Author Topic: User's FAQ  (Read 267152 times)

0 Members and 1 Guest are viewing this topic.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
User's FAQ
« on: May 30, 2004, 03:55:39 PM »
I'm starting a new thread promissing a full list of frequently answered questions.
I do not want to discuss them here, so it will be a closed forum.

If you can (or want) to add something, I'll be glad to add to this list.
I'll try to make an index of them bellow...

First of all, see the official avast! 4 FAQs page or browse the forums for help. You don't have to register for browsing and searching. Registration is required only if would like to post a new topic.

The search function of the forum is really a good way to find help. Try!  ;)

Try to read the avast! Help files too, this save a lot of your time and work to help when is really needed. You can left click the 'a' blue icon on the system tray, run avast antivirus. When you see the avast skin, right click it and choose 'Help'.

Some special functions could be found and reached by RejZor's application called avast External Enjoy it!  :)
« Last Edit: May 30, 2004, 04:41:25 PM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #1 on: May 30, 2004, 04:44:25 PM »
Please, each time give us the necessary information about your system in order to receive a better help from these forums users…

You can always change your signature and add all these informations there. Click on the 'Profile' button above and add this information on all your forum posts. For instance:

1. What version of avast! do you have? Please, click on the 'a' icon (blue ball) in the system tray... Go to About dialog and see your version/build and update information. This way we can figure out if their is an issue with your specific version of avast!
2. Which is your operational system and browser application?
3. Do you use a proxy filter, a firewall, an ad-blocking or spy-blocking applications?
« Last Edit: May 30, 2004, 04:57:56 PM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #2 on: May 30, 2004, 04:45:23 PM »

Special avast links

avast Virus Cleaner:
avast Updates:
avast! Skins:
avast! skin maker:
avast! uninstall utility: If you can't uninstall avast through Control Panel, you can download the uninstall utility called AvClear or AvClear4 (depending on your avast! version). More information here.

avast! Pricelists
avast! Home Registration
avast! e-mail technical support:
avast! e-mail for sendind viruses files to analysis:
avast! Forum
Subscription Services
Compare Profesional and Home Edition:

FAQs avast!
Virus Reference and Viruses in the Wild
Virus Report Form
System Requirements

Other applications

Links for almost everything could be found here.

« Last Edit: June 09, 2004, 05:43:03 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #3 on: May 30, 2004, 05:01:14 PM »
Update troubleshooting

Please, give us the following information:

1. Has your avast version ever updated before?
2. How do you connect the Internet (dial-up, ADLS, etc.)?
3. Have you already registered? You will recieve your new activation key via e-mail for free if you are using the Home version.
4. Have you received warnings by your firewall after avast! installation?

Note that avast! tries to connect the update servers (looks for virus definition file updates and for program updates). You should allow avast! to connect, otherwise the update feature will not work. See here the updated list of servers that avast! connects to.

And the avast components that should be allowed to connect the Internet by the firewall are:
avastXX.setup (where "XX" are some numbers)

If you just use Windows XP firewall, try to disable it (Open the Control Panel > Network Connections, right click with your mouse on your connection. Go to Properties. Open the Advanced tab and uncheck the Firewall option. If you use a permanent connection (DSL) you must restart your computer).

How does the update service work?

At first, avast! tries to detect if the computer is connected to the Internet - it sends a packet to one of our servers and waits for reply. If the packet is received, avast! knows that the computer is connected and the update may begin. If there's no reply to the packet sent, avast! will try to ping the server again every 40 seconds.

If the ping is successful, avast! connects to our server and checks if there´s new update available. If it is, avast! will download and install it. If not, avast! will wait for 4 hours and then tries to connect and check for updates again.

In other words: avast! detects the connection to Internet every 40 seconds and looks for new updates every 4 hours.

