Re: WIN2000NT False prophets(!).

From: Steve Winograd [MVP] (bcmaven_at_mvps.org)
Date: 11/20/05


Date: Sat, 19 Nov 2005 17:05:41 -0700

In article <WEOff.20499$mF5.12062@newsfe4-gui.ntli.net>, Martin
Spencer-Ford <tpwuk.dash.zero.one@ntlworld.com> wrote:
>>>>Thanks for your reply, Martin. I think that disabling the Messenger
>>>>service by default came in SP2:
>>>>
>>>>http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#ELAA
>>>
>>>Thanks for correcting me Steve - I knew it was in one of them patches :)
>>>Still leaves me wondering why the change in policy - especially after
>>>such a long history of being a default service, not that i am
>>>complaining, one less thing to adjust.
>>
>> You're right, Martin. Microsoft used to make all Windows features
>> available by default. Users didn't have to install or enable anything
>> to have full functionality.
>>
>> In reaction to the spread of malware, often through security holes in
>> its own products, Microsoft made a major shift, implementing a
>> "Trustworthy Computing" initiative throughout the company. Part of
>> that initiative is a philosophy that they call "Secure by Design,
>> Secure by Default, Secure in Deployment and Communication". They
>> first applied in to Windows in XP SP1 and Windows Server 2003. See:
>>
>> http://msdn.microsoft.com/msdntv/transcripts/20030513SecurityMHTranscript.aspx
>>
>> That philosophy includes disabling features, like the Alerter and
>> Messenger services, that are vulnerable to attack and are unnecessary
>> for most users. Users who need those services have to explicitly
>> enable them. Everyone else is protected automatically.
>
>It was a long time coming, but vastly appreciated by many a support
>engineer - my self included. To me this thread has turned into an
>interesting and educational one. Many thanks for being a part of that
>conclusion, Steve ... appreciated.
>
>Martin
>(TpwUK)

You're welcome, Martin!

BTW, They're carrying this philosophy much further in the upcoming
Windows Vista:

http://www.microsoft.com/windowsvista/security.mspx

-- 
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)
Please post any reply as a follow-up message in the news group
for everyone to see.  I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.
Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com


Relevant Pages

  • Re: Latest file-version check after a Manual Repair
    ... Rollup 1 for Microsoft Windows 2000 Service Pack 4 ... Microsoft Certified Professional ... "Martin" wrote: ... | By the way, Dave, after reapplying SP4, is the Windows Critical Update ...
    (microsoft.public.win2000.general)
  • Re: Windows xp Group Policy Snap-in for windows 2000
    ... Microsoft MVP (Windows Server System: ... "Martin" wrote in message ...
    (microsoft.public.windowsxp.security_admin)
  • SecurityFocus Microsoft Newsletter #176
    ... MICROSOFT VULNERABILITY SUMMARY ... Microsoft Windows XP HCP URI Handler Arbitrary Command Execu... ... PHPNuke Category Parameter SQL Injection Vulnerability ... Microsoft Baseline Security Analyzer Vulnerability Identific... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #49
    ... Subject: SecurityFocus Microsoft Newsletter #49 ... Microsoft Windows NNTP Denial of Service Vulnerability ... Microsoft IIS SSI Buffer Overrun Privelege Elevation Vulnerability ... Microsoft ISA Server H.323 Memory Leak Denial of Service... ...
    (Focus-Microsoft)
  • SecurityFocus Microsoft Newsletter #153
    ... MICROSOFT VULNERABILITY SUMMARY ... ZoneAlarm Random UDP Flood Denial Of Service Vulnerability ... FloosieTek FTGatePro Mail Server Path Disclosure Vulnerabili... ... Microsoft Windows NetBIOS Name Service Reply Information Lea... ...
    (Focus-Microsoft)