CDL internet protocol - what is it (used for) ?

Hello all,

While looking at some web protocol names in te registery I found one named
CDL ( CLSID {3dd53d40-7b8b-11D0-b013-00aa0059ce02}). Other than that a
google shows its a miltitary "Common Data Link" protocol I've not been able
to find anything about it.

Does anyone know what its used for / why its on my computer ?

Looking at that list again I can see a few others that I have never heard
of. Like "its", "mk", "msdaip", "ms-its" and "wia" (all under
HKEY_CLASSES_ROOT\PROTOCOLS\Handler)

Can I just kill the ones I do not remember of having ever used (removing
their CLSIDs from the registry, effectivily making them unaccessible), or do
they actually have a purpose on a users computer ?

Regards,
Rudy Wieser

On 02/25/2016 06:22 AM, R.Wieser wrote:
Hello all,

While looking at some web protocol names in te registery I found one named
CDL ( CLSID {3dd53d40-7b8b-11D0-b013-00aa0059ce02}). Other than that a
google shows its a miltitary "Common Data Link" protocol I've not been able
to find anything about it.

Does anyone know what its used for / why its on my computer ?

Looking at that list again I can see a few others that I have never heard
of. Like "its", "mk", "msdaip", "ms-its" and "wia" (all under
HKEY_CLASSES_ROOT\PROTOCOLS\Handler)

Can I just kill the ones I do not remember of having ever used (removing
their CLSIDs from the registry, effectivily making them unaccessible), or do
they actually have a purpose on a users computer ?

Regards,
Rudy Wieser






If you go that route you are most certainly going to destroy your
operating system.

Should you wish to state the specific problem you are having with your
machine, I'm sure someone here will be able to help you

philo,

If you go that route you are most certainly going to
destroy your operating system.

That is what backups are for. :-)

But ... that is exactly why I'm asking before doing anything. Duh.

Should you wish to state the specific problem you are having with
your machine, I'm sure someone here will be able to help you.

My problem is that I see internet-facing stuff on my machine which I have
never even heard about and could be used as an entry point for things I'd
rather not see happen. Stuff which I wish to disable.

Regards,
Rudy Wieser


-- origional message:
philo schreef in berichtnieuws
...
On 02/25/2016 06:22 AM, R.Wieser wrote:
Hello all,

While looking at some web protocol names in te registery I found one
named
CDL ( CLSID {3dd53d40-7b8b-11D0-b013-00aa0059ce02}). Other than that a
google shows its a miltitary "Common Data Link" protocol I've not been
able
to find anything about it.

Does anyone know what its used for / why its on my computer ?

Looking at that list again I can see a few others that I have never
heard
of. Like "its", "mk", "msdaip", "ms-its" and "wia" (all under
HKEY_CLASSES_ROOT\PROTOCOLS\Handler)

Can I just kill the ones I do not remember of having ever used (removing
their CLSIDs from the registry, effectivily making them unaccessible),
or do
they actually have a purpose on a users computer ?

Regards,
Rudy Wieser






If you go that route you are most certainly going to destroy your
operating system.

Should you wish to state the specific problem you are having with your
machine, I'm sure someone here will be able to help you

On 02/25/2016 09:31 AM, R.Wieser wrote:
philo,

If you go that route you are most certainly going to
destroy your operating system.

That is what backups are for. :-)

But ... that is exactly why I'm asking before doing anything. Duh.

Should you wish to state the specific problem you are having with
your machine, I'm sure someone here will be able to help you.

My problem is that I see internet-facing stuff on my machine which I have
never even heard about and could be used as an entry point for things I'd
rather not see happen. Stuff which I wish to disable.

Regards,
Rudy Wieser



If you are concerned with vulnerabilities I'm not sure why you are using
an unsupported operating system.
To use XP you may be better off installing and configuring a firewall
than worrying about one specific registry key.

philo,

If you are concerned with vulnerabilities I'm not sure why
you are using an unsupported operating system.

You do not seem to have any intention to help. You're only bitching on
his-and-that. Why the heck, if you think XP is that insecure, do you still
visit this newsgroup ? To gloat ?

Goodbye.

Regards,
Rudy Wieser



-- Origional message:
philo schreef in berichtnieuws
...
On 02/25/2016 09:31 AM, R.Wieser wrote:
philo,

If you go that route you are most certainly going to
destroy your operating system.

That is what backups are for. :-)

But ... that is exactly why I'm asking before doing anything. Duh.

Should you wish to state the specific problem you are having with
your machine, I'm sure someone here will be able to help you.

