As a *careful with money* agriculturalist, I have stuck to the free version of AVG.
For years now it has been nagging about router DNS vulnerabilities.
Can someone (in words of few syllables) kindly explain what they are on about and whether this is fixable with my limited skill set?
For interest, they did not cease my free service despite increasingly lurid threats. C Cleaner are now going though a modification of the same process!
They just want your money
I get a frequent "people can see your IP address" warning.
I don't see the risk of this, if anyone does please enlighten me.
I assume that it is trying to upsell users to their VPN service.
Cheers
Dave R
As I discovered, using a VPN locks you out of some services that need to confirm you are in the UK, such as BBC iPlayer.
(Tim) I could explain what I think, but it maybe is the duty of AVG to really do that since they have your trust - and they should use few syllable language hence that is their target audience.
Both Sophos and Microsoft have packages with considerably dialled down levels of FUD.
Yup.
VPN services are also over hyped. They have specific advantages for business mobile users and those that want to stream out-of-country content, but the average user does not really need another entity beyond their ISP securely recording their web access logs.
OK Got that:-)
My router address/password has not been changed.
Comes in fits and starts. C-Cleaner did a cheap trial offer recently. This is fairly old software so I signed up to get my drivers updated and then cancelled:-)
Luckily, I still get the MS security upgrades. I suspect the original owner is paying for this service.
I use a folder firewall blocker on all applications that call home, including nearly all M$ svhost services. This keeps things nice and quiet.
Well I think what that means is the possibility that someone could somehow set your router to use a wicked DNS server and make all your clients use it as well, the point of that being to direct you to sites that are not the sites you thought they were.
Which is where the security certificates that are part of the https protocol come in. A valid certificate is a pretty good sign that the site is what it says it is.
Which is why many browsers issue dire warnings about non certificated (http) or badly certificated sites.
Its worse than that, it may identify you as 'being a blackhat' too. I had set up a private channel to allow a friend to access a small web site I built for him, on the basis if his known fixed IP address.
It stopped working, and investigation revealed someone from an entirely different IP address was attempting to log in using his credentials. Of course that was failing, so I queried the nature of the IP address and got dire warnings that it was 'likely to be a hack attack' It was of course my friend using a VPN...as used by all the best criminals....
When, a number of years ago, free AVG was using far too much of my bandwidth and attracting far too much of my attention, I ditched it entirely in favour of the free bundled Windows Defender and Firewall.
It doesn't seem to have done me too much harm.
Nick
In message snipped-for-privacy@4ax.com, Nick Odell snipped-for-privacy@themusicworkshop.plus.com> writes
They still upgrade the *malicious software tool*.
They got naggy when they were taken over by Avast, at which point I gave them up. IMHO the standard MS offerings are now good enough for most ordinary users. (That's assuming you are not running a business that relies on a complicated LAN or set of servers).
Reading between the lines a bit here, I am guessing they are telling you that there are known security flaws in your router, that would allow an attacker to compromise it by messing with its DNS settings[1]...
This could be as simple as the router is using a (common) default password to access its administration page - and they are all delivered form the factory set with the same password, or that it actually has a vulnerability that allows access by an attacker.
There are two different levels of "bad" here. Bad would be if that access is only from your LAN - such that something running locally (say a malicious script on a web page running on one of your computers) being able to make contact the router, log into its management interface, and change its settings.
The alternative is "really bad" where an attacker does not need to run code inside your network, but can make the connection from the WAN side of the router.
Yup, although if there are known attacks against the router, it is possible the only (fully effective) mitigation might be to replace it. (or it might be as simple as a firmware update, or perhaps even just changing its default password). The problem with many routers is that they don't necessarily get updated and patched with the fervour that your applications and OS does.
(drop me an email with the make and model of the router if you like, and I will look to see if it is on any of the critical vulnerability lists)
[1] DNS (the domain name system) is a service that allows common human readable addresses to be turned into network addresses that the computer can use. So when you typeNormally when a router is setup, one of the things it is configured with is the address of a DNS server. This is either (typically) one belonging to your ISP, or a common public one like that operated by Google.
When a device on your LAN powers up, the first conversation it is likely to have with your router is to lob it a configuration request using a standard process called the Dynamic Host Configuration Protocol (DHCP), to say "tell me everything I need to be able to communicate on the LAN". The router will then give the device an IP address of its own to use, plus details of a DNS server(s) to access. Sometimes these are copies of of address the router was configured to use, or they might actually be the routers own IP address (that means all DNS requests go to the router first, and it then acts as a DNS relay, making requests to an upstream router in turn)
+1 I used to use AVG until it "changed". I also used to use Avast until an update decided decided it was OK to write an extra files in all my directories - anther virus checker that became worse than the viruses themselves :)
I now use the Micro$oft offerings with regular (manual) checks with Malwarebytes.
Perhaps a check with shields up is required :)
In the latter test you can click on any of the little squares that appear to get a description of what the port is for plus other info.
We'll have to be more careful about certs., Russia is issuing its own. Just add Nork AV suite and use a Nigerian bank...
Tim Lamb was thinking very hard :
They are just trying to scare you into paying for it. The Windows built in security is as good as you need, no cost and no nags.
In message <t0pleh$qpp$ snipped-for-privacy@dont-email.me, Harry Bloomfield Esq snipped-for-privacy@harrym1byt.plus.com> writes
Hmm.. this is W7 pro so not quite state of the art!
Firefox has kicked off about a couple of *infected* sites recently.
Google appear to be tidying up potential spam sources as they have taken against my set up and bounce my mail sent to a gmail address I have used for years.
Stress...
yeah...i've been rejected occasionally as being an 'unknown possible spam relay' Fuckem.
HomeOwnersHub website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.