Executive Diskkeeper 9.0 COMPROMISES SECURITY!

Discussion in 'LnS English Forum' started by Oh Trouble...., Dec 31, 2004.

Thread Status:
Not open for further replies.
  1. All,

    Something a little irritating i just found out. If you run Executive Diskkeeper 9.0, for it to run properly, the file and printer sharing ports must be enabled!!!!!! this is a big compromise to online security.

    I currently disabled these ports through the little disabler tool on The gibson research site, and in doing so have DK 9.0 crashing on me all the time!, is there any way to configure L&S so as to allow the necessary components of diskkeeper 9.0 to access the necessary ports while blocking every joe public hacker from my File and Printer shanring ports....o_O?

    The ED 9.0 web page they explain what need to be enabled is http://www.executive.com/products/firewall.asp

    But my knowledge of L&S is not good enough.

    I am currently using Phant0m's latest rules for Connection Type > Dial-up > Microsoft Windows 2K/XP.

    Help oh knowledgable ones .......Phant0m where is your magico_O
     
  2. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    From your link: "Diskeeper does not use the internet to communicate but uses its own communication among its components to function." I take this to mean it would use these ports locally (on your system) and not require allowing access to the outside.

    Have you tried re-enabling those services and run Diskeeper and monitor your logs for what it may need? Your current rule set will block any unsolicited inbounds to those ports.

    Regards,

    CrazyM
     
  3. Oh trouble

    Oh trouble Guest

    Thanks for the quick response CrazyM,

    Before i enable PNP;

    If i could ask, i realise that DK 9.0 would not hack me, but by enabling the ports someone else could potentially try no?

    On the application filtering tab, there is the edit option for each application which allows the editing of ports. If i enabled the ports (i.e. entered the port numbers) for each DK 9.0 item, would this mean only that particular edited application could have allowed access to the PnP ports?

    I will try enabling PnP to see what the DK 9.0 comonents are accessing....but even if still disabled, wouldnt the L&S log still record the same components attempting access? they dont seem to be... although i will enable the "!" function in the "applications tab to see if they are....

    Ot
     
  4. CrazyM

    CrazyM Firewall Expert

    Joined:
    Feb 9, 2002
    Posts:
    2,428
    Location:
    BC, Canada
    You should not have to enable UPnP.
    Do you get any prompts from LnS or any log entries when you run Diskeeper?

    Regards,

    CrazyM
     
  5. halcyon

    halcyon Registered Member

    Joined:
    May 14, 2003
    Posts:
    373
    That is odd. I ran the eval of DK9 with the above disabled. No problems.
     
  6. Starrob

    Starrob Registered Member

    Joined:
    Apr 14, 2004
    Posts:
    493
    Is your machine standalone or networked? It looks like it only says something about open ports under the Title:

    Networked machines running Professional or Server Editions

    So unless your machine is networked, no open ports should be necesarry. At least that is the way it appears to me.



    Starrob
     
  7. Notok

    Notok Registered Member

    Joined:
    May 28, 2004
    Posts:
    2,969
    Location:
    Portland, OR (USA)
    When I saw this behavior from DK, I set it to only connect to localhost (127.0.0.1), and haven't had any problems.
     
  8. BlueZannetti

    BlueZannetti Administrator

    Joined:
    Oct 19, 2003
    Posts:
    6,590
    I'm testing DK 9.0 right now. On my system (not LnS), the autogenerated rule comes out to be basically:

    TCP protocol + Outbound Direction + Remote host = localhost:loopback (127.0.0.1) + Remote Port=DCOM (i.e. 135): Allow

    Blue
     
  9. Oh trouble

    Oh trouble Guest

    Sorry for the delayed reply, and thanks all for sharing thoughts.

    Since first writing, i have done three things:

    1) Update the first DK 9.0 to version 9.0.511 (for registered users)
    2) Re- enabled the port DCOM - 135 by using the GRC DCOMbobulator - i had used the same tool a while ago to disable this port - interestingly Mr Gibson does now say following XP service patch 2 it is probably better to have it enabled.
    3) watched closely on LnS to see what the DK components are accessing.

    And now its not crashing. On the new update 9.0.511, they say that unless the machine is remote administrated then one neednt do anything. So far DK - set on "smart scheduling" has run automaticall once without crashing. . .

    at first i thought it was perhaps conflicts with 2 other programs, 1) PGP and their mounted virtual hard drives, or Process Guard from DCS labs. But after installing DK on my sisters xp sp2 computer it also crashed. . . .

    will keep running and see if the DK "smart scheduling" crashes over the next day or two. . . and report back

    again tia

    Ot
     
  10. Skank!

    Skank! Registered Member

    Joined:
    Jan 29, 2005
    Posts:
    31
    Location:
    New Zealand
    If you check what version of Diskeeper you have youll find that you can use Diskeeper remotely to defrag "Client" computers on your network. Thats why Diskeeper is asking for Server rights and has open ports supposedly for "File and Printer Sharing Ports ".

    What I did to get round this was disable diskeeper service by going "Start\Run\Services.msc and locating the service "Diskeeper". I then changed its "Startup type" to manual. That stops it running Server rights at startup
    Youll find without that service enabled to automatic, diskeeper will fail to start when you go to run the program....
    To get around this I copy\pasted the following into note pad,(where the path is to coincide with your installation drive\folder)

    Code:
    net start Diskeeper
    C:\WINDOWS\system32\mmc.exe "C:\Program Files\Executive Software\Diskeeper\Diskeeper.msc"
    net stop Diskeeper
    and saved it as a batch file (.bat)
    Now whenever you want to run diskeeper just double click the batch fiile we created...
    And diskeeper is using less resources now its not running all the time :)
     
Thread Status:
Not open for further replies.