On Fri, 2003-10-10 at 05:09, opticfiber wrote: > It's come to my attetion that disablinf DCOM in windows is near > impossible without a regedit. Hopefully no one's already posted this to > the list, if so my appologies for the redundancy. Steve Gibson from > grc.com creates lots of tiny little applications to tighten up windows > security. One of his latestest programs disables the DCOM service all > together, no need for a patch. This might be a better option rather then > just a patch, espcially for users who don't utilize this service. The > tool can be found at the following URL: http://grc.com/dcom/
Disable DCOM by all means, but also apply the patch! I have seen numerous cases of where services have been disable to mitigate some security concern only to be re-enabled later (either by accident or deliberately) leaving the machine vulnerable. -- Russell Fulton, Network Security Officer, The University of Auckland, New Zealand. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
