Re: Taming the elusive svchost.exe in WindowsXP

Duane Arnold wrote:

The bottom line is the svchost.exe is just the messenger for the O/S and its programs that use it to communicate. It is also does the same thing for other programs that may use it to communicate including malware programs.

Exactly, which is why it should be tamed, in the event that malware is installed on the system.

One doesn't kill the *messenger* svchost.exe. One finds out what's using the messenger and kills that by using the proper tools such as Process Explorer (free) or other such programs/tools. One looks at processes that are running with the svchost.exe in question to make a determination if all processes/programs are legit that are running with svchost.exe.

No one is attempting to kill the "messenger", however limiting it's reach to only what is necessary is a pretty smart thing to do. I see no reason to give 100% 'net access to a process that can be used by any program to send personal data.

See, that's what a personal FW will do to a user is make them all paranoid with the pop-up messages about nothing and makes one start making some ridiculous rules with the PFW about svchost.exe which is only doing its job or biding for something else or another program.

I don't think anyone has a problem with svchost.exe doing it's job. However, if malware is passing your private information through svchost.exe, then there is a problem. I'm not going to stand around and have my personal information exploited because I failed to secure the outbound traffic of my machine. It amazes me that you would have no problem blocking access to the 'net if the program was called "virus.b", but it has to be ok if it is svchost.exe? *dazed*

I myself don't jack around with svchost.exe period. If I find some connection questionable that svchost.exe is doing, then I go find out what it is with the proper tools instead of some band aid solution with the PFW.

Are you saying you monitor every connection svchost.exe makes, and if you happen to see something strange, you then worry about it? What about the damage that has already been done? I'd prefer if the outbound traffic was neutered in the first place. I guess each to his own. Call me paranoid, but I make no apologies for limiting my computers ability to send out data unless I specifically want it to be sent.


--
Joe
.