iBurst insecure installation by default

[donn_edwards]

I am amazed that when installing iBurst on a Windows XP machine that both "File and Printer Sharing" and "Client for Microsoft Networks" protocols are enabled by default, even though it violates iBurst's own Acceptable Use Policy.

What are they thinking? I have posted screen shots on my blog.

Also, can anyone tell me how to minimize or hide that AWFUL orange circle in the middle of my desktop?

 

[isie]

Also, can anyone tell me how to minimize or hide that AWFUL orange circle in the middle of my desktop?

just dont install the dasboard, you can use dial up networkin to dial up to iburst

 

[Mental-Tree]

From your blog, "You really do not need anyone on the internet to see your shared files or your Windows login information. Just remove the checkboxes for "File and Printer Sharing" and "Client for Microsoft Networks" and reboot to make sure." If you could share your files, making them visible over the internet by simply enabling "file and printer sharing" what the hell do we need p2p programs for, and why do people use ftp servers? Why not just share something via its properties in windows?

I've honestly never heard that if you have file and printer sharing enable, someone will be able to access shared files or resources that are on you're pc via the internet :/

 

[deweyzeph]

I am amazed that when installing iBurst on a Windows XP machine that both "File and Printer Sharing" and "Client for Microsoft Networks" protocols are enabled by default, even though it violates iBurst's own Acceptable Use Policy.

What are they thinking? I have posted screen shots on my blog.

Also, can anyone tell me how to minimize or hide that AWFUL orange circle in the middle of my desktop?

ISP's provide an internet connection. What protocols and services you run over that connection and how you firewall it is up to you, the consumer. It's called free choice.

 

[ginggs]

If you could share your files, making them visible over the internet by simply enabling "file and printer sharing" what the hell do we need p2p programs for, and why do people use ftp servers? Why not just share something via its properties in windows?

You can share files over the internet, however SMB is not a reliable protocol for this, which is why we have FTP, Bit Torrent and other protocols.

Enabling 'File and Printer Sharing' opens a whole range ports in addition to those used by SMB and having these ports open is where the danger lies, as these ports may have vulnerabilities which can be exploited by malicious software.

 

[isie]

A little knowledge is a dangerous thing

 

[deweyzeph]

I am amazed that when installing iBurst on a Windows XP machine that both "File and Printer Sharing" and "Client for Microsoft Networks" protocols are enabled by default, even though it violates iBurst's own Acceptable Use Policy.

What are they thinking? I have posted screen shots on my blog.

Also, can anyone tell me how to minimize or hide that AWFUL orange circle in the middle of my desktop?

By the way, your blog is exactly the reason why people who don't know anything about technology shouldn't be allowed to write about technology.

 

[ginggs]

ISP's provide an internet connection. What protocols and services you run over that connection and how you firewall it is up to you, the consumer. It's called free choice.

I disagree with this, iBurst's installer should not enable "File and Print Sharing" on the iBurst connection. They should also adjust your MTU settings automatically.

 

[donn_edwards]

I've honestly never heard that if you have file and printer sharing enable, someone will be able to access shared files or resources that are on you're pc via the internet :/

See Steve Gibson's comments on why he developed Shields Up! at grc.com.
See http://www.grc.com/su-explain.htm and http://www.grc.com/su-danger.htm

By the way, your blog is exactly the reason why people who don't know anything about technology shouldn't be allowed to write about technology.

:wtf:
I take it you know everything about everything. I look forward to reading your blog to learn what I have obviously missed. BTW, I don't only write about technology.

 

[donn_edwards]

just dont install the dasboard, you can use dial up networkin to dial up to iburst

Thanks, I'll check it out.

 

[Whiptaka]

I am amazed that when installing iBurst on a Windows XP machine that both "File and Printer Sharing" and "Client for Microsoft Networks" protocols are enabled by default, even though it violates iBurst's own Acceptable Use Policy.

You're obviously paranoid. When in doubt, use a firewall.

Also, can anyone tell me how to minimize or hide that AWFUL orange circle in the middle of my desktop?

Uninstall the dashboard.

 

[Mental-Tree]

You can share files over the internet, however SMB is not a reliable protocol for this, which is why we have FTP, Bit Torrent and other protocols.

Enabling 'File and Printer Sharing' opens a whole range ports in addition to those used by SMB and having these ports open is where the danger lies, as these ports may have vulnerabilities which can be exploited by malicious software.

Oh ok thanks for clearing that up. This shouldn't be a problem though, if you are using the internet you should have a firewall, if you don't and someone accesses your pc through these ports its your own fault. Ne?

 

[donn_edwards]

The point I was trying to make is that relying on the firewall is like asking people to drive and not talk on their cell phones.

