UnPlug n' Pray
... worked for me.
Prior to running the UnPlug n' Pray utility the single vulnerability of my syatem (which uses cable modem and Sygate's firewall) detected by Symantec's security scan was the open unstealthed uPnP port. The Symantec scan now gives me a clean bill of health.
From Langa today:
>> uPnP
It sounds like the punch line to a bad joke--- like "what happens after you consume a six-pack of beer?"--- but "uPnP" actually stands for "Universal Plug And Play." It's an outgrowth of the basic PnP (Plug and Play) hardware standard from the mid-1990's, extended to networked devices. It's not an inherently bad thing, but there's very little that actually uses uPnP yet. And it can cause trouble:
Fred I have a small business and depend on my computer, I also need a secure computer, I have norton anti virus and norton utilities running alongside zone alarm's latest edition, with xp, but I went to symantec's home page and found a link that tested my computer for hacker security and it told me I have an open port which is a plug and play port. unfortunately I don't know what to do about it and my connection to the internet is broadband. I am now worried *a lot.* can you help? I am a plus subscriber and read your lists a lot and I trust your advice more than any one I know. Please get back to me soon ---Graham.
The unguarded port that the Symantec site uncovered is the one meant for use by uPnP-using devices to communicate between and among themselves. (See upnp.org ) But it serves no purpose if you have no uPnP devices (and most of us don't.)
Plus, Microsoft's uPnP implementation originally had some security holes (surprise, surprise!), which left many machines potentially vulnerable. The holes have been long patched - see ...
microsoft.com
from 2001, for example) but the port is still there, mostly unused, and a potential target for crackers.
uPnP may become more important in the future, so it's not something you want to rip out of your OS. Rather, it makes more sense to disable the uPnP services until and unless you need them. This lets your firewall close--- and preferably stealth--- the port, so crackers can't break in, and in fact can't even see that there's a PC online if they look for that port.
The easiest way to control uPnP is with Steve Gibson's tiny, free "UnPlug n' Pray" utility, which I've installed on all my PCs. When you run it, it tells you if uPnP is active; and if it is, offers to disable it nondestructively. Or, if uPnP is disabled, the utility lets you turn it back on with a click. This way, you can turn off uPnP now, if you don't need it, and yet reactive it easily on demand at any point in the future.
Grab a copy by going to ...
grc.com or grc.com
... and check out all the stuff there. As we mentioned last week, it's a gold mine!
BTW: The Symantec port-scan is good; it's actually one of several excellent, free, online scanning services than can harmlessly probe your defenses and alert you to any weaknesses. (See "Good And Bad Online Security Check-Ups"
informationweek.com <<
- Eric - |