Please, answer specifically:

1. Do you have any other antivirus application installed right now in your system?

2. Any error window or pop up appeared when setup failed?

3. See your settings for Update (Connections) by right clicking with mouse at the 'a' icon in the system tray (blue ball icon), then open the avast! Menu by clicking anywhere in an open area of the application GUI (Simple User Interface with a 'skin' appearance) or click on the ^ button in the upper left corner of the application. Choose now Settings > Update (Connections). You can choose between: "I only connect to the Internet using a dial-up modem" or "My computer is permanently connected to the internet"
Manual update: right click on the 'a' icon (blue ball) in the system tray and select 'Updating' then 'iavs Update' (for virus definitions update) or, better, 'Program Update' (which includes the previous virus database update).

If, for any reason, you can’t update, maybe you can follow two possible solutions:

1) Copy the file called setiface.ovr or setiXXXXXXXX.vpu (where the X's are some numbers) to setiface.dll, all in the <avast>\setup directory. Then retry running the update.

2) Download the latest avast installation package (if you are using the English version of avast) and run it on the machine. That will repair the installation and also update it to the latest version for you.
« Last Edit: June 09, 2004, 05:45:42 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #4 on: May 30, 2004, 05:14:02 PM »
Mail Protection Wizard

Remember that avast handles more than one SMTP server, to configure your e-mail client (program) follow these steps:

1. Close all your email applications.

2. Start Windows Menu > avast! antivirus > Mail Protection Wizard

3. Click Next on the first screen

4. Choose 'Setup the protection manually'

5. Choose 'I don't use MS Outlook (nor MS Exchange client) or
'I use other programs to work with e-mails as well'
a) with MS Outlook/Exchange, the Wizard finishes here.
b) with another e-mail client:
After the service was disabled, choose Next
Select your e-mail accounts (or 'My accounts is not in the list...' to get help)
Finish your configuration and the service will start again.
You can run the Mail Protection Wizard more than once and all the changes could be reversed ('Automatically remove protection from all my accounts').

Nowadays, the following Internet Mail Clients are supported: MS Outlook (including Outlook 2003), MS Exchange, MS Outlook Express, Eudora, Pegasus Mail, Netscape Mail, Mozilla Mail, IncrediMail and The Bat!

If this not help, you, try the help file Manual setting of mail protection.
Launch your mail program and let the program display the account settings.

1. If you want to check outgoing messages, change the address of SMTP server to the address of the local computer, i.e. The localhost or is the way to scan your outbound mail.

2. If you want to check incoming messages, change the address of POP (IMAP) server to the address of the local computer, i.e. The localhost or is the way to scan your inbound mail.

3. Change user (login) name this way: append the character # (double hash) and the address of your POP (IMAP) server (the same as you specified in the avast4.ini file in Step one). Login name should then look like this:

4. If your e-mail program supports SMTP authentication and also makes it possible to set a different login name for SMTP than for POP

5. If the SMTP authentication is enabled, append the character # and the address of your SMTP server to the login name (e.g.

6. If the SMTP authentication is disabled, enable it and use the character # together with the address of your SMTP server as the login name (e.g.

7. Save your changes.
« Last Edit: June 09, 2004, 05:46:03 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #5 on: May 30, 2004, 05:20:58 PM »
Computer acronyms

This issue is under construction with Mike help  ;)

