Omnisecure.net

How to Disable Windows DCOM

Windows DCOM is one of the more useless features of Windows. DCOM is mainly useful for computer servers, but for home users and many corporate machines, it is unused. DCOM stands for Distributed Common Object Model. It is a way to allow certain users and other computers to execute programs on your computer. By default, this ability is turned off, but this service is still available.

The MSBlaster worm is one of the worms that exploits a flaw in DCOM. So there are reasons to disable this insecure feature. There has been several patches to fix the flaws in DCOM, but the best solution is to disable DCOM. DCOM is like the door with a sign that states, "Absolutely No Admitence Allowed," which seems rather silly. Why have a door, if no one is allowed to enter? Improving the lock on the door isn't the solution. The solution is to remove the door and put a brick wall in place.

Windows 95, 98 and ME users can not use DCOM. So those Windows users are safe from DCOM flaws. If you have Windows NT, 2000 or XP, please read the following directions.

How to Disable DCOM on Windows 2000

1. Select "Start > Run..."
2. Type "dcomcnfg" and press enter.
3. If any warning dialogs appear, select "Yes" or "OK".
4. Select the "Default Properties" panel.
5. Unselect the "Enable Distributed COM on this computer".
   
6. If you want to close port 135, select the "Default Properties" panel and remove all of the protocols.

How to Disable DCOM on Windows XP

1. Select "Start > Run..."
2. Type "dcomcnfg" and press enter.
3. Select "Component Services > Computers"
4. Click the "Configure My Computer" in the toolbar.
   
5. Select the "Default Properties" panel.
6. Unselect the "Enable Distributed COM on this computer".
   
7. If you want to close port 135, select the "Default Properties" panel and remove all of the protocols.