PHILLYBIZ
Right Now
join:2001-01-27
Philadelphia, PA
| LOST IN CONFUSION, Some ZA Help please!
I found this site because I searched for threads about "MS Auto Update". Alot of the issues mentioned are kinda goin on with my computer...the weirdest being Windows Explorer trying to acces the internet. That happened tonight. Y would that program...of ALL programs...want to connect to the internet....Kudoz to Zone Alarm? But from what I understand from above, ZA might not be OK? Then what is the best free firewall (easy to understand) out there? Also What is Distribute COM Services? It always tries to get to the internet? I never let it!!
My original question is WHY is "MS Office Auto Update", always down?
»www.officeupdate.microsoft.com/o···alog.htm
I'm just really confused by the totality of the entire thread...can't really make out what is good or bad? And since Windows Explorer tried to get to the internet...im a lil nervous...what might be goin on here?
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net
This post was a new reply to an old post. I have opened a new thread for it. The contents of the post have not changed. Wildcatboy
[text was edited by moderator] |
|
2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
clubs:  
| OK - why would Windows Explorer try to get to the internet: You may have something like Web Folders enabled, and may have browsed to one of them and IE is trying to connect to it. You may have tried to open a file that contains a reference to a location on the internet. You may have tried to browse to a folder that is on the web somewhere (web folders enabled). There are valid reasons for this action. Distributed COM services - sounds like you have Windows 2000 running. There was a discussion of this in another thread, and quite frankly its purpose escapes me at the moment - suffice it to say that it obviously doesn't need internet access.
As to Why is MS Office Auto Update always down? I don't have a clue - I update both Windows and Office 'manually' - although I have got Windows update set to notify me when critical updates come out. As far as the site in your link, I just went there with no problem at all.
[text was edited by author 2001-02-17 02:46:27] |
|
Anon | reply to PHILLYBIZ
Distrbuted com is from what i can tell spyware from different freeware programs. I got it when i installed download accelerator plus and other programs that I have downloaded in the past. I keep it blocked form using the internet and have never had any problems running any of the programs. |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
|  reply to PHILLYBIZ
philly76erskid74, you do seem confused.  Forget about the old thread and try to explain what it is exactly that's confusing and what is it exactly that you need to know. There are several questions in your post ranging from ZA to Microsoft's web site to Distribute Com services.
2Kmaro answered why Windows explorer might want to reach out. Say no to it and if a program fails to operate you'll know why and then you can decide whether to let it out or not. Otherwise keep it inside and don't let it out.
Why is the site down? well, I just went there. I never use it to update or upgrade. I do it manually and I don't like to be tracked.
Distribute Com Service or RPCSS.EXE is a Windows / NT component and there has been a lot of speculations about it. Most people believe it's some kind of Microsoft designed Trojan calling home and reporting things. I don't know if you want to be that paranoid but in any case my policy is if you don't know what it is say no to it. Your best bet would be to disallow it in ZA to get out of the computer and allow it in your local zone.
--
You can catch the Devil, but you can't hold him long. |
|
2kmaro
Think
Premium,ExMod 1 BC
join:2000-07-11
ColossalCave
clubs:
| reply to Anon
mccarrier - I have to go with WCB on this one - Distributed Comm appears to be a built in part of Win NT/2K. It is on my W2K system, and the only freeware there is ZoneAlarm, and I know for a fact it does not come with ZoneAlarm. Haven't got a real clue as to what its whole purpose in life is, but it seems that it doesn't have to get to the internet for things to work right. In that, you are absolutely correct as I see it. |
|
fuzz
Fuzz
Premium
join:2000-06-05
FuzzLand
 ·AT&T Southeast
|  I wonder if this:
»www.distributed.net/trojans.html.en
has anything to do with the problem?
You might want to check.
--
For The Cause
|
|
notdedyet
join:2000-08-28
Littleton, MA
| reply to PHILLYBIZ
There seems to be some confusion about DCOM here. DCOM (or Distributed COM) is the mechanism by which Microsoft COM objects can be hosted on different systems from the one that the program that calls it is running on.