ADSLasymmetric digital subscriber line
AGPaccelerated graphics port
APIapplication program interface
ARINAmerican Registry for Internet Numbers
ASPapplication service provider
ATMasynchronous transfer mode
BIOSbasic input output system
CMOScomplimentary metal-oxide semiconductor
COMcomponent object model (Microsoft functional components interfa-ces)
CPUcentral processing unit
DATdigital audio tape
DCOMMicrosoft Distributed Component Object Model
DHCPdynamic host configuration protocol
DLLdynamic link library
DMAdirect memory access
DNSdomain name service
DoSdenial of service (attack)
DOSdisk operating system
dpidots per inch
DRAMdynamic random access memory
DSLdigital subscriber line
DVDdigital versatile disk
ECCerror correcting code
EGAenhanced graphics adapter
EULAend user license agreement
FATfile allocation table
FTPfile transfer protocol
GSMglobal system for mobile communication
GUIgraphical user interface
HTMLhypertext markup language
IANAInternet Assigned Numbers Authority
ICANNinternational corporation for assigned names
IDEintegrated drive electronics
IGPintegrated graphics processor
IMAPinternet message access protocol
IPinternet protocol
IrDAinfrared data
IRQinterrupt request
ISAMicrosoft internet security and acceleration (server)
ISDNintegrated services digital network
ISPinternet service provider
JMSjava message service
JPEGjoint photographic expert group
LANlocal area network
LEDlight emitting diode
MACmedia access control
MIDImusical instrument digital interface
MIMEmultipurpose internet mail extension
MPEGMoving Picture Experts Group (M-peg)
MSDTCMicrosoft Distributed Transaction Coordinator Service
NASnetwork attached storage
NICnetwork interface card
NVRAMnon-volatile random access memory
OEMoriginal equipment manufacturer
OLEobject linking and embedding (Microsoft functional components inter-faces)
P3Pplatform for privacy preferences
PANpersonal area network
PDApersonal digital assistant
PoPpoint of presence
POPpost office protocol
PPPpoint to point protocol
PROMprogrammable read only memory
RADIUSremote authentication dial in user service
RAMrandom access memory
ROMread only memory
RSARivest, Sharnir & Adelman (encryption inventors)
SAN storage area network
SMSshort message service
SMTPsimple mail transfer protocol
SOAPsimple object access protocol (apache)
SQLstructured query language
SRAMstatic ram
SSLsecure socket layer
TCPtransmission control protocol
UPSuninterruptible power supply
URLuniform resource locator
USBuniversal serial bus
VDSLvery high data rate digital subscriber line
VGAvideo graphics array
VoIPvoice over internet protocol
VPNvirtual private network
W3Cworld wide web consortium
WAPwireless application protocol
WLANwireless local area network
WMLwireless markup language
XMLextensible markup language
« Last Edit: June 09, 2004, 05:46:23 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #6 on: May 30, 2004, 05:34:15 PM »
Install, uninstall and repair

1. Download the avast! setup. Take note of your Registration key or, if you need another key, the registration form can be found here
2. Uninstall avast (Control Panel)
3. Boot
4. If you want, use Avast Uninstall for complete desinstallation or RejZor's application called avast External Control.
5. Boot
6. Install the downloaded setup file
7. Boot
8. Enter the Registration key and configure avast! for your needs

If you had, previously, another antivirus application installed, could be useful a complete desinstallation of it and some Registry cleaning. You can use the following applications:
RegClean for Windows 98 (but works on XP).
BeClean Specially the Registry Cleaning feature.
But the best, you can make a download for try, is PowerTools. Very powerful registry power tools, with lots of extra options. Unfortunately, it's a shareware. You can run it before the expiration time and get rid from the previous antivirus application. You can choose an option for backup of the removed itens.
« Last Edit: June 09, 2004, 05:46:38 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #7 on: May 30, 2004, 08:33:21 PM »
Rescue disk
There is no rescue disk for avast. When and if your system is infected, avast will indicate that you can restore your system to a previously saved configuration using the VRDB. You do not need to monitore the restoring.

But you can use avast 7.7 for DOS. It's a freeware.
You can use the following public Registration key, which can be inserted when asked by the program: AS770.A123456-24DB67
The updates could be found here:

avast Command-Line: only the Profesional version has a command line option and complete instructions on how to set it up can be found in the Help file. avast Home does not have this function.
« Last Edit: July 29, 2004, 03:16:33 PM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #8 on: May 30, 2004, 08:37:37 PM »

It stores important parts of executable files (parts that are often modified by file viruses). It cannot guarantee recovery in 100% of cases. The only way to ensure this would be to simply copy the whole executable file, i.e. VRDB would be a copy of all your executable (exe, dll...) files. Of course, it would get rather big this way.

When no RunInterval value is in the avast4.ini file, the default (3 weeks) is used. I'm afraid I don't know how long the VRBD generation can take... of course, it depends on how much files and programs you have on your disks... I think it shouldn't take very long (an hour?) - but I really don't know, I may be completely wrong. As for shortening the interval of VRBD generation I suggest you read this forum.

