Re: WIN2000NT False prophets(!).

From: Steve Winograd [MVP] (bcmaven_at_mvps.org)
Date: 11/19/05


Date: Sat, 19 Nov 2005 11:30:52 -0700

In article <3bIff.19011$Cq4.8994@newsfe7-gui.ntli.net>, Martin
Spencer-Ford <tpwuk.dash.zero.one@ntlworld.com> wrote:
><snip>
>>
>> Thanks for your reply, Martin. I think that disabling the Messenger
>> service by default came in SP2:
>>
>> http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#ELAA
>
>Thanks for correcting me Steve - I knew it was in one of them patches :)
>Still leaves me wondering why the change in policy - especially after
>such a long history of being a default service, not that i am
>complaining, one less thing to adjust.
>
>All the best
>
>Martin
>(TpwUK)

You're right, Martin. Microsoft used to make all Windows features
available by default. Users didn't have to install or enable anything
to have full functionality.

In reaction to the spread of malware, often through security holes in
its own products, Microsoft made a major shift, implementing a
"Trustworthy Computing" initiative throughout the company. Part of
that initiative is a philosophy that they call "Secure by Design,
Secure by Default, Secure in Deployment and Communication". They
first applied in to Windows in XP SP1 and Windows Server 2003. See:

http://msdn.microsoft.com/msdntv/transcripts/20030513SecurityMHTranscript.aspx

That philosophy includes disabling features, like the Alerter and
Messenger services, that are vulnerable to attack and are unnecessary
for most users. Users who need those services have to explicitly
enable them. Everyone else is protected automatically.

-- 
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)
Please post any reply as a follow-up message in the news group
for everyone to see.  I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.
Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com