Security → Re: RPCSS and Zonealarm

I'm afraid I have to disagree. Renaming it would not be necessary so long as your firewall is doing its job. It can also cause future problems if you decide to make changes to your current settings, such as adding other machines and have a LAN. I've seen too many questions in this forum by people who can't figure out why their machine is behaving strangely after making a simple change to their Network, only to find out after a long thread that they had renamed something 6 months ago and forgot about it all by then.

Also if you are running an NT or a W2K, you can kiss your machine good bye by renaming RPCSS. In some cases You're lucky if you can reboot. The objective is to stop RPCSS to go out and you can accomplish it by clicking a button on your ZA. I'd rather not make it more complicated than it really is.

Interestingly enough my other two machine's ZA don't show RPCSS. My son and I networked the house five months ago as a father and son project. All three run WIN98SE and all three run ZA 2.6.231. Until last night, we didn't know about RPCSS. Still newbies after all this time. All this started because my son installed AOL on his machine. This is forcing us to learn alot more about security and IP and etc, which is a good thing.

said by ticker:

---

Interestingly enough my other two machine's ZA don't show RPCSS. My son and I networked the house five months ago as a father and son project. All three run WIN98SE and all three run ZA 2.6.231. Until last night, we didn't know about RPCSS. Still newbies after all this time. All this started because my son installed AOL on his machine. This is forcing us to learn alot more about security and IP and etc, which is a good thing.

---

It didn't ever show up on my ZA either until I learned about the file here on DSLR. I searched for the file, attempted to run it manually, and ZA flagged it. I did that so ZA WOULD have it on it's panel--and I could therefore block it.

It all depends what kind of applications you have on your machine or what sites you visit. Sometimes an application tries to use the Remote Procedure Call Service feature whether it's an application on your machine or perhaps a web site that tries to use it and that's usually when you see RPCSS trying to get out. But still neither one should use the feature to get out unless you exactly know why. In very rare occasions I've seen a web site that can't be displayed without that feature but then again I'd try to stay away from that site anyway so you really won't be missing much.

I disagree to agree !
RPCSS is and always will be a security risk.
It's just too bad that Win2k, NT, XP may need it to operate. That's at least one bad drawback that NT, 2K has.
.
All other Win9x systems do not need it.
It's kind of dumb to let it run, then try to block it with a firewall that might let it slip by anyway.
Why have a port listening that serves no useful purpose other than a security risk ?
Rename it so the evil program can't run !