By default, VRBD is updated every 3 weeks; the interval can be changed by editting avast4.ini file, though. More information about the avast4.ini file you can see here.

avast! mostly relies on VRDB - at least considering the executable files (the macroviruses are cleaned by other methods, not using VRDB). So, cleaning an infected file right after you installed avast! (i.e. without having the original file in VRDB) would not work.

avast 4.1 will include the Cleaner - that is able to clean the most common viruses using a virus-specific methods. The number of viruses healed by Cleaner will grow in time, as well as the integration of the Cleaner into avast! will get tighter. Note, however, that any generic virus removal methods (that do not use a VRBD-like database) is usually not able to turn infected files exactly into their original state. For example, some information in the file header is often irreversibly overwritten when an exe-infection occurs. This information is unimportant in most of the cases; sometimes, however, it may cause problems - WinZip self-extracting archives will announce CRC errors, some copy-protected programs may not run, etc. This folder has nothing to do with VRDB. avast! puts there temporary files when scanning inside of archives or e-mail attachments. So, you can safely delete the files. (Of course, avast! should have deleted the files...)
« Last Edit: June 09, 2004, 05:52:53 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #9 on: May 31, 2004, 12:00:08 AM »
Understanding firewalls

First off all, some terms description:

IP. Internet Protocol. Each computer on the internet has an IP-address, which is similar in principle to a telephone number. However, unlike telephone numbers, IP addresses are restricted in their numerical range. An IP address has the format "###.###.###.###". Four number blocks, each of which are segmented with dots, and each block can only contain a value from 0 to 255.

Port. A communication channel for computers in networks. In order for computers connected to the internet to be able to communicate with each other, the transmission standard "TCP/IP" was designed. TCP/IP is a software protocol for formatting and transferring data within a network - such as the internet. One of the main advantages of TCP/IP is that it is not dependant on the computer's operating system. Transmissions between different operating systems are therefore possible. By knowing the IP address in use, a program is therefore able to send data to another computer. But how the receiving computer can know which program to use for the data it receives? To handle this there is a system of port numbers, also known as ports. With each transmission of data, the data package must contain the receiver's IP, and also the port number of the program which is responsible. Imagine ports as a direct dialing number in a phone system. If the call number is not existent, you simply won't get a connection. The same thing occurs if you try to connect with a computer on a port where no service is present. A complete data transfer always contains the IP address plus the port number required. This applies to both outgoing data (requests to the webserver) and also the incoming data - data transmitted from the website itself).

Port Numbers. Port numbers can be any number from 0 to 65535. This range is split into three main categories described bellow. Port numbers are managed by the IANA (Internet Assigned Numbers Authority). 0 to 1023 are "well known ports", meaning they are reserved for special services like FTP (21), SMTP (25), HTTP (80), POP3 (110), etc. 1024 to 49151 are "registered ports", meaning they are registered for services. 49152 to 65536 are "dynamic and/or private ports", meaning that everyone can use these as required.

Port Reference List. Full list of all ports and their references, trojan ports included.
« Last Edit: June 09, 2004, 05:47:25 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #10 on: May 31, 2004, 12:05:40 AM »
Trojan Horse Behavior

Trojans are nothing more than programs using a port to transmit data to an attacker. They hold a port open, e.g. Port 31337. The attacker connects to the trojan and sends requests to do a certain task, for example to make a screenshot. The trojan makes the screenshot and sends the image via the port to the attacker. On newer trojans, the port number is quite freely configurable, which makes identifying the trojan by the port number difficult. There are no control mechanisms available which can prevent a trojan from using an specific port. If a trojan does use the port 80, for instance, a novice user could imagine the program is a webserver, and may even simply ignore the port.

Services. Are programs which are automatically run at the system startup without any visible window. They work in the background. Open the service manager at the Control Panel > Administrative Tasks.

How to close a port. Close the program holding the port open. But there are also more advanced methods for preventing communication over specific ports. Important: An open port is not necessarily dangerous! You are only at risk if the program using the port contains harmful code. So there is no reason to close all ports in your system. In fact without your ports being open, the internet simply wouldn't work! An open port is not an autonomous object, and should not be considered as something which can be destroyed by closing it. If a port is open on your computer, it means that there is an active program using this port number to communicate with other computers on the web. A port isn't opened by the operating system, it's opened by a specific program wanting to use it.