My problem is that I see internet-facing stuff on my machine which I
have
never even heard about and could be used as an entry point for things
I'd
rather not see happen. Stuff which I wish to disable.

Regards,
Rudy Wieser



If you are concerned with vulnerabilities I'm not sure why you are using
an unsupported operating system.
To use XP you may be better off installing and configuring a firewall
than worrying about one specific registry key.

R.Wieser wrote on 2016/02/25:

My problem is that I see internet-facing stuff on my machine which I have
never even heard about and could be used as an entry point for things I'd
rather not see happen. Stuff which I wish to disable.

Protocols are definitions pointing to handlers that SOME PROGRAM will
use (when it is loaded hence why the handlers are identified in an
InProcServer key). So start looking at what programs you installed and
what processes are running.

Not all protocols will be listed here. For example, if you install the
Steam client (i.e., you bought a game from them) then it creates the
"steam:" protocol. CCleaner and many other programs will install a
protocol often of the URL type. Norton AV used to installed a protocol
needed to address methods in its library because their UI was written as
an HTA (HTML Application). Those protocols are defined under the class
type definition but under a key identifying the program's (handler's)
descriptive name, not necessarily under the key you mentioned. Do a
search on "URL Protocol" and you will find many programs with a class
definition that defines a handler for that protocol type. When Windows
loads, it scans the registry and finds these protocols defined there to
keep in memory, and why you may have to reboot Windows to get it to
rescan the registry to obtain newly created protocol definitions. If
you use regedit to change settings, it will refresh the in-memory copy
of the settings. Programs that use the registry API often do not touch
the in-memory copy, just directly modify the registry files that are on
the disk. So there are lot more protocols than those listed under the
key you mention (which appears to be the standard list provided by
Windows) which is the default set of asynchronous pluggable protocols.

https://msdn.microsoft.com/en-us/lib...=vs.85%29.aspx
https://msdn.microsoft.com/en-us/lib...=vs.85%29.aspx

You will NOT determine what program is coded to use a particular
protocol. The registry does not peer back into the machine code of
program files. You might be able to use a registry monitor to see which
processes (loaded programs) are access the inprocserver defined for the
class assigned to a protocol.

If you are worried about unknown or uncontrolled (non-configurable)
outbound connects from your host, why aren't you using a 3rd party
firewall configured for paranoia mode (where YOU have to decide whether
to temporarily or permanently allow the outbound connection from the
identified process)?

R.Wieser wrote on 2016/02/25:

philo,

If you are concerned with vulnerabilities I'm not sure why
you are using an unsupported operating system.

You do not seem to have any intention to help. You're only bitching on
his-and-that. Why the heck, if you think XP is that insecure, do you still
visit this newsgroup ? To gloat ?

Be careful in burning your bridges. While philo made an assumption (on
a supposition you did not mention), how many respondents here do you see
willing to address your concerns? He might've made a wrong assumption.
You could have said that you were not looking to plug up Windows XP but
are concerned about OTHER processes (programs) that might get installed
on your host that might make outbound connections (for that, see the
last part of my reply - and protocols is NOT where you should be looking
to determine what process(es) is(are) attempting outbound connections).

On 02/25/2016 03:04 PM, VanguardLH wrote:
R.Wieser wrote on 2016/02/25:

My problem is that I see internet-facing stuff on my machine which I have
never even heard about and could be used as an entry point for things I'd
rather not see happen. Stuff which I wish to disable.

P

I believe he was trolling so I put him in my kf

philo wrote on 2016/02/25:

VanguardLH wrote:

R.Wieser wrote on 2016/02/25:

My problem is that I see internet-facing stuff on my machine which I have
never even heard about and could be used as an entry point for things I'd
rather not see happen. Stuff which I wish to disable.

I believe he was trolling so I put him in my kf

A program does not require a protocol be registered in Windows for it to
make an outbound connection or act as a listener for unsolicited inbound
connects (which the upstream firewall in his router should take care of
- unless he has punched holes in the firewall to reroute inbound
requests). Protocols are defined to point at handlers. A program
doesn't need to find a handler in the registry if it *is* the handler
hence why he should be using a firewall (on his host or upstream).

R.Wieser wrote:
Hello all,

While looking at some web protocol names in te registery I found one named
CDL ( CLSID {3dd53d40-7b8b-11D0-b013-00aa0059ce02}). Other than that a
google shows its a miltitary "Common Data Link" protocol I've not been able
to find anything about it.

Does anyone know what its used for / why its on my computer ?

