Re: Direct Ad Pop-Ups

From: Richard Akerman (rakerman@bigfoot.com)
Date: 10/26/02 

From: Richard Akerman <rakerman@bigfoot.com>
Date: Sat, 26 Oct 2002 16:27:52 GMT

Karl Levinson [x y] MVP wrote:
> "Joshua James" <admin@caddadvntage.com> wrote in message
> news:24a301c27c3a$e7eafe40$3bef2ecf@TKMSFTNGXA10...
>
>>We are starting to get these direct Ads popping up on our
>>servers with EXTERNAL IPs. They come via the Windows
>>Messenger Services ( NET SEND "user" 'Msg'). Is there a
>>way to block these from coming from anywhere but
>>specificed IPs??
>>Plese reply to admin@caddadvantage.com I may not make it
>>back to this newsgroup.
>
>
> This question was answered less than 24 hours ago in this newsgroup. It's
> considered polite to search a newsgroup before posting. Use a firewall.
> There are free ones out there, so there's no good excuse not to.
>
> Here is the short answer. To block all the types of pop-ups out there,
> follow some or all of the following steps:
>
> * Use a firewall and antivirus with the latest updates;
> * Use software that blocks pop-ups and/or ad-ware;
> * Disable unnecessary programs that start when Windows starts, by using
> MSCONFIG or Startup Cop;
> * Disable or unbind NetBIOS over TCP/IP / File and Print Sharing on your
> network interface;
> * Disable the Messaging service;
> * Configure your chat program to not start up automatically with Windows, to
> require confirmation before accepting an incoming chat, and/or to only allow
> chat requests from people on your buddy/favorites list.
>
> Keep reading below for more information.
>
> There are several different types of pop-ups:
>
> * WEB BROWSER POP-UPS
> One very common type of pop-up is a new web browser window that pops up
> while you are surfing the Internet. These pop-ups are often generated by
> certain web sites including some porn sites, some shopping web sites, and
> some web sites that offer free services like email or news. These pop-ups
> often appear when you click to either enter or leave a web page.
>
> There are a number of third-party software programs, both free and not free,
> which are supposed to help block pop-up windows. Try searching your
> favorite Internet search engine, Usenet support newsgroup software web site
> and/or see the links below. [Try searching for the words "stop OR block
> pup-ups," for example]:
>
> www.google.com/groups?threadm=enZy0PscCHA.1828%40tkmsftngp08 <-- SEE THIS
> LINK FIRST
> [The above link is an excellent list of software to block pop-ups in a post
> by Jim Byrd]
>
> www.webwasher.com
> www.adshield.org
> www.popupstopper.com
> www.zonealarm.com [the Zone Alarm firewall also blocks pop-ups]
> www.webattack.com/Freeware/misctools/fwpopblock.shtml
> www.webattack.com
> www.download.com
> www.tucows.com
> www.google.com/groups?q=stop+OR+block+pop-ups
> www.google.com/search?q=stop+OR+block+pop-ups
>
> If the pop-ups happen when you launch your web browser [e.g. Internet
> Explorer], then you should check the home page setting in your web browser
> [e.g. in Internet Explorer, click on Tools, Internet Options, Home Page,
> Address]. Make sure the home page is not set to an objectionable site. [If
> your home page has been changed and you want to change it back, you set it
> to www.msn.com or to your favorite web site.]
>
> If the pop-ups seem to pop up at random and not just when you open and close
> your web browser or enter and leave a certain web page, you may want to also
> use MSCONFIG or Startup Cop to check the programs that are starting up when
> Windows starts, in case there is an unwanted program hidden there. For more
> information on how to do this, see the section in this FAQ entitled "I think
> there may be a suspicious program, Trojan, ad-ware, "porn dialer," etc.
> starting up on my computer when Windows starts."
>
> * MESSENGER SERVICE / WINDOWS MESSAGING / NETBIOS POP-UPS
> Another type of pop-up is the Windows messaging pop-up. If you are
> receiving these types of pop-ups, NetBIOS / SMB / Windows Networking /
> Windows File and Print Sharing on your computer may be visible from the
> Internet, which is usually considered a serious security risk.
>
> To determine whether this security risk applies to you, see the section in
> this FAQ entitled "How can I scan my computer or firewall to look for open
> ports or confirm that my machine is secure?" In particular, the web site
> https://grc.com/x/ne.dll?bh0bkyd2 or any of the tools under the
> "Vulnerability Assessment" subsection can be used to scan your computer.
>
> To block this first type of pop-up and also increase the security of your
> computer, use one or more of the techniques below:
>
> A) USE A FIREWALL.
> This is highly recommended. See the section in this FAQ entitled "Which
> firewall should I choose? Which firewall is the best?" for more
> information.
>
> B) DISABLE OR UNBIND NETBIOS OVER TCP/IP / FILE AND PRINT SHARING ON THE
> NETWORK INTERFACE.
> This is slightly complicated and varies depending on what operating system
> you are using. If you wish to do this, try searching your favorite Internet
> search engine for words such as "how to disable netbios windows" for your
> version of Windows such as XP, or follow one or more of the links below.
> [Using a firewall is still highly recommended even if you follow this step.]
>
> http://www.google.com/search?q=disable+netbios+%2Bhow+windows
> http://comp.bio.uci.edu/security/netbios.htm
>
> C) DISABLE THE MESSENGER SERVICE.
> This will stop the pop-ups and may be a good idea. However, just disabling
> the Messenger service without also taking other actions leaves you extremely
> vulnerable to other more serious intrusions from the Internet.
>
> To disable the Messenger service on Windows 2000 / XP / .NET, you would
> click on Start, Settings, Control Panel, Administrative Tools, Services,
> stop the Messenger service and set the service to Startup Type = Disabled.
> Using a firewall and disabling NetBIOS is still strongly recommended. [If
> you don't, hackers on the Internet can probably get a list of all login IDs
> on your computer and start trying to guess your passwords.]
>
> * INSTANT MESSENGER POP-UPS [AOL AIM, MSN MESSENGER, YAHOO MESSENGER, ICQ,
> ETC.]
>
> Instant messenger pop-ups are different from NetBIOS / Messenger service
> pop-ups. You can tell IM pop-ups because they appear within your instant
> messenger chat program.
>
> The instructions for protecting yourself from unwanted chat messages differ
> depending on which instant messenger program you are using [e.g. AOL AIM,
> MSN Messenger, Yahoo, etc]. The instructions would probably involve looking
> at and changing the settings within your IM client software. For example,
> some IM software will let you block everyone from contacting you except for
> the people on your "buddy" or "favorites" list, or can give you a prompt
> asking whether you want to accept the chat.
>
> Another solution might be to set your instant messenger client so that it
> does not start automatically with windows, so that you have to double-click
> on your IM icon before anyone can contact you. Again this is in your IM
> client settings. For more information, check the documentation that came
> with your IM software and/or a support web page or Usenet newsgroup
> specifically for that IM program.

This is really good information.
Is it from a FAQ that is available on the web or on USENET somewhere?
It seems to refer to "information elsewhere in the FAQ" that isn't included.

-- Richard Akerman
http://www.akerman.ca/port-table.html
http://www.akerman.ca/trojan-port-table.html