Several security questions

[RandomUser]

Hello! I appreciate if someone can answer these questions? Thanks in advance!

For the questions related to my computer, I have Spybot, Antivirus and Windows Update fully up to date.

1. After I fixed a friend's computer, we went to YouTube to show him that it was working properly. But I noticed that, as I played a video, an ad showed at the bottom of it, and it was covering part of the video. I had to click an X to dismiss it and see the video properly. It only happened on one video out of four. My question is whether this is normal, because I use YouTube fairly often and I've never had ads like this. Are they new? Or is there something I don't know? Spybot found nothing.

2. I run TCPView to keep an eye on the IP traffic. I hate it when the network lights go on and I haven't clicked on anything. Yesterday, I noticed some connections to some IP addresses that, when I try to run nslookup on them, it returns no FQDN: the message is "non-existent domain". I have 3 such IP addresses, how can I find more information about them?

3. When I run "cmd" as administrator, and run "netstat -a -b", I get a message for some connections that says: "Can't obtain ownership information". How can I find the process that hosts those connections?

4. Sometimes when I run TCPView, I see no activity at all, all connections are either UDP or listening, and yet, I see lots of network light activity. Is there any feedback regarding this?

5. Sometimes when I run Task Manager for all users, I see barely any activity at all (the System Idle "process" is something like 95% to 99%, and the System "process" barely ever shows up in the list (I sort by most CPU use)), and yet I see much hard disk activity. Is there any feedback regarding this?

6. When running TCPView, if I click on a button that says "Show Unconnected Endpoints (Ctrl+U)", then TCPView crashes. Is this a bug or perhaps something else?

7. I'm running on Vista, but I'm beginning to see friends with Windows 7. How can I enable network light activity animation on W7? Personally, I consider it a security issue that I can't see when there is network flow vs not. I have Vista's fake animation. I prefer the one on Windows 98 where the lights light up exactly at the moments there is any flow.

8. Sometime ago, someone showed me a Google feature where you would visit an URL like so: http://blahblahblah.google.com/blahblahblah/somewebsitename.com and Google would display security information regarding that web site. (So one would know if a website is spreading virus or not.) Does anyone remember when that URL was? I can't find it. :(

I'm very grateful for any and all replies. Thanks!

EDIT: Clarity of words.

[Zenobia]

For question number 1,yes,it's normal to see those ads on Youtube videos,I've had them at the bottom of a couple of them.

[shelf life]

2) http://support.microsoft.com/kb/200525

4)

and yet, I see lots of network light activity

ARP broadcast traffic. Normal and harmless

6)

then TCPView crashes

maybe here.

lots of apps similar to TCPView, one is
CurrPorts

[RandomUser]

Thanks for the replies.

I'm using CurrPorts, I like it because it provides lots of information.
Nevertheless, there are three connections that show up on TCPView
that don't show on CurrPorts. I noticed that they are part of svchost.exe,
they seem to be related to ssdp (?), and they seem to use UDPv6.
Of 5 such IPv6 connections, four use the same local port number. CurrPorts
displays only one out of those four that share the same local port number. The IP address according to CurrPorts is ::1, but TCPView shows three more non-::1 IPs, I even pinged one of them successfully on the command line. (They seem to be remote, not local, and they're not the same. They begin with FE80: ) Should I report this to the author of CurrPorts?

nslookup. I ran it on interactive mode, and managed to set it up so that it looks up using Google's DNS. I can find names for some IPs (I just ping some sites, and use those IPs to look back), but even so, I can't find names for three IPs I gathered. I think the information is missing, is that a valid "Internet state of affairs" (if I can call it that?)

Many thanks again.

[shelf life]

Dont know why there would be a difference between the two. You have Currports refreshing itself, the default is disabled. Lots of services run under svchost.exe. even more so in Vista and W7, not all need to be running. No, i wouldnt report it to the author. You might also like Fport and ActivePorts

[RandomUser]

Yes, I set up CurrPorts (and TCPView) to refresh itself.

I can't open ActivePorts without getting the message:
"ActivePorts - OpenPhysicalMemory error!... Access is denied."

I decided not to use Fport because I want IP address info.

Well, I'll just use both TCPView and CurrPorts.



Is there any more info about IPs that I can't get a name of (with nslookup)?

Thanks!

[shelf life]

Come to think of it ActivePorts may not be supported in Vista or fport either.
If your trying to resolve ip addresses there are far better tools. Web based like this. Or an all time favorite of mine: Sam Spade

[RandomUser]

Nice! The three IPs were from: (1) Microsoft (2) My ISP (3) Amazon?????

But I haven't visited Amazon in ages!

[shelf life]

Web pages can pull content from different places. ad's, photos, video etc. The ip's can also stay present in utilities for a short time after your browser has been closed.

[RandomUser]

I'm pretty sure I haven't seen an Amazon ad though.

I greatly appreciate all the help given!
Thank you.