Looking at that list again I can see a few others that I have never heard
of. Like "its", "mk", "msdaip", "ms-its" and "wia" (all under
HKEY_CLASSES_ROOT\PROTOCOLS\Handler)

Can I just kill the ones I do not remember of having ever used (removing
their CLSIDs from the registry, effectivily making them unaccessible), or do
they actually have a purpose on a users computer ?

Regards,
Rudy Wieser

While I could find "military" references to that acronym, they were
also associated with "Ku" band.

I found another reference

https://www.winehq.org/pipermail/win...ly/018793.html

+ INF_SET_CLSID(CdlProtocol);
+ INF_SET_CLSID(FileProtocol);
+ INF_SET_CLSID(FtpProtocol);
+ INF_SET_CLSID(GopherProtocol);
+ INF_SET_CLSID(HttpProtocol);
+ INF_SET_CLSID(HttpsProtocol);
+ INF_SET_CLSID(MkProtocol);

Now, because it's grouped with some other early browser
protocols, the implication is that whatever CDL is,
it was part of some previous generation. I mean,
nobody uses gopher any more. Perhaps some of those
things, were from another time.

Paul

On 02/25/2016 04:39 PM, VanguardLH wrote:

I believe he was trolling so I put him in my kf

A program does not require a protocol be registered in Windows for it to
make an outbound connection or act as a listener for unsolicited inbound
connects (which the upstream firewall in his router should take care of
- unless he has punched holes in the firewall to reroute inbound
requests). Protocols are defined to point at handlers. A program
doesn't need to find a handler in the registry if it *is* the handler
hence why he should be using a firewall (on his host or upstream).




That's why all he is doing is trolling.

He ignored all advice and did nothing but shoot off his mouth.

VanguardLH,

Protocols are definitions pointing to handlers that
SOME PROGRAM will use

Hello ? MicroSoft there. It installs and enables-by-default all kind of
unneccessary programs in its OS-es.

So start looking at what programs you installed

From which I can guess that they need the internet ? FireFox. Thats it.

and what processes are running.

Systray. Explorer. Atiptaxx. An USB driver program, MS-DOS prompt. OE.

Regards,
Rudy Wieser


-- Origional message:
VanguardLH schreef in berichtnieuws
...
R.Wieser wrote on 2016/02/25:

My problem is that I see internet-facing stuff on my machine which I
have
never even heard about and could be used as an entry point for things
I'd
rather not see happen. Stuff which I wish to disable.

Protocols are definitions pointing to handlers that SOME PROGRAM will
use (when it is loaded hence why the handlers are identified in an
InProcServer key). So start looking at what programs you installed and
what processes are running.

Not all protocols will be listed here. For example, if you install the
Steam client (i.e., you bought a game from them) then it creates the
"steam:" protocol. CCleaner and many other programs will install a
protocol often of the URL type. Norton AV used to installed a protocol
needed to address methods in its library because their UI was written as
an HTA (HTML Application). Those protocols are defined under the class
type definition but under a key identifying the program's (handler's)
descriptive name, not necessarily under the key you mentioned. Do a
search on "URL Protocol" and you will find many programs with a class
definition that defines a handler for that protocol type. When Windows
loads, it scans the registry and finds these protocols defined there to
keep in memory, and why you may have to reboot Windows to get it to
rescan the registry to obtain newly created protocol definitions. If
you use regedit to change settings, it will refresh the in-memory copy
of the settings. Programs that use the registry API often do not touch
the in-memory copy, just directly modify the registry files that are on
the disk. So there are lot more protocols than those listed under the
key you mention (which appears to be the standard list provided by
Windows) which is the default set of asynchronous pluggable protocols.

https://msdn.microsoft.com/en-us/lib...=vs.85%29.aspx
https://msdn.microsoft.com/en-us/lib...=vs.85%29.aspx

You will NOT determine what program is coded to use a particular
protocol. The registry does not peer back into the machine code of
program files. You might be able to use a registry monitor to see which
processes (loaded programs) are access the inprocserver defined for the
class assigned to a protocol.

If you are worried about unknown or uncontrolled (non-configurable)
outbound connects from your host, why aren't you using a 3rd party
firewall configured for paranoia mode (where YOU have to decide whether
to temporarily or permanently allow the outbound connection from the
identified process)?

VanguardLH,

Be careful in burning your bridges.

True, and I considered that beforehand.

While philo made an assumption (on a supposition you
did not mention), how many respondents here do you see
willing to address your concerns?

None, including Philo. :-(

Mind you, my question was *what are they/are they used for*, with a
secondary question in regard to the possibility of shutting them down if
they are not used for anything.

My "concerns" where just a bit of an afterthought, *not* the main part.

