Tube Amps / Music Electronics
For current discussions, please visit Music Electronics Forum. New: view Recent Searches.
New: visit Schematic Hell!
The sunn still shines online!

Listen to great tunes streaming live right now!

ampage archive

Vintage threads from the first ten years

Search for:  Mode:  
  View Thread

LovSan virus

8/12/2003 6:05 PM
LovSan virus
Well this is the outbreak that was expected since Microsoft announced on July 16 the serious defect which has been present in all Windows versions since the time that DCOM was annexed onto Windows95.  
The defect supposedly *discovered* by the LSD group as it was documented on the Microsoft website when I was reading it on July 17.  
Most default installations of Windows are vulnerable to a *DCOM attack* which is what LovSan does, entering your computer without you having to open emails or even have a mail reader to begin with. Just being on the internet you can get this one.  
The software patches from Microsoft are expected to be effective, however since virtually all of the factory support for Windows95 has been withdrawn to the disadvantage of Microsoft's greatest customers, outstanding by omission is the lack of a security patch for Windows95 itself, the flagship of the 32bit operating systems.  
It could be worse, if more time had been allowed to pass before public release of the operating system defect, the technical support for the much more popular and still common Windows98 might have been completely withdrawn by then. Then it would have been legitimately permissible for the W98 customers to have been shafted and left without a security patch as well.  
Actually, since the defect this time is confined to DCOM (Distributed Component Object Model), and the purpose of the new DCOM in the late '90's is to allow your computer to execute code which is resident on a remote machine, or for a remote machine to execute code which is on your machine, you can do without DCOM completely in most cases. Some of the newer highly interactive applications might not have been possible without DCOM, but if you are still now using W98 or W95 for primarily personal computing it is quite likely that the DCOM originally installed by default on your machine has been there maintaining readiness the whole time without having been called upon yet. Unless it hears the call of LovSan, to which it will respond as if it were designed that way intentionally.  
There is a configuration utility for DCOM which has a number of versions. Dcm95cfg, dcomcnfg and a few variations like that IIRC. With this Microsoft utility you can enable or disable DCOM as well as select optional settings. The original dcomcnfg supposedly works on both W98 & W95, but interestingly was only included with W98 First Edition. It is not on the CD for W98SE users, who would have to download it separately from Microsoft. I remember quite well that there was worthwhile documentation and easily located downloads of dcomcnfg at the Microsoft website prior to July 16. It was also available at numerous third party sites as a free download. Since then the site has been virtually purged, and it also appears to have been Googlewashed from internet memory.  
Anyway, for anyone still on W95 or who may not want to depend on the new security patch for W98, you can disable DCOM quite simply in the registry:  
Start > Run > Regedit  
Then open the folders: HKEY_LOCAL_MACHINE\Software\Microsoft\OLE  
You will see where it says EnableDCOM *Y*.  
Right click on that EnableDCOM, hit Modify, then change the value from Y to N. Hit OK then close the registry window and restart the computer.  
Of course if you NEED dcom for something this would not be ideal, in that case I expect the W98 security patch will work OK in W95. Microsoft might just not want to tell you so in case you might realize more value from your investment while they are not.  

Glen H. Thanks for the tip Mike! :)... -- 8/13/2003 4:10 AM
Todd Hepler Some links ... -- 8/13/2003 1:00 PM