So what is a COM object? COM stands for Component Object Model and is the underpinning of a lot of Microsoft's software these days. IE is a collection of COM objects, and ActiveX is built around COM objects.
Due to the way that COM is designed, a COM object may reside in the same process as the calling program or in a separate process of its own. When a COM object is in a separate process, that process may be running on the same system as the calling program or on some other system. When it resides on a separate system, it is sometimes referred to as DCOM although Microsoft tends not to use that term anymore.
DCOM is NOT spyware. I suspect that you could write spyware with DCOM, but you can write spyware without it. (And non-MS OS based spyware couldn't be written without it.)
So how do you get DCOM on your system? It comes with it (as of Win95 OSR2) or by installing IE or other MS apps. |
|
CyberStretch
join:2000-11-23
Worcester, MA
|  I think notdedyet hit the nail on the head. I think that RPCSS.EXE is the Windows port of the *nic RPC which, IIRC, allows Remote Procedure Calls between systems to allow a program to be run by one system on another.
This may be of little use to home users, unless you are hosting applications on one system you want to run from another, but could be highly beneficial from a professional environment.
A brief description of RPCSS.EXE can be found on: Q148804:
The Windows 95 RPC endpoint mapper service, Rpcss.exe, may not correctly handle reentrancy (more than one pending request). If the RPC endpoint mapper is concurrently accessed by two processes, or twice within one process, an invalid page fault (exception 0E) may occur in Rpcss.exe.
This behavior is somewhat timing-dependent, and may not occur consistently on all computers.
A little searching and fact finding is usually all that is needed to dispel rumors of "spyware", "Trojans", etc included in MS OSes.
Microsoft maybe evil in some respects, but definitely not in all respects.
--
The price of admission is submissions... |
|
notdedyet
join:2000-08-28
Littleton, MA
| reply to PHILLYBIZ
RPCSS on a Windows system is Remote Procedure Call System Service and is Microsoft's implementation of the RPC standard but modified to authenticate calls using Windows NT authentication. It also can start up COM objects as necessary. RPCSS also exists on Unix and OpenVMS systems that have had COM support ported to them. |
|
CyberStretch
join:2000-11-23
Worcester, MA
| notdedyet,
Thumbs to you for factual information and dispelling any fears about RPCSS.EXE. I am sure everyone will rest a little better now that they know what it is.
--
The price of admission is submissions... |
|
PHILLYBIZ
Right Now
join:2001-01-27
Philadelphia, PA
| reply to 2kmaro
ThancX...I am confused because I wasnt even in explorer...I wasn't even touching the keyboard..it just went to the internet...
I am now clear on the DCOM dilema; however I am not running windows 2000...98se. So why would it come up?
With MS update down, I mean like "Windows Update", it tells you what you need...Office Update always says its down, but I tend to agree about preferring to update manually...but I cant seem to figuure out what to run first...if I really need this or that. I am using 2000 Office Premium. I guess I'm OK?
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net |
|
OzarkMan$
join:2000-12-22
Ozark Mtns.
| Hey Philly,
Couple of questions for ya.
1)Are you using "Active Desktop" to your knowledge
2)Windows Explorer or Internet Explorer tried to connect
3)To your knowledge do you have any programs set to auto-update at a certain time
4)What program if any were active at this time when you weren't even touching the keyboard
The crazy's out there are getting real slick, even company's that hide there heads as programmers load tons of cookies, BHO's and many other nasty's that compromise our systems and to some degree violate privacy
Wish you well in your quest for answer.
OZ
--
Genuine Wisdom is knowing what you are talking about but deciding to keep your mouth shut. |
|
PHILLYBIZ
Right Now
join:2001-01-27
Philadelphia, PA
| Hello Ozark....
1) No about active desktop...to my knowledge...seriously, I had to remember how to access it!!
2) Windows Explorer
3) No programs set to "auto update"...i do have windows update and netscape update
4) No programs were active except for start up (PT Snoop, Hidserv,scanreg)...I had just turned on Zone Alarm maybe 2 mins b4....GLAD I DID...
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net |
|
Wildcatboy
Premium,Mod
join:2000-10-30
Toronto, ON
Host:
Security Product V..
