Invincible bandwidth monitor?
January 10, 2007 3:00 PM Subscribe
Could there be a virus downloading from my computer that cannot be detected by a bandwidth monitor?
I have satellite internet. My Bitmeter by Codebox says that I download about 100 MB a day. According to my satellite company I am downloading 1000 MB a day.
I think they are wrong. The Bitmeter monitors ALL downloads from my computer. Or could there be some super-virus that my spyware, adware, and bandwidth monitor can't detect?
I have satellite internet. My Bitmeter by Codebox says that I download about 100 MB a day. According to my satellite company I am downloading 1000 MB a day.
I think they are wrong. The Bitmeter monitors ALL downloads from my computer. Or could there be some super-virus that my spyware, adware, and bandwidth monitor can't detect?
Response by poster: No we don't have wireless.
So it would be easy to fool a bandwidth monitor. Thanks, Blazecock Pileon, for helping me with this. Amazingly I've never had a virus so I'm really out of touch with how to trouble shoot for them.
posted by cda at 3:14 PM on January 10, 2007
So it would be easy to fool a bandwidth monitor. Thanks, Blazecock Pileon, for helping me with this. Amazingly I've never had a virus so I'm really out of touch with how to trouble shoot for them.
posted by cda at 3:14 PM on January 10, 2007
Make sure you're not measureing bytes while they measure bits.
posted by These Premises Are Alarmed at 3:16 PM on January 10, 2007
posted by These Premises Are Alarmed at 3:16 PM on January 10, 2007
Yeah, I'll reiterate TPAA's comment: make sure you're not measuring in different units.
Lots of per-second bandwidth measures are in Mb/s, not MB/s. (Due to overhead in error correction/parity bits it takes about 10 bits of bandwidth to transfer one byte, which would explain why the difference is a factor of ten instead of eight.)
Are these 100MB and 1000MB figures direct or are you converting from bandwidth rates and times?
posted by cps at 3:45 PM on January 10, 2007
Lots of per-second bandwidth measures are in Mb/s, not MB/s. (Due to overhead in error correction/parity bits it takes about 10 bits of bandwidth to transfer one byte, which would explain why the difference is a factor of ten instead of eight.)
Are these 100MB and 1000MB figures direct or are you converting from bandwidth rates and times?
posted by cps at 3:45 PM on January 10, 2007
And while it is theoretically very easy for a virus to fool a software bandwidth meter, it would be way out of the ordinary, and very unlikely. Most viruses that have stealthing capabilities hide themselves from the operating system's file and memory displays. It would be somewhat difficult to hide network traffic, and not entirely worthwhile for a virus.
posted by stovenator at 4:10 PM on January 10, 2007
posted by stovenator at 4:10 PM on January 10, 2007
Agree with stovenator. A virus could trick a bandwidth meter, but it wouldn't be easy and I don't think most virus writers would have much incentive to write that feature.
Does your computer's network connection pass through a router to get to the satellite dish? Most network devices provide a display of how much data has passed over its interfaces since it was turned on, and that reading should be very reliable.
posted by molybdenum at 5:19 PM on January 10, 2007
Does your computer's network connection pass through a router to get to the satellite dish? Most network devices provide a display of how much data has passed over its interfaces since it was turned on, and that reading should be very reliable.
posted by molybdenum at 5:19 PM on January 10, 2007
D'oh. On reread, I say I agree with stovenator, then contradict him by saying that tricking a bandwidth meter wouldn't be easy. I meant that it could be done, but probably isn't worth the writer's time.
posted by molybdenum at 5:28 PM on January 10, 2007
posted by molybdenum at 5:28 PM on January 10, 2007
Actually the new virtual machine exploits would completely hide bandwidth stealing by design. So it is very possible you have been compromised by a botnet/warez/spyware/spammer syndicate. These things cannot be detected by any software method. Its a growing problem.
The only way to fix it is to cold-boot from a read-only media, rewrite the master boot record, repartition, and reformat.
However, in this case, I think you just misunderstood the difference between Mb and MB :D
posted by Osmanthus at 6:50 PM on January 10, 2007 [1 favorite]
The only way to fix it is to cold-boot from a read-only media, rewrite the master boot record, repartition, and reformat.
However, in this case, I think you just misunderstood the difference between Mb and MB :D
posted by Osmanthus at 6:50 PM on January 10, 2007 [1 favorite]
Do you have a game system of any kind hooked up to the network?
If someone in the house is downloading demos or gaming heavily online that could raise your bandwidth.
*form first glance bitmeter would not pick up on that, but I could be wrong.
posted by imjosh at 5:53 AM on January 11, 2007
If someone in the house is downloading demos or gaming heavily online that could raise your bandwidth.
*form first glance bitmeter would not pick up on that, but I could be wrong.
posted by imjosh at 5:53 AM on January 11, 2007
Response by poster: My Bitmeter says MB and my satellite company says MB.
We don't do gaming or anything. We used to download movies but stopped over a month ago. We only read email, very occasional attachments, news with no pictures. I think the Bitmeter is accurate for our usage - 100 MB a day.
It would be very hard for us right now to reformat (because of a recent illness in the family). So I am trying to exhaust possibilities that is their mistake before I scrub my computer.
Today I may change my password with them just in case that could possibly work. And then I am going to remove my ethernet cable from their modem for a few days and check my FAP by dial-up.
posted by cda at 8:22 AM on January 11, 2007
We don't do gaming or anything. We used to download movies but stopped over a month ago. We only read email, very occasional attachments, news with no pictures. I think the Bitmeter is accurate for our usage - 100 MB a day.
It would be very hard for us right now to reformat (because of a recent illness in the family). So I am trying to exhaust possibilities that is their mistake before I scrub my computer.
Today I may change my password with them just in case that could possibly work. And then I am going to remove my ethernet cable from their modem for a few days and check my FAP by dial-up.
posted by cda at 8:22 AM on January 11, 2007
Response by poster: Update:
Talked to a tech and ruled out that changing my password would make any difference.
Ran my test and the FAP meter kept going up. So there is something definitely wrong on their end.
Talked to another tech and they may realise they have a problem and they may be fixing it today.
posted by cda at 4:14 PM on January 13, 2007
Talked to a tech and ruled out that changing my password would make any difference.
Ran my test and the FAP meter kept going up. So there is something definitely wrong on their end.
Talked to another tech and they may realise they have a problem and they may be fixing it today.
posted by cda at 4:14 PM on January 13, 2007
This thread is closed to new comments.
That aside, it could be easy for an existing compromise to fool software bandwidth monitors.
posted by Blazecock Pileon at 3:05 PM on January 10, 2007