Executive Diskkeeper 9.0 COMPROMISES SECURITY!

All,

Something a little irritating i just found out. If you run Executive Diskkeeper 9.0, for it to run properly, the file and printer sharing ports must be enabled!!!!!! this is a big compromise to online security.

I currently disabled these ports through the little disabler tool on The gibson research site, and in doing so have DK 9.0 crashing on me all the time!, is there any way to configure L&S so as to allow the necessary components of diskkeeper 9.0 to access the necessary ports while blocking every joe public hacker from my File and Printer shanring ports....?

The ED 9.0 web page they explain what need to be enabled is http://www.executive.com/products/firewall.asp

But my knowledge of L&S is not good enough.

I am currently using Phant0m's latest rules for Connection Type > Dial-up > Microsoft Windows 2K/XP.

Help oh knowledgable ones .......Phant0m where is your magic

 

From your link: "Diskeeper does not use the internet to communicate but uses its own communication among its components to function." I take this to mean it would use these ports locally (on your system) and not require allowing access to the outside.

Have you tried re-enabling those services and run Diskeeper and monitor your logs for what it may need? Your current rule set will block any unsolicited inbounds to those ports.

Regards,

CrazyM

 

Thanks for the quick response CrazyM,

Before i enable PNP;

If i could ask, i realise that DK 9.0 would not hack me, but by enabling the ports someone else could potentially try no?

On the application filtering tab, there is the edit option for each application which allows the editing of ports. If i enabled the ports (i.e. entered the port numbers) for each DK 9.0 item, would this mean only that particular edited application could have allowed access to the PnP ports?

I will try enabling PnP to see what the DK 9.0 comonents are accessing....but even if still disabled, wouldnt the L&S log still record the same components attempting access? they dont seem to be... although i will enable the "!" function in the "applications tab to see if they are....

Ot

 

You should not have to enable UPnP.
Do you get any prompts from LnS or any log entries when you run Diskeeper?

Regards,

CrazyM

 

That is odd. I ran the eval of DK9 with the above disabled. No problems.

 

Is your machine standalone or networked? It looks like it only says something about open ports under the Title:

Networked machines running Professional or Server Editions

So unless your machine is networked, no open ports should be necesarry. At least that is the way it appears to me.



Starrob

 

When I saw this behavior from DK, I set it to only connect to localhost (127.0.0.1), and haven't had any problems.

 

I'm testing DK 9.0 right now. On my system (not LnS), the autogenerated rule comes out to be basically:

TCP protocol + Outbound Direction + Remote host = localhost:loopback (127.0.0.1) + Remote Port=DCOM (i.e. 135): Allow

Blue

 

Sorry for the delayed reply, and thanks all for sharing thoughts.

Since first writing, i have done three things:

1) Update the first DK 9.0 to version 9.0.511 (for registered users)
2) Re- enabled the port DCOM - 135 by using the GRC DCOMbobulator - i had used the same tool a while ago to disable this port - interestingly Mr Gibson does now say following XP service patch 2 it is probably better to have it enabled.
3) watched closely on LnS to see what the DK components are accessing.

And now its not crashing. On the new update 9.0.511, they say that unless the machine is remote administrated then one neednt do anything. So far DK - set on "smart scheduling" has run automaticall once without crashing. . .

at first i thought it was perhaps conflicts with 2 other programs, 1) PGP and their mounted virtual hard drives, or Process Guard from DCS labs. But after installing DK on my sisters xp sp2 computer it also crashed. . . .

will keep running and see if the DK "smart scheduling" crashes over the next day or two. . . and report back

again tia

Ot

 

If you check what version of Diskeeper you have youll find that you can use Diskeeper remotely to defrag "Client" computers on your network. Thats why Diskeeper is asking for Server rights and has open ports supposedly for "File and Printer Sharing Ports ".

What I did to get round this was disable diskeeper service by going "Start\Run\Services.msc and locating the service "Diskeeper". I then changed its "Startup type" to manual. That stops it running Server rights at startup
Youll find without that service enabled to automatic, diskeeper will fail to start when you go to run the program....
To get around this I copy\pasted the following into note pad,(where the path is to coincide with your installation drive\folder)

Code:

net start Diskeeper
C:\WINDOWS\system32\mmc.exe "C:\Program Files\Executive Software\Diskeeper\Diskeeper.msc"
net stop Diskeeper

and saved it as a batch file (.bat)
Now whenever you want to run diskeeper just double click the batch fiile we created...
And diskeeper is using less resources now its not running all the time