|Windows Worms Door Cleaner - How to survive the next big worm attack (updated 25 Nov 04)|
Some of you may recently have been attacked by the Sasser worm or other such as the Blaster worm. What did you have in common with the millions of others out there on the net? Well, you were probably running Windows XP and for whatever reason, you didn't have a firewall up and running. One guy I talked to had just bought a new pc and was updating at Microsoft when he got nailed. I helped him get patched and told him how to put up the XP firewall till he got a better one installed. Before the new pc he had Win98 and he didn't understand why he needed a firewall right away, so I also gave him a quick lecture on the importance of firewalls for XP. He wondered "Why did Microsoft leave all these "doors" open for any hacker or bug to walk in on?"
I ran across an article in a newsletter and it sounded like you can prevent some of these types of invasions by using "wwdc" to turn off some of the Windows services. It's a very small utility, it's free, it doesn't run continuously and you can undo your changes. A home user really doesn't need all the services listed below running so I tried disabling all of them. I found I needed the third one in order to use my file sharing on our network. No problem, a couple clicks enabled it again.
Windows Worms Door Cleaner v1.4 - wwdc.exe Windows 2000, 2003 server, XP
Quote from website: Most of the worms, in particular the most famous, use known vulnerabilities in Windows services which are enabled by default and that often can't be disabled via the OS's configuration.
Even with these services patched with Microsoft security fixes, they are still exposed to the Internet at large ready to be exploited by the next exploit.
These ports/services on client side are :
* DCOM RPC (listen on port 135) MS03-026
* RPC Locator (port 445) MS03-001, MS04-011
* NetBIOS (ports 137/138/139) MS03-049
* UPNP (port 5000) MS01-059
* Messenger service (uses RPC/NetBIOS ports) MS03-043