Re: WIN2000NT False prophets(!).

From: Steve Winograd [MVP] (bcmaven_at_mvps.org)
Date: 11/20/05


Date: Sat, 19 Nov 2005 17:05:41 -0700

In article <WEOff.20499$mF5.12062@newsfe4-gui.ntli.net>, Martin
Spencer-Ford <tpwuk.dash.zero.one@ntlworld.com> wrote:
>>>>Thanks for your reply, Martin. I think that disabling the Messenger
>>>>service by default came in SP2:
>>>>
>>>>http://www.microsoft.com/technet/prodtechnol/winxppro/maintain/sp2netwk.mspx#ELAA
>>>
>>>Thanks for correcting me Steve - I knew it was in one of them patches :)
>>>Still leaves me wondering why the change in policy - especially after
>>>such a long history of being a default service, not that i am
>>>complaining, one less thing to adjust.
>>
>> You're right, Martin. Microsoft used to make all Windows features
>> available by default. Users didn't have to install or enable anything
>> to have full functionality.
>>
>> In reaction to the spread of malware, often through security holes in
>> its own products, Microsoft made a major shift, implementing a
>> "Trustworthy Computing" initiative throughout the company. Part of
>> that initiative is a philosophy that they call "Secure by Design,
>> Secure by Default, Secure in Deployment and Communication". They
>> first applied in to Windows in XP SP1 and Windows Server 2003. See:
>>
>> http://msdn.microsoft.com/msdntv/transcripts/20030513SecurityMHTranscript.aspx
>>
>> That philosophy includes disabling features, like the Alerter and
>> Messenger services, that are vulnerable to attack and are unnecessary
>> for most users. Users who need those services have to explicitly
>> enable them. Everyone else is protected automatically.
>
>It was a long time coming, but vastly appreciated by many a support
>engineer - my self included. To me this thread has turned into an
>interesting and educational one. Many thanks for being a part of that
>conclusion, Steve ... appreciated.
>
>Martin
>(TpwUK)

You're welcome, Martin!

BTW, They're carrying this philosophy much further in the upcoming
Windows Vista:

http://www.microsoft.com/windowsvista/security.mspx

-- 
Best Wishes,
Steve Winograd, MS-MVP (Windows Networking)
Please post any reply as a follow-up message in the news group
for everyone to see.  I'm sorry, but I don't answer questions
addressed directly to me in E-mail or news groups.
Microsoft Most Valuable Professional Program
http://mvp.support.microsoft.com