You could have said that you were not looking to plug up
Windows XP but are concerned about OTHER processes
(programs) that might get installed on your host that might
make outbound connections

Nope. Those protocols might be used to *sneak into* a machine (not checked
as much, having received fewer bugfixes -- if any). What the snuck-in
programs might than do ? What *couldn't* they than do would be a much
shorter list. :-)

Bottom line: I'm *NOT* out to receive a generic lecture about securing ones
machine. I'm *REALLY* looking for information on the usage of that CDL
protocol, and possibly those others too.

Regards,
Rudy Wieser


-- Origional message:
VanguardLH schreef in berichtnieuws
...
R.Wieser wrote on 2016/02/25:

philo,

If you are concerned with vulnerabilities I'm not sure why
you are using an unsupported operating system.

You do not seem to have any intention to help. You're only bitching on
his-and-that. Why the heck, if you think XP is that insecure, do you
still
visit this newsgroup ? To gloat ?

Be careful in burning your bridges. While philo made an assumption (on
a supposition you did not mention), how many respondents here do you see
willing to address your concerns? He might've made a wrong assumption.
You could have said that you were not looking to plug up Windows XP but
are concerned about OTHER processes (programs) that might get installed
on your host that might make outbound connections (for that, see the
last part of my reply - and protocols is NOT where you should be looking
to determine what process(es) is(are) attempting outbound connections).

Paul,

Now, because it's grouped with some other early
browser protocols, the implication is that whatever
CDL is, it was part of some previous generation.

I got the same feeling, but did not want to act too rash.

Thanks for the link. Alas, I cannot seem to be able to extract anything
usefull (for me) from it.

Before anyone tries, I've (ofcourse) also searched for the class id of the
protocol. No luck there either.

Thanks for the help.

Regards,
Rudy Wieser


-- Origional message:
Paul schreef in berichtnieuws
...
R.Wieser wrote:
Hello all,

While looking at some web protocol names in te registery I found one
named
CDL ( CLSID {3dd53d40-7b8b-11D0-b013-00aa0059ce02}). Other than that a
google shows its a miltitary "Common Data Link" protocol I've not been
able
to find anything about it.

Does anyone know what its used for / why its on my computer ?

Looking at that list again I can see a few others that I have never
heard
of. Like "its", "mk", "msdaip", "ms-its" and "wia" (all under
HKEY_CLASSES_ROOT\PROTOCOLS\Handler)

Can I just kill the ones I do not remember of having ever used (removing
their CLSIDs from the registry, effectivily making them unaccessible),
or do
they actually have a purpose on a users computer ?

Regards,
Rudy Wieser

While I could find "military" references to that acronym, they were
also associated with "Ku" band.

I found another reference

https://www.winehq.org/pipermail/win...ly/018793.html

+ INF_SET_CLSID(CdlProtocol);
+ INF_SET_CLSID(FileProtocol);
+ INF_SET_CLSID(FtpProtocol);
+ INF_SET_CLSID(GopherProtocol);
+ INF_SET_CLSID(HttpProtocol);
+ INF_SET_CLSID(HttpsProtocol);
+ INF_SET_CLSID(MkProtocol);

Now, because it's grouped with some other early browser
protocols, the implication is that whatever CDL is,
it was part of some previous generation. I mean,
nobody uses gopher any more. Perhaps some of those
things, were from another time.

Paul

Philo,

He ignored all advice and did nothing but shoot off his mouth.

Answer the question first, *only than* come with advice.

Definitily *do not* replace someones question with one you "are just sure
of" he's actually asking.

Your "advice" had *absolutily nothing* to do with my question. Your "why
do you still use XP" had nothing to do with the matter either.


Bottom line: You have showed all the signs of someone who "knows better" and
for that reason thinks he may hijack the question. Better to cut that
short than to, after a couple of messages, be left with a lot of irrelevant,
and therefore quite wortless "suggestions".

Regards,
Rudy Wieser


-- Origional mesage:
philo schreef in berichtnieuws
...
On 02/25/2016 04:39 PM, VanguardLH wrote:

I believe he was trolling so I put him in my kf

A program does not require a protocol be registered in Windows for it to
make an outbound connection or act as a listener for unsolicited inbound
connects (which the upstream firewall in his router should take care of
- unless he has punched holes in the firewall to reroute inbound
requests). Protocols are defined to point at handlers. A program
doesn't need to find a handler in the registry if it *is* the handler
hence why he should be using a firewall (on his host or upstream).




That's why all he is doing is trolling.

He ignored all advice and did nothing but shoot off his mouth.