The GRC DCOMbobulator
Taming Windows' Dangerous DCOM / RPC System
What is DCOM?
Windows employs a component-based system to help programmers manage Windows' complexity. This system is called COM for "Component Object Model." Much of Windows itself, and many Windows programs, are assembled from individual COM components. Microsoft thought it would be "cool" if these COM components could find and use each other from different machines across a network, so Distributed COM (DCOM) was created to allow this. DCOM uses an existing networking protocol known as Remote Procedure Call (RPC), usually over Internet port 135, to host COM's distributed operation across a network.
What's the problem?
The problem is that this very powerful DCOM system, which allows pieces of your computer to be remotely activated and used from across a network -- even by any stranger across the Internet -- is always enabled in Windows systems by default. Microsoft's most recent DCOM patch, which fixes another (not the first) remotely exploitable vulnerability in this complex system, continues to defiantly leave the whole DCOM system exposed and enabled . . . and waiting for the next vulnerability to be discovered.
What's the solution?
Just turn it off. No Internet applications use or require DCOM. Some Windows applications support it, but those that do neither use nor require it. As with so many of Windows' easily avoided security vulnerabilities, Microsoft should never have chosen to enable DCOM by default, and they certainly should have had their most recent patch turn it off after the MSBlast worm event. But instead, all Windows systems are still running DCOM and waiting for the next disaster.
You and I have the responsibility to fix this correctly by just saying no to DCOM.
What does the DCOMbobulator do?
The "Am I Vulnerable?" tab reports the current status of the DCOM system. It will tell you whether this machine's DCOM facility is enabled or disabled, and report on the system's vulnerability to the recent DCOM buffer overflow vulnerability. Reports that Microsoft's DCOM patch doesn't always "take" have been confirmed, so Windows systems may have remained vulnerable even after the DCOM patch has been applied. The DCOMbobulator allows any user to easily check this.
The "DCOMbobulate Me!" tab allows a system's DCOM facility to be easily disabled and enabled with the push of one button. Shutting down Windows' dangerous, unnecessary, and exploit-prone DCOM system is just that simple.
Command-line options allow these functions to be performed unattended and automatically whenever Windows starts up, by corporate login scripts, or at any other time required. See the DCOMbobulator web page for details of command line usage.
You may select any other tabs for specific instructions and guidance in the use of this DCOM management utility.
About this Freeware
If you are not already familiar with my work, you may be puzzled by the small size and the simple "no installation" fast and effortless operation of this Windows utility. More than anything else in the world, I want to create high-quality software. As you can see from my web site and from this application, this is not just a bunch of talk. I hand-craft each of my applications in 100% pure assembly language -- the raw native language of the PC. I believe it is worth the extra time and effort to create long-lasting high-quality products.
heres a link to get it,