Hand Bent Spoon
Unregistered
- Joined
- May 18, 2003
- Messages
- 378
...internet access? I always block it from accessing, but why is it even asking for access?
Windows: Why Does Kernel32.dll Want...
- Thread starter Hand Bent Spoon
- Start date
-
- Tags
- kernel32dll windows
Wudang
BOFH
Hmm, it doesn't on my winXP PC with Zone Alarm firewall.
Hand Bent Spoon
Unregistered
- Joined
- May 18, 2003
- Messages
- 378
My OS is Windows 98SE, so maybe it's a 98 specific behavior?
It's probably not this, but it's worth checking that kernel32.dll is not infected with a virus. Or that it is actually the kernel32 accessing the internet.
Kriz virus mucks about with that dll
Is there any noticeable consequence to permitting or denying it access?
Kriz virus mucks about with that dll
Is there any noticeable consequence to permitting or denying it access?
Hand Bent Spoon
Unregistered
- Joined
- May 18, 2003
- Messages
- 378
My antivirus never complains about it, and my firewall detects changed programs that ask for internet access. There is no unusual/unexpected behavior from my computer.
Rob Lister
Unregistered
- Joined
- Apr 1, 2004
- Messages
- 8,504
Hand Bent Spoon said:
Did you (or another) download Microsofts new Windows Update beta?
Hand Bent Spoon
Unregistered
- Joined
- May 18, 2003
- Messages
- 378
I've never downloaded the Windows Update Beta. I do regularly use Windows Update, though.
Rob Lister
Unregistered
- Joined
- Apr 1, 2004
- Messages
- 8,504
Hand Bent Spoon said:
This is just a hunch but are you sure the program attempting access is kernel32.dll ?
Could it be kernel32.dli instead?
Hand Bent Spoon
Unregistered
- Joined
- May 18, 2003
- Messages
- 378
I am reasonably certain it isn't a variation on the name kernel32.dll. Here is how my firewall reports the program:
Application: Win32 Kernel core component
Version: 4.10.2222
Path: c:\windows\system\kernel32.dll
If I select the option to hide Windows services, the listing gets filtered out of the running programs list.
When it asked for internet access the first time, my firewall didn't indicate the program had been changed. I denied it access anyway. I've observed this behavior ever since installing my first firewall, when I got broadband a couple of years ago. It was first observed with Windows 98, then when I upgraded and did a clean install of Windows 98SE as well.
I was always under the impression this was normal behavior for kernel32.dll, but since I couldn't see why it would need internet access, and the OS doesn't complain if I deny it access, I just defaulted to not allowing it.
The reason I asked about it here is purely out of curiosity, thinking there would be a simple, well-known explanation for this behavior (such as that's just something the kernel does in Windows 98).
Application: Win32 Kernel core component
Version: 4.10.2222
Path: c:\windows\system\kernel32.dll
If I select the option to hide Windows services, the listing gets filtered out of the running programs list.
When it asked for internet access the first time, my firewall didn't indicate the program had been changed. I denied it access anyway. I've observed this behavior ever since installing my first firewall, when I got broadband a couple of years ago. It was first observed with Windows 98, then when I upgraded and did a clean install of Windows 98SE as well.
I was always under the impression this was normal behavior for kernel32.dll, but since I couldn't see why it would need internet access, and the OS doesn't complain if I deny it access, I just defaulted to not allowing it.
The reason I asked about it here is purely out of curiosity, thinking there would be a simple, well-known explanation for this behavior (such as that's just something the kernel does in Windows 98).
Hand Bent Spoon
Unregistered
- Joined
- May 18, 2003
- Messages
- 378
Further information as I research this:
Kernel32.dll is trying to listen on local ports 137, 138 and 139. These ports are apparently associated with NetBIOS, which is apparently the Microsoft LAN networking program.
So at this point, I'm feeling better about this. My current working hypothesis is that since I have PPPoE ADSL, Windows is convinced I am on an Ethernet LAN, so activated the NetBIOS services to listen for incoming shared resource access requests. I don't know this is the case yet, just my hypothesis based on what has been said by you helpful folks here, in addition to my own research.
Interesting. Well, keep the suggestions coming, you guys are being very helpful and I appreciate it. And I'll continue to research this as well.
Kernel32.dll is trying to listen on local ports 137, 138 and 139. These ports are apparently associated with NetBIOS, which is apparently the Microsoft LAN networking program.
So at this point, I'm feeling better about this. My current working hypothesis is that since I have PPPoE ADSL, Windows is convinced I am on an Ethernet LAN, so activated the NetBIOS services to listen for incoming shared resource access requests. I don't know this is the case yet, just my hypothesis based on what has been said by you helpful folks here, in addition to my own research.
