DCOM Windows XP Do You Need It?

DCOM Windows XP Background

With the recent exploits of the MSBlaster worm and the new revelation that more flaws have been discovered (see KB824146), the DCOM protocol has once again been thrust onto centre stage again...

What is DCOM in Windows XP?

DCOM is a a very little used technology that has been built into the Windows operating system so as to allow the various software components to inter-operate across any network... (Great for worms and viruses...)

However, as with many services and protocols in Windows, Microsoft appears to have enabled it as "always running" - when it's almost never needed!

Some Windows applications such as Paintbrush & Media Player are "DCOM ready".
They have been created that way so anyone else on your network, or over the public Internet can access them. But Why...?

DCOM in Windows XP has always been a bad idea! It is a potential source for trouble.

The world now has multiple "DCOM worms" using the Internet to find new victims.

You might be asking is it safe to disable then? Well the short answer is YES.

The slightly longer answer is that whilst most home users are not going to need the DCOM protocol in Windows XP... Some business/corporate users might need it. You see some specially written software for businesses may be written to actually use the DCOM functionality. The only real way to know is ask your IT department or disable the service and see if the software stops working as it should!

In reality though, most of you reading this article will be home users, or users of a stand alone business PC that is not running any special software that requires DCOM in Windows XP.

This is the official Microsoft description of DCOM:

"The Distributed Component Object Model (DCOM) is a protocol that enables software components to communicate directly over a network in a reliable, secure, and efficient manner. Previously called "Network OLE," DCOM is designed for use across multiple network transports, including Internet protocols such as HTTP. DCOM is based on the Open Software Foundation's DCE-RPC spec and will work with both Java applets and ActiveX® components through its use of the Component Object Model (COM)."


If I Do Not Need DCOM - Why Is It There?

Good question!

And my rather cynical answer is so Microsoft can say they have a distributed component system built into Windows, rather than put a competitors system in Windows!

You see DCOM is a new name for the old OLE.

OLE (Object Linking and Embedding) was a bad idea that Microsoft tried to make happen... Now they call it DCOM...

Virtually no-one needs it, wants it or uses it! Shocked? You should be...

What's worse is that Microsoft have DCOM set to run on EVERY Windows XP machine by default!!! (Its just sitting there waiting for the next worm to exploit it.)

After the recent MSBlaster worm that hit so many users, Microsoft issued a patch to try and secure DCOM. However, what would have been a really neat idea, was to have the patch do its security thing AND THEN "disable" DCOM.

Then only those that truly need it (0.01%) of us could manually enable it if required.... It is a real shame they did NOT do this.


So How Do You Disable DCOM in Windows XP..?

The good news is that YOU can disable DCOM support...

Step One

Read my article on the latest security flaws in DCOM and apply BOTH of Microsoft's security patches for DCOM. You must do this prior to the next steps.... Get the article: KB824146


Step Two

Click Start menu, and then click the Run icon.

In the small box that Opens, type: regedit then click the OK button.

The Registry Editor will now have opened...

You must now navigate to the following registry key:

HKEY_LOCAL_MACHINE\Software\Microsoft\OLE

You will see there is a String Value called:

EnableDCOM

Set the value to: N (it should currently be Y)

Close the Registry Editor.

Shutdown and Restart your computer.


Step Three

Click Start menu, and then click the Run icon.
In the small box that Opens, type: Dcomcnfg.exe then click the OK button.

Now the Component Services window should open.

In the left hand pane "Expand" Component Services.

Right-click Computer and select Properties.

(For a remote computer, right-click Computer, press New, press Computer, type the ComputerName, right-click the ComputerName and press Properties.)

Select the Default Properties tab.

Clear the Enable Distributed COM on this Computer box.

Click the Apply button to disable DCOM.

Click the OK button and exit the Component Services window.

Shutdown and Restart your computer.


Wider DCOM issues....

It is worth mentioning that DCOM communicates via Port 135...

It is important that you secure this PORT! Please make sure you are using a Firewall on your computer, or that you are behind a firewall device on your network.

If you are using a router with NAT (Network Address Translation) then Port 135 on your PC, should be "invisible" to the outside world....