Re: COM Surrogate

Tech-Archive recommends: Repair Windows Errors & Optimize Windows Performance

"mfsi" <mfsi@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message news:F101CE09-3EB0-498A-BF53-9E463A1C8E6D@xxxxxxxxxxxxxxxx
What is COM Surrogate? I am using Zone Alarm firewall and I am being asked
if I want to allow COM Surrogate to acces the internet. What is it and what
do I need it for?

Thanks


COM dll's cannot be loaded directly. They have to be called loaded by an
executable program. the COM surrogate, dllhost.exe, allows COM objects to
be built in a dll and then exposed by dllhost.exe. There are serious risks
in doing this and Microsoft should abandon the practice immediately. I
really had hoped they would, given their stated interests in improving
security with Windows Vista. When you allow access through your firewall to
dllhost.exe, you open your firewall to every single dllhost.exe instance in
your PC:

http://blogs.msdn.com/robgruen/archive/2004/08/18/216685.aspx

Dllhost, rundll32, and svchost are three system applications that, while
having legitimate system uses, can all be used to hide the process that is
really running on your PC. They each host DLLs, allowing the DLLs to be run
as applications. But when you use TaskManager to view running applications,
the actual DLL's running are not listed, only the hosts are listed. Each of
them fail to display the real name or file location of the processes that
they hide. And the risks outlined in the link above apply equally to
runndll32, svchost, and dllhost, though the article only refers to dllhost.

While there are tools by which you can determine what applications these
three hosts are hiding from you, those tools are generally considered
advanced tools. That means that, for most users, all three of those hosts
are effective means of hiding programs.

Like I said, I wish Microsoft would drop all three of these tools
immediately. There is no reason for an application to be built in a DLL
rather than in a real executable.


Dale

.

Relevant Pages

  • Re: " Com Surrogate Has stopped workkng."
    ... They have to be called loaded by an executable program. ... Dllhost, rundll32, and svchost are three system applications that, while having legitimate system uses, can all be used to hide the process that is really running on your PC. ... While there are tools by which you can determine what applications these three hosts are hiding from you, those tools are generally considered advanced tools. ... There is no reason for an application to be built in a DLL rather than in a real executable. ...
    (microsoft.public.windowsmedia.player)
  • Re: Development for VGA resolution in C# - how?
    ... > If this was possible then i could look for our applications loaded on the ... > which explains the concept of how to stamp an exe then i would be very ... >>> Robert, ... The EXE's are just a shell which load the DLL and passes ...
    (microsoft.public.pocketpc.developer)
  • General DLL Questions - Best Practices? Suggestions? Comments?
    ... So we develop and maintain several applications used by several people ... rewrites of all the VB6 apps. ... The VB6 executables are all stored in a network folder, ... runs regsvr32.exe for each dll. ...
    (microsoft.public.dotnet.general)
  • Re: Why use DLLs?
    ... applications and you'll reap the benefits in the long run. ... > EXE would contain minimal logic. ... >>>> into a DLL. ... >> develop and test them separately ...
    (microsoft.public.dotnet.general)
  • Re: Application sniffer
    ... networks and is able to tell you which applications ... are running on your hosts. ... > SA Outsourcing Pty. ...
    (Focus-Microsoft)