To close a port, it's usually only necessary to shut down the program holding the port open. On some ports it's enough to tell the program or service that the port should not be opened. A good example is the Microsoft Internet Information Services in Windows 2000 and Windows XP. If installed, they open three ports automatically: 21, 25 and 80. Port 21 is the FTP server, port 25 the SMTP server (email server) and port 80 the webserver for http.

The FTP server enables other internet users to download shared files from your system. They can also upload files to you, if you choose to permit this. The SMTP server is used to send emails directly to the recipient's mailbox without the use of an external mailserver. The webserver allows you to run a website on your PC. But this is only reachable on your IP address. If you wish to make this accessible to the public, you need a domain name that redirects to a static IP address. If however you don't need all these servers, simply shut them down and the ports will be closed automatically.
However it is not always as easy to find out why a port is open. One example is port 5000 which is opened by Windows ME and XP by default. For this, there is no service which you can turn off. To close this port, it is necessary to actually uninstall a certain system component. Port 5000 is used for plug and play with network devices. If you close this port the network plug and play is no longer available.

Firewalls. Even if a port can't be closed by shutting down a program or service, there are still other options for blocking communication to the port. Firewalls can prevent connections on specific ports. They work on the principle that data packages which use a specific port on a network are filtered. However, firewalls only provide passive security. Meaning you may have a trojan installed on your computer, but it can't connect to the attacker because the firewall is blocking the connection.
There are different firewall concepts. On the one side there are Desktop-Firewalls like ZoneAlarm or Tiny Personal Firewall, which are installed locally on the PC they protect. These firewalls are located upon the network driver layer of the operating system, and prevent connections to or from specific blocked ports. But there's also an obstacle here. Programs or trojans which don't use the network driver of the operating system can't be prevented from making a connection to outside the computer. If an attacker can install a trojan with it's own network driver on your PC, a desktop firewall would not help.

A more secure technique is to install a firewall on a second computer. Usually a whole network of computers can only send data to the internet over a firewall server. The computers in the network don't have a direct connection to the internet. All data is transmitted by the firewall, and can therefore be blocked as and when required. Most of such firewalls are also able to analyze the data packages. So for example if a harmless email is transferred, the firewall can check that there are no viruses attached to the email, and filter the attachment before sending the mail to the target PC. In general however, good firewalls tend to be fairly expensive and usually require special hardware.
« Last Edit: June 09, 2004, 05:47:36 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #11 on: May 31, 2004, 12:08:25 AM »
Windows 2000/XP boot troubleshotting

Try several tactics to get a reluctant Windows to load; plus, keep XP's Start menu under control.

1) If Windows XP (or 2000) refuses to start, press F8 right after you turn on your PC but before the Windows logon appears (it may take a few attempts to get the timing right). At the resulting menu: select Last Known Good Configuration to restore your Registry to an earlier date.

2) If this doesn't get your PC working, reboot and press F8 again, but this time select Safe Mode, and then choose Start > All Programs > Accessories > System Tools > System Restore. Follow the wizard's instructions and pick an appropriate backup. If that approach doesn't work either, or if you can't even get to this menu, use your emergency boot floppy.

3) If your hard drive's boot sector or Windows' basic boot files have been corrupted, this disk will circumvent the problem and boot you into Windows. If you don't have an emergency boot floppy, you may be able to use one created on another PC running Windows XP or Windows 2000, but there's no guarantee that it will boot your machine. To make one, insert a blank floppy disk into drive A:, select Start > All Programs > Accessories > Command Prompt, type format a:, and press Enter. When asked if you want to format another disk, type n and press Enter. Type the following commands, pressing Enter after each one.

xcopy c:\boot.ini a: /h
xcopy c:\ a: /h
xcopy c:\ntldr a: /h

Now type exit and press Enter to close the window. Remove the floppy disk and label it Windows XP boot floppy. Put this emergency disk in the floppy drive of your inoperable machine and boot up. Windows should run with no problems. You could simply keep the floppy in the drive all the time, but to truly fix the problem, launch the command prompt as described above, type xcopy a:*.* c:\ /h, and press Enter.