In order for file and print sharing to work on the LAN, you enable it on the firewall and by default the setting is "Subnet only". That's fine when your ISP connection doesn't have file and print sharing enabled, but if it has (as in the case of iBurst), then TWO subnets are able to do file and print sharing: the LAN and the ISP. So unless you specify the subnet with a subnet mask, you are vulnerable.

Now the only thing protecting you is the password on your file share, even though the firewall is running. If you have a weak password or none at all, then your machine can be infected by worms like Conficker, which actively scan subnets for file shares. So even if no HUMAN links through their ISP subnet for shared files, there are plenty of BOTS that can and do. It is totally irresponsible of iBurst to enable this process by enabling a protocol on the ISP connection that few people if any are ever going to use. This is the kind of behavior which got Microsoft into trouble when DCOM and Messaging and all kinds of other services where enabled by default.

When I connect my laptop to a network I have file sharing turned off, but many laptop users don't. And it is laptop users who mostly use the USB modem that I installed. So by default any laptop user with a USB modem and file sharing enabled for a subnet only, is vulnerable. What's worse is that think they are safe. Hence the incredulity from earlier posters on this thread, including experts.

 

[Mental-Tree]

^should have mentioned that you should also have an decent anti virus installed which would stop attacks form viruses such as the Conflicker worm. Even the free version avg antivirus will protect your pc from most attacks.

I just check my connection and file and printer sharing is off(im also using a usb modem) and I never turned it off my self. Of course this is on the connection that you actually dial. The connection to the modem has file and printer sharing on, so I think that changes things, however I mite be wrong.

 

[donn_edwards]

Did you try checking your iBurst connection using Shields Up?

 

[Mental-Tree]

Yip.

Results quoted from Sheilds Up

Attempting connection to your computer. . .
Shields UP! is now attempting to contact the Hidden Internet Server within your PC. It is likely that no one has told you that your own personal computer may now be functioning as an Internet Server with neither your knowledge nor your permission. And that it may be serving up all or many of your personal files for reading, writing, modification and even deletion by anyone, anywhere, on the Internet!
Your Internet port 139 does not appear to exist!

One or more ports on this system are operating in FULL STEALTH MODE! Standard Internet behavior requires port connection attempts to be answered with a success or refusal response. Therefore, only an attempt to connect to a nonexistent computer results in no response of either kind. But YOUR computer has DELIBERATELY CHOSEN NOT TO RESPOND (that's very cool!) which represents advanced computer and port stealthing capabilities. A machine configured in this fashion is well hardened to Internet NetBIOS attack and intrusion.
Unable to connect with NetBIOS to your computer.

All attempts to get any information from your computer have FAILED. (This is very uncommon for a Windows networking-based PC.) Relative to vulnerabilities from Windows networking, this computer appears to be VERY SECURE since it is NOT exposing ANY of its internal NetBIOS networking protocol over the Internet.

 

[Mental-Tree]

I've just enabled file and printer sharing on all of my connections. heres the results

And the port test.

----------------------------------------------------------------------

GRC Port Authority Report created on UTC: 2010-02-27 at 12:14:09

Results from scan of ports: 0-1055

0 Ports Open
0 Ports Closed
1056 Ports Stealth
---------------------
1056 Ports Tested

ALL PORTS tested were found to be: STEALTH.

TruStealth: PASSED - ALL tested ports were STEALTH,
- NO unsolicited packets were received,
- NO Ping reply (ICMP Echo) was received.

----------------------------------------------------------------------

 

[ginggs]

I've just enabled file and printer sharing on all of my connections.

It's very likely iBurst are protecting you from the outside world.
That doesn't mean you aren't susceptible to an attack from another infected iBurst user.

Check your firewall logs, you should be able to see blocked attempts there.

 

[Mental-Tree]

I doubt that my protection is due to iburst I just did the smart thing and got a decent internet security suit when I started using the net. BitDefender shall protecteth my pc from intrusions and attacks . I guess one can only assume that Iburst enabled file and printer sharing because they assumed that anyone who was using their product to connect to the internet would have taken the necessary steps to protect their pc. People who don't do this deserver to have their pc raped, just my opinion.

 

[ginggs]

I doubt that my protection is due to iburst I just did the smart thing and got a decent internet security suit when I started using the net. BitDefender shall protecteth my pc from intrusions and attacks . I guess one can only assume that Iburst enabled file and printer sharing because they assumed that anyone who was using their product to connect to the internet would have taken the necessary steps to protect their pc. People who don't do this deserver to have their pc raped, just my opinion.

So you attempted to test the effects of turning on File and Printer Sharing, but you had a third party firewall installed all along? I think you just tested your firewall.

Try turning off your firewall and repeat the test with and without File and Printer Sharing enabled.