Security
| reply to notdedyet
Thanks Notdedyet. I found your explanations to be quite valuable. Keep on posting. As you mentioned quite correctly Distribute Com services and COM objects can be used in Spyware but they are not by nature necessarily Spyware. The reason a lot of paranoia surrounds this service on different boards is the simple fact that it tries to get out every now and then. As I mentioned in my original post I don't know if philly wants to be that paranoid to accept that explanation but not letting it out in most cases won't affect the operations of a home user.
In ZA you can easily let that procedure to be used for your local communications but disallow it from going out. By the way It's been experienced by some people that by disallowing it to go out you may have problems viewing some sites. Hasn't happened to me yet and I can't personally testify to that. It's just something that was mentioned on this forum before. Again good posts.
--
You can catch the Devil, but you can't hold him long. |
|
larsfum
Premium
join:2000-09-01
Naples, FL
| reply to PHILLYBIZ
There is a FAQ on the ZA website that basically states that Za misidentifies WE for IE. »www.zonelabs.com/services/suppor···#config1
--
Fish laugh at the mere mention of my name! |
|
RDionysus
join:2000-10-03
Lindenhurst, NY | reply to PHILLYBIZ
There is further explanation of DCOM scenarios here as well: »www.adcop.org/smallfish/dcom.htm |
|
OzarkMan$
join:2000-12-22
Ozark Mtns.
| reply to PHILLYBIZ
Philly, hopefully you now have a better understanding of DCOM due to the wonderful comments by all. As for one of your other concerns "Explorer" wanting to connect, hopefully it is as the others have said....if not....maybe one of the following previous posts will lead you down the right road.
windows explorer wants out
Explorer
Zone Alarm Question about Windows Explorer
As always, when visiting most posts, there are very good comments and opinions. The three above also have some interesting threads one could click on for further info.
NOT wanting a program to connect from your machine without your permission is Very important...as others have said.
Be Secure AND Paranoid
Oz
[text was edited by author 2001-02-18 06:53:16] |
|
PHILLYBIZ
Right Now
join:2001-01-27
Philadelphia, PA
| ThancX Ozark...
You sent me into a world...now here are my questions?
DCOM is now hammered into my brain. Checked out AWSPS and as soon as i opened it it asked me about DCOM...but the free version doesnt allow you to fiddle much. I might have to buy it it seems interesting...
said by paul613:
Take a look at the authorized programs in zone alarm, it will list the versions for IE and windows explorer. They should be a close match(The 1st three numbers) For example MY IE is version 5.50.4522.1800, and Windows explorer is version 5.50.4134.100
I did that and my versions are different...Explorer was 4.72XXXX, IE 5.00XXXX (I have 5.5...(verified))
Im clear on DCOM now, but a lil confused with ZA not pulling correct versions...is there an update I need to run.
I am some what confident that my system is in FULL Stealth mode, but reading threads makes you look and check stuff...and some stuff I read makes me think I have BIG problems...but in the end they are OK...you guys know too much!! Thancx for sharing the knowledge.
--
Sean L. Martin, CEO/Partner
FYI Communications Group
www.FYI2000.net |
|
Lucif4
Premium
join:2000-12-12
clubs:
| Do you have Hotbar installed? What programs do you have running at startup. Do you notice anything weird when you run 'msconfig' (look in 'startup'). Verify that you haven't installed something new recently.
Has this been happening awhile? Or more recently? What I gather, it has been recently. I had the same problem, and couldn't figure it out until I did a process of elimination. I had to think about what I installed to make Windows explorer want to access the internet. Take a look and think hard.
Good luck at any rate! |
|
Rocktagon
Slightly Bent
Premium
join:2000-11-04
Chattaroy, WA
clubs:
| reply to PHILLYBIZ
Since you have IE 5.5 you need to use regedit:
Start>run>type regedit:
Navigate to:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\BrowseNewP rocess
It should have a value of "yes" if it doesn't change it to yes REBOOT, then remove auth for explorer from ZA and re authorize Iexplore And let me know how that works out.
This solves the problem for your brownser!
I will bet on it 
--
Quest for Knowledge
|
|