4) If the emergency boot floppy doesn't work, try the Recovery Console, a Windows utility that provides a DOS-like command line from which you can run some repair programs. It's tricky to use if you're not accustomed to command lines, and you can damage your data, so be careful.
If you have a Microsoft Windows CD-ROM, you can get to the Recovery Console by booting from that CD and pressing any key when you're told to 'Press any key to boot from CD'. At the 'Welcome to Setup' screen, press r for Repair.

If Windows XP or 2000 came with your computer and you don't have a Microsoft Windows CD-ROM, the Recovery Console might be on one of the CDs the vendor bundled with your PC. But it might not. Fortunately, the Recovery Console is hidden in a free, downloadable Microsoft program called Setup Disks for Floppy Boot Install. Visit Microsoft's site to download the setup-disk file that works with XP Professional; available too is the XP Home version, which will also work for Windows 2000, Me, and 98.

When you run the download, it puts the XP installation program, including the Recovery Console, onto a set of six floppy disks. To get to the Recovery Console, boot from the first floppy, and then swap disks as prompted until you reach the 'Welcome to Setup' screen. Press r to open the Recovery Console. The Recovery Console most useful commands are:

Command - Function
Chkdsk - Checks disks for errors. If you load the Recovery Console from floppy disks, chkdsk may complain that it can't locate autochk.exe. When it asks for that file's location, point it to c:\windows\system32.
Diskpart - Creates and deletes partitions.
Extract - Extracts files from compressed .cab archives. Extract is not available if you load the Recovery Console from floppy disks.
Fixboot - Writes a new boot sector.
Fixmbr - Writes a new master boot record.
Help - Lists the Recovery Console commands.

For detailed information on a particular command, type the command followed by a space and /?. (Not all the commands will be available if you don't have a Windows CD-ROM.)
« Last Edit: June 09, 2004, 05:47:49 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #12 on: May 31, 2004, 12:11:41 AM »
What is a Cookie?

A cookie is a file created by an Internet site to store information on your computer, such as your preferences when visiting that site. For example, if you inquire about a flight schedule at an airline's Web site, the site might create a cookie that contains your itinerary. Or it might only contain a record of the pages you looked at within the site you visited, to help the site customize the view for you the next time you visit.

Cookies can also store personally identifiable information. Personally identifiable information is information that can be used to identify or contact you, such as your name, e-mail address, home or work address, or telephone number. However, a Web site only has access to the personally identifiable information that you provide. For example, a Web site cannot determine your e-mail name unless you provide it. Also, a Web site cannot gain access to other information on your computer.
Once a cookie is saved on your computer, only the Web site that created the cookie can read it.

Can Cookies send information?

Absolutely Not!  They are simple text files and incapable of performing any action whatsoever.  They can be read and modified by the site that installed them but cannot send anything.

Are all Cookies bad?

Cookies are not always bad, and can be used for things like personalizing a site, setting personal preferences, or speeding things up on the web. For instance, the ones that remember your user name and password when you return to a site.
« Last Edit: June 09, 2004, 05:48:08 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #13 on: May 31, 2004, 12:56:41 AM »

Microsoft's DCOM security patch leaves DCOM running, open, and waiting for malicious exploit. DCOMbobulator by Gibson Research Corporation is a 26 bytes application that allows any Windows user to quickly check their system's DCOM vulnerability, then simply shut down the unnecessary DCOM security risk.

