my computer through an open port, I would be notified and could refuse entry.  This isn't good enough. All of the ports should be stealthed.

     

     You are corect that In earlier versions of OC, all of the ports were stealthed.

     

    Friday, December 7, 2007 6:16 PM
  • What ports are you seeing open?

    -steve

     

    Friday, December 7, 2007 7:16 PM
    Moderator
  • Always Open Ports:

    7        Echo

    9        Discard

    13      Daytime (RFC 867)

    17      Quote of the Day (qtod)

    19      Character generator (chargen)

    25      Simple Mail Transfer Protocol (smtp)

    80      http

    443    https

     

    1029  Host (Sometimes stealth)

     

    If you wish to give me your email address, I could forward the e-mail response from the OC rep that I talked to on the phone.  The response has the case no. and summarizes our conversation.

     

    Friday, December 7, 2007 8:57 PM
  • Thanks. Please feel free to send it to me at sboots@mvps.org

    Make sure to put "OneCare" in the subject line and a link to this thread in the message body.

    I would like to follow up on the support side of this, too.

    One other question for you, when you ran the test for open ports, was your PC behind a router or directly connected to the Internet via a cable, DSL, or dial-up modem? If it was not directly connected, the Gibson test was testing your router and not the PC. I can assure you that the above ports are not open in the OneCare firewall for inbound requests unless a program on the PC was allowed to open them and listen on them.

    -steve

     

     

    Saturday, December 8, 2007 2:10 AM
    Moderator
  • Did you get the  email I sent to you on Sat, 12/8?  Any reaction?

     

    Tuesday, December 11, 2007 2:03 PM
  • I did - it is in my Inbox flagged for follow-up. Sorry for not replying sooner...

    -steve

    Tuesday, December 11, 2007 5:04 PM
    Moderator