Windows Worms Door Cleaner - How to survive the next big worm attack (updated 25 Nov 04) |
Some of you may recently have
been attacked by the Sasser worm or other such as the Blaster worm. What
did you have in common with the millions of others out there on the net?
Well, you were probably running Windows XP and for whatever reason, you
didn't have a firewall up and running. One guy I talked to had just bought
a new pc and was updating at Microsoft when he got nailed. I helped him
get patched and told him how to put up the XP firewall till he got a
better one installed. Before the new pc he had Win98 and he didn't
understand why he needed a firewall right away, so I also gave him a quick
lecture on the importance of firewalls for XP. He wondered
"Why did Microsoft leave all these "doors" open for any hacker or
bug to walk in on?"
I ran across an article in
a newsletter and it sounded like you can prevent some of these types of
invasions by using "wwdc" to turn off some of the Windows services.
It's a very small utility, it's free, it doesn't run continuously and you
can undo your changes. A home user really doesn't need all the
services listed below running so I tried disabling all of them.
I found I needed the third one in order to use my file sharing
on our network. No problem, a couple clicks enabled it
again.
Windows Worms Door Cleaner
v1.4 - wwdc.exe Windows 2000, 2003 server, XP
Quote from website: Most of the worms, in
particular the most famous, use known vulnerabilities in Windows services
which are enabled by default and that often can't be disabled via the OS's
configuration.
Even with these services patched with Microsoft security fixes, they are still exposed to the Internet at large ready to be exploited by the next exploit. These ports/services on client side are :
* DCOM RPC (listen on port 135) MS03-026 * RPC Locator (port 445) MS03-001, MS04-011 * NetBIOS (ports 137/138/139) MS03-049 * UPNP (port 5000) MS01-059 * Messenger service (uses RPC/NetBIOS ports) MS03-043 |