The history of DCOM: Many years ago, Microsoft began modularizing Windows and their applications by breaking them into functional components with well-defined, "version safe" interfaces. The idea was to allow pieces of Windows and applications to inter-operate. The name first given to this effort was OLE, which stood for Object Linking and Embedding. OLE suffered nearly terminal birthing pains and developed a reputation for being a bad idea. Undaunted, Microsoft renamed it COM for Component Object Model. This was still the same old OLE, but Microsoft appeared to hope no one would notice. COM fared somewhat better, but it wasn't until Microsoft gave it the name ActiveX, and built it into virtually everything, that developers finally gave up trying not to use it. Sometime after, Microsoft's industry competitors began working on a distributed object system called CORBA. Microsoft's object system was not distributed, but as we know, Microsoft quickly stuck a "D" (for Distributed) in front of COM to create DCOM, their Distributed Component Object Model. Then they crammed it into every version of Windows starting with Windows 98, even though no one needed it, wanted it, or was using it. That way they could say Windows already had a distributed component system built in.

What does DCOM do for the user?: It attracts Internet worms and permits your system to be remotely compromised by malicious hackers. There may be some custom corporate application developers who have managed to make some use of it, but mostly no one ever has. Nonetheless, it's there in Windows so that the competitors' CORBA isn't. DCOM serves no practical purpose for almost anyone and, as the entire world now knows, it creates a huge and unwarranted security risk. Therefore, it's crazy to leave DCOM running. Microsoft's DCOM vulnerability patch does fix this latest problem with DCOM. But this was not the first problem with DCOM, so there's little support for the hope that this was the last problem.

What does the DCOMbobulator do? The DCOMbobulator will help everyone to perform two tasks:

1) Verify the effectiveness of Microsoft's DCOM patch. Even though DCOM should be shut down altogether, Windows systems need all the security they can get. So verifying that the known DCOM vulnerability is not still threatening any Windows systems is important. For information about Microsoft's DCOM vulnerability patch, please see this page on Microsoft's site or search Microsoft's site for the phrase "MS03-026" to find references and help about this significant security vulnerability.

2) Shut down DCOM completely. Since no typical Windows user has ever needed to have DCOM enabled, it should be shut down immediately and disabled (after first making sure that it's safely patched when it's enabled and running). The DCOMbobulator makes this as easy as pressing a single "Disable DCOM" button. You can then restart Windows and verify that DCOM has been safely taken out of service.

Closing TCP Port 135. Three systems within Windows NT/2000/XP/2003 share TCP port 135: DCOM, Task Scheduler, and Distributed Transaction Coordinator (MSDTC). Since running any of these services will hold TCP port 135 open to accept incoming connections, they must all be stopped and disabled in order to close port 135. The DCOMbobulator disables and "unbinds" DCOM from port 135, but it does not take any responsibility for dealing with the other two services.

Under Windows 95/98/ME, disabling DCOM with the DCOMbobulator will close port 135 since the Windows Task scheduler does not use port 135 and those systems don't have the Distributed Transaction Coordinator.[/me]

Any personal firewall or NAT router will isolate a system's open ports from external intrusion, so leaving port 135 open is not a problem if your system has additional intrusion protection in place. At the same time, the best security is obtained with multi-layered security where each layer is as secure as possible. If you can determine that you do not need the Windows Task Scheduler, or that you can live without its services, you can probably arrange to completely close your TCP port 135.

MSDTC — As with DCOM, typical Windows users have no need for the Distributed Transaction Coordinator service. If it is running, it can be stopped and disabled without any negative impact on the system. But unfortunately, as we'll see, the same may not be true of the Windows Task Scheduler service: Task Scheduler — Users of Windows XP who wish to use XP's "Prefetch" system for startup performance enhancement must leave the Task Scheduler running. Many people also depend upon Task Scheduler for timely anti-virus and other updates. For these reasons it may not be practical for you to shut down and disable the Task Scheduler. However, I wanted to provide the information for users of other Windows versions who care enough about permanently and finally closing port 135.
« Last Edit: June 09, 2004, 05:48:20 AM by Technical »
The best things in life are free.

Offline Lisandro

  • Avast team
  • Certainly Bot
  • *
  • Posts: 67185
Re:User's FAQ
« Reply #14 on: June 09, 2004, 05:49:40 AM »
Settings that cannot be saved

Configure your settings how you want them, right click on tray icon and select Stop On-Access Protection and Exit, now restart your computer and see if it has saved your settings. Some services could be wrongly ended (killed) and then the settings were not saved.
The best things in life are free.