VERY IMPORTANT INFO ABOUT VIRUSES!!!!!

little witch

As we all know, microsoft has been patching left and right, without actually stopping the entry altogether of viruses.

I want to share this information with you all. I just did this, and the vulnerablility is fixed, permanantly.

Firstly, this info came from Leo, on tech tv, and he highly recommends doing this asap, there is a new worm released yesterday.

Here is the website to download a tiny program to fix this big headache. It will explain EVERYTHING about the vulnerability, and close its port of entry.

http://grc.com/dcom/

Or type in DCOMbobulator on your search engine.

It is a very simple program, very small. It only takes seconds to download and use.

I am very skeptical about this advice. The web site states that "no one" uses DCOM and it can therefore be shut down. But Norton Antivirus uses the DCOM for a start!!! I wouldn't interfere with the functionality of Norton Antivirus to even try it.

drwtsn32

Interesting, but don't let this give you a false sense of security. This will not make you immune to all viruses.

Disabling unnecessary services (such as DCOM) will make you invulnerable to attacks that utilize flaws in those services.

The reason Microsoft doesn't do the same thing (disable DCOM) is because it's not truly a fix. The real fix involves fixing the flaws in the DCOM service.

I still recommend that people either use a hardware router or a software based firewall. It would have protected them from exploits such as this.

drwtsn32

ballistic: You are wise to question the advice. I find Steve Gibson (grc.com) makes sweeping generalizations at times. Personally I would not disable DCOM; I'd protect myself with some sort of firewall.

little witch

You are right, Ballistic.

It mentions some programs need to use port 135, but that can be left open.

The program does two things. It can shut that port, and/or shut down dcom.

I didnt have to shut down my port since I am both behind a firewall, and my isp has fixed the port.

ballistic

Bill Gates says

Warning If you disable DCOM, may you may lose operating system functionality. After you disable support for DCOM, the following may result:

Any COM objects that can be activated remotely may not function correctly.
The local COM+ snap-in will not be able to connect to remote servers to enumerate their COM+ catalog.
Certificate auto-enrollment may not function correctly.
Windows Management Instrumentation (WMI) queries against remote servers may not function correctly.

@ http://support.microsoft.com/default.aspx?kbid=825750

It is interesting to note however that the deactivation of DCOM does indeed resolve many worm exploits.

little witch

As a caveat,

Please read up about DCOM, using as many sources as you can find, such as the link Ballistic provided.

Make sure this is a good thing for your situation.

I dont think you should do this to your work computers,etc. But if you dont have a firewall, or do not

need remote services, this may be an option.

If anyone has any more info, or links, feel free to post. Thanks

drwtsn32

It is interesting to note however that the deactivation of DCOM does indeed resolve many worm exploits.

Actually it's not surprising. To protect against any vulnerability you could simply turn off the defective service. The problem is if you lose necessary functionality by turning off that service....

Simon

I'd be very wary of downloading any little apps off the net to fix anything.

Stick to official patches and programs from reputable companies like Symantec, Trend etc...

There is an app built into windows (DCOMCNFG) which allows you to enable and disable it (inc. remote DCOM) as well as set who can access which components etc...

little witch

That sounds like a better idea, Thanks Simon

VERY IMPORTANT INFO ABOUT VIRUSES!!!!!

Share this