Interesting. Well, keep the suggestions coming, you guys are being very helpful and I appreciate it. And I'll continue to research this as well.
Hand Bent Spoon said:
Sounds about right. kernel32.dll exports functions dealing with named pipes, which are a form of inter-process communication that can be used over a LAN (using NetBIOS, I believe).
(edit) Oops, I just saw that you're using 98. In which case, I have no idea if the above is true
I haven't dealt with non-NT Windows in years.Oleron
Muse
- Joined
- Feb 17, 2004
- Messages
- 940
Windows 9x uses the netbios naming system to open communications with other computers on the LAN.
NetBIOS is just a naming and session service. It means effectively that you can give your computer a name, like FRED.
It is NOT a communications protocol in the sense of, say, TCP/IP. But it can USE TCP/IP as a 'pathway' to communicate over. It can also use Netbeui or IPX/SPX.
Later versions of Windows (2000 onwards) tried to get away from using NetBIOS as a naming scheme and wanted to use DNS and 'pure' TCP/IP for LAN naming and resolution. But ALL versions of Windows still have the backwards compatibility with NetBIOS if needed.
NetBIOS name resolution is the means by which a common computer name, like FRED, is resolved to a protocol address (such as, but not restricted to, an IP address). This is done in several ways by Windows 98. It can 'broadcast' the name to as many members of the LAN as it finds and see who responds. It can use an LMHOSTS file. It can use a WINS server or even DNS (I think) at a pinch.
Windows 98 networking comes as default with the NetBIOS service built in (uses Kernel32.dll as part of this). I can't remember whether you can switch it off or not - probably can. What I mean is that if you have a clean build of Windows 98 with a network card in it, it will install NetBIOS as part of the network card detection and setup.
If your PC is not on a LAN but is a single PC connected to the ADSL router then you DO NOT need NetBIOS at all. It is fine to block it (in fact it is good to block it).
As long as the PC has a physical connection to the internet (ADSL router), an IP address and the address of a working DNS server - it can communicate on the internet.
Hope this helps.
NetBIOS is just a naming and session service. It means effectively that you can give your computer a name, like FRED.
It is NOT a communications protocol in the sense of, say, TCP/IP. But it can USE TCP/IP as a 'pathway' to communicate over. It can also use Netbeui or IPX/SPX.
Later versions of Windows (2000 onwards) tried to get away from using NetBIOS as a naming scheme and wanted to use DNS and 'pure' TCP/IP for LAN naming and resolution. But ALL versions of Windows still have the backwards compatibility with NetBIOS if needed.
NetBIOS name resolution is the means by which a common computer name, like FRED, is resolved to a protocol address (such as, but not restricted to, an IP address). This is done in several ways by Windows 98. It can 'broadcast' the name to as many members of the LAN as it finds and see who responds. It can use an LMHOSTS file. It can use a WINS server or even DNS (I think) at a pinch.
Windows 98 networking comes as default with the NetBIOS service built in (uses Kernel32.dll as part of this). I can't remember whether you can switch it off or not - probably can. What I mean is that if you have a clean build of Windows 98 with a network card in it, it will install NetBIOS as part of the network card detection and setup.
If your PC is not on a LAN but is a single PC connected to the ADSL router then you DO NOT need NetBIOS at all. It is fine to block it (in fact it is good to block it).
As long as the PC has a physical connection to the internet (ADSL router), an IP address and the address of a working DNS server - it can communicate on the internet.
Hope this helps.
Hand Bent Spoon
Unregistered
- Joined
- May 18, 2003
- Messages
- 378
^Yes, indeed it does help. And it confirms my hypothesis. Thanks for that nice description of it.
I went to Navas Cable to check on the security risks of NetBIOS at the following link:
Navas Cable article on NetBIOS
It says it presents no security risk if file and print sharing are disabled (I double checked this on my machine and they are disabled). NetBIOS itself can be disabled, but according to the article some ISPs require it. And since it poses no risk, I don't want to mess with it and possibly break my internet connection.
So, I have my answer. It is, under certain conditions, perfectly normal for Windows 98's kernel32.dll to access the internet, due to NetBIOS.
Thanks again for all the responses, everyone was very helpful and I learned a lot!
I went to Navas Cable to check on the security risks of NetBIOS at the following link:
Navas Cable article on NetBIOS
It says it presents no security risk if file and print sharing are disabled (I double checked this on my machine and they are disabled). NetBIOS itself can be disabled, but according to the article some ISPs require it. And since it poses no risk, I don't want to mess with it and possibly break my internet connection.
So, I have my answer. It is, under certain conditions, perfectly normal for Windows 98's kernel32.dll to access the internet, due to NetBIOS.
Thanks again for all the responses, everyone was very helpful and I learned a lot!