N
null
Has anyone tested WWDC.EXE ( Win 2K or XP only)? Does it indeed close
all the ports such that netstat -an produces a empty result? I don't
have 2K/XP to test it on. But I'd like to recommend the utility if it
works.
Art
http://www.epix.net/~artnpeg
R
Richard Steven Hack
Note the following from the jugesoftware site above:
Note : Kerio Firewall 2.1.5 (I suppose so the whole 2.x series) has a
bug while disabling Locator and/or NetBT service, it displays the
following error message "Windows - Fatal Application Exit. Kerio
Personal Firewall Driver : Unable to attach 'TCP'". However unlike i
have said in the previous note, Kerio 4.x series is not affected by
this bug. There is nothing i can do about the Kerio bug, i can't fix
their software, and Kerio would probably answer you that the update is
the 4.x series.
R
Richard Steven Hack
Just installed it on my W2K system.
You have to run this as administrator, of course, otherwise you get
error messages.
On doubleclicking the program (in administrator mode), I get the error
message:
Value in registry can't be
opened(SYSTEM\CurrentControlSet\Services\Messenger).
Probably because IIRC I have Microsoft Messenger disabled already.
I click OK and the Windows Worm app comes up. I clicked on each
button (except for "UPNP and SSDP Services" which are apparently not
available on Windows 2000). It tells me the button will take effect
on reboot.
I reboot.
Doubleclick the app again, get the same error message as above, click
OK, the app comes up, shows all the buttons are checked Green EXCEPT
the Messenger one which shows still enabled.
I run netstat -an from the command line and it shows the DCOM RPC port
135 still listening. Kerio 2.1.5 shows that port as listening.
Windows Worms says it is disabled.
Windows Worms says that RPC Locator port 445 is disabled; it does not
show on the netstat report nor on Kerio as listening, so perhaps it
is.
NetBIOS ports 137, 138 and 139 show as disabled on Windows Worms, as
not listening on netstat (except for 139 which is still listening) and
Kerio shows all of them listening.
So I don't know if I've done something wrong, but it does not look
like this is working as advertised.
Clicking on the "Close Messenger" button in Windows Worms gives me the
same error message as above.
I don't think this thing works. OTOH, it hasn't given me any Kerio
error messages (yet) as mentioned on the guy's home page. Doesn't
appear to be doing any damage to anything.
I find it strange that Kerio is showing the NetBIOS ports open when I
do not even have NetBIOS bound to any of the NICs. Very odd. I must
be missing something here.
R
Richard Steven Hack
Ah, I see on the Wilder Security forum this statement:
However, DCOM even when disabled, does not close port 135 but simply
stop listening on it.
So that explains port 135.
Doesn't explain why netstat and Kerio show it listening, however.
R
Richard Steven Hack
Further update.
This thing has thoroughly broken my Windows 2000. I can't even get
the Control Panel to display properly and the Administrative Tools
functions will not show Properties or anything.
The system is seriously ****ed up.
Don't touch this thing with a ten foot pole.
"Deep tested" on Windows 2000, my ass!
R
Richard Steven Hack
You wouldn't believe how badly hosed my system is. I had to go into
the Recovery Console, restore my Registry from back when the system
was first installed, which forced me to reinstall my drivers, and I
still can't access the Add/Remove Programs for some reason. Most
likely I will have to do a complete reinstall of the OS to get rid of
this mess.
Don't touch this crap software with a ten-foot pole.
N
null
R
Richard Steven Hack
I'm really sorry to hear that
Yup, last night was a bad night. Somehow this thing broke the
Registry causing Add/Remove Programs to cease to function at all. I
used Recovery Console to restore from an (unfortunately old) backup -
actually from the original install Registry) which recovered
Add/Remove functionality, but it showed no installed programs except a
few. So I tried restoring the Software hive of the Registry in
conjunction with later hives, which recovered the software to some
degree, but apparently there are just too many inconsistencies in the
Registry to function.
So I had to do a complete reinstall.
THEN Keriod Personal Firewall 2.1.5 refused to function. I couldn't
get out to the Net without getting this error message repeatedly:
Kerio Personal Firewall Driver: MacTransferData: Invalid buffer tag.
The last time I saw that from Kerio was on my Windows 98 when both the
NIC chip on the motherboard and my DSL NIC card were installed with
drivers. Kerio couldn't handle two NICs at once apparently. I got
rid of the problem on 98, but apparently when I reinstalled 2000 last
night, something got changed so Kerio thinks both NICs are operating.
I uninstalled both NIC drivers, I uninstalled Kerio and reinstalled,
and I uninstalled and reinstalled the SBC DSL Efficient Networks
Enternet 300 DSL client, and nothing solved the problem.
I could ping out to the SBC DNS servers, but as soon as I tried an app
like email or Opera, Kerio would start popping up that message
repeatedly.
Fortunately I had a copy of ZoneAlarm on the system, so I installed
that, which seems to be working okay so far (I had problems with it on
98 which is why I stuck with Kerio for so long).
With the Sasser worm running around, I damn sure didn't want to be
without a firewall!
Bad night.
I REALLY hate Windows for that damn Registry - VERY poor design
decision. On Linux, things may break, and it may be hard to find them
or find the documentation to fix them, but at least they aren't
deliberately hidden and obfuscated so that only a developer can
understand them - unlike the Registry which is full of keys completely
incomprehensible to a user on almost any level other than developer.
Microsoft as a corporate culture has a very bad case of "Father knows
best" - to the point of being a control feak. People can say this
helps make the machine more user friendly for casual users, but it's a
disaster when something breaks.
To fix the Add/Remove Programs breakdown, Microsoft has a
KnowledgeBase article that recommends rebuilding a couple dozen keys
in the Registry - with no explanation as to what they do or why. I
tried it but there was just too much to be done and no evidence any of
it was working.
I was amazed to see articles indicating that merely installing IE 6 is
enough to break the Add/Remove Programs function - which apparently
depends on HTML and thus IE.
Absolutely pathetic monolithic design.
R
Richard Steven Hack
Well, I fixed that problem. While searching the Net for info on the
error message, I came across YOUR discussion with one of the security
groups on this same problem. As you know, turns out to be a problem
with the Enternet client which has to have a setting changed. I did
that and uninstalled ZoneAlarm and reinstalled Kerio and all seems to
be well again.
I much prefer Kerio because I like to be able to easily SEE the
firewall rules being applied (or at least all but the implicit ones).
As for the Windows Worm Cleaner, it is possible that the problems I
experienced may have been related to something else I might have done
(I was messing around with the Windows services at the time since I
was comparing them with the ports supposedly shut down by the WWC),
but I'm not sure. I might have accidentally screwed up the Remote
Procedure Call service which would definitely hose my system -
although I THOUGHT I only stopped the Remote Procedure Call Locator
service which is supposedly safe to disable.
In any event, the thing did not seem to shut the ports down as
advertised at least as far as netstat and Kerio were concerned. Since
the author is not clear about exactly HOW he "disables" the ports -
especially in the case of 135, which he claims is "disabled" but still
"listening" - I am